GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-09-22 15:18:15 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000066 WDC_WD50 rev.01.0 465,76GB Running: ockq3kzv.exe; Driver: C:\Users\Giant\AppData\Local\Temp\pwddqkod.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000165300 7 bytes [00, 6D, F3, FF, C1, 7B, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000165308 3 bytes [C0, 06, 02] .text ... * 109 .text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 320 fffff9600022d6c8 15 bytes [48, B8, 18, BD, AF, 03, 80, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 00000000772822f1 12 bytes [B8, 88, 74, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077286291 11 bytes [B8, 98, 73, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000772abf20 5 bytes [48, B8, A4, 2A, 03] .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000772abf28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000772ac380 5 bytes [48, B8, 9C, 24, 03] .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772ac388 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 00000000772ac550 5 bytes [48, B8, 54, 29, 03] .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 00000000772ac558 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000772ac570 5 bytes [48, B8, AC, 22, 03] .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 00000000772ac578 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 00000000772ac588 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ac680 5 bytes [48, B8, 3C, 2B, 03] .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 00000000772ac688 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000772ac750 5 bytes [48, B8, 0C, 24, 03] .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 00000000772ac758 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 00000000772ad320 6 bytes [48, B8, 68, 23, 03, 00] .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 00000000772ad328 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[432] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000000007716bae1 14 bytes [B8, C0, 7A, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[432] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 1 000000007716c721 18 bytes [B8, FC, 75, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[432] C:\Windows\system32\USER32.dll!PostThreadMessageW + 121 0000000077170bed 12 bytes [B8, F8, 80, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[432] C:\Windows\system32\USER32.dll!PeekMessageA + 1 0000000077173a19 14 bytes [B8, A8, 10, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[432] C:\Windows\system32\USER32.dll!IsProcessDPIAware + 376 000000007717483c 15 bytes [48, B8, D4, 7F, 03, 00, 00, ...] .text C:\Windows\system32\csrss.exe[432] C:\Windows\system32\USER32.dll!GetKeyState + 1 0000000077175011 18 bytes [B8, FC, 76, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[432] C:\Windows\system32\USER32.dll!GetMessageA + 1 0000000077176111 14 bytes [B8, 08, 10, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[432] C:\Windows\system32\USER32.dll!PeekMessageW + 1 0000000077178fd1 14 bytes [B8, 00, 11, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[432] C:\Windows\system32\USER32.dll!GetMessageW 0000000077179e74 12 bytes [48, B8, 58, 10, 03, 00, 00, ...] .text C:\Windows\system32\csrss.exe[432] C:\Windows\system32\USER32.dll!GetLastActivePopup + 93 00000000771889a9 14 bytes [B8, 60, A9, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[432] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000077188a10 6 bytes [48, B8, FC, 77, 03, 00] .text C:\Windows\system32\csrss.exe[432] C:\Windows\system32\USER32.dll!GetKeyboardState + 8 0000000077188a18 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\csrss.exe[432] C:\Windows\system32\USER32.dll!GetRawInputData 000000007718b000 6 bytes [48, B8, C0, 74, 03, 00] .text C:\Windows\system32\csrss.exe[432] C:\Windows\system32\USER32.dll!GetRawInputData + 8 000000007718b008 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\csrss.exe[432] C:\Windows\system32\USER32.dll!EndTask + 1 00000000771b1605 17 bytes [B8, 34, 22, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[432] C:\Windows\system32\USER32.dll!GetRawInputBuffer + 1 00000000771c5091 12 bytes [B8, 94, 75, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 00000000772822f1 12 bytes [B8, 88, 74, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077286291 11 bytes [B8, 98, 73, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000772abf20 5 bytes [48, B8, A4, 2A, 03] .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000772abf28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000772ac380 5 bytes [48, B8, 9C, 24, 03] .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772ac388 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 00000000772ac550 5 bytes [48, B8, 54, 29, 03] .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 00000000772ac558 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000772ac570 5 bytes [48, B8, AC, 22, 03] .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 00000000772ac578 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 00000000772ac588 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ac680 5 bytes [48, B8, 3C, 2B, 03] .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 00000000772ac688 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000772ac750 5 bytes [48, B8, 0C, 24, 03] .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 00000000772ac758 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 00000000772ad320 6 bytes [48, B8, 68, 23, 03, 00] .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 00000000772ad328 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[520] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000000007716bae1 14 bytes [B8, C0, 7A, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[520] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 1 000000007716c721 18 bytes [B8, FC, 75, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[520] C:\Windows\system32\USER32.dll!PostThreadMessageW + 121 0000000077170bed 12 bytes [B8, F8, 80, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[520] C:\Windows\system32\USER32.dll!PeekMessageA + 1 0000000077173a19 14 bytes [B8, A8, 10, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[520] C:\Windows\system32\USER32.dll!IsProcessDPIAware + 376 000000007717483c 15 bytes [48, B8, D4, 7F, 03, 00, 00, ...] .text C:\Windows\system32\csrss.exe[520] C:\Windows\system32\USER32.dll!GetKeyState + 1 0000000077175011 18 bytes [B8, FC, 76, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[520] C:\Windows\system32\USER32.dll!GetMessageA + 1 0000000077176111 14 bytes [B8, 08, 10, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[520] C:\Windows\system32\USER32.dll!PeekMessageW + 1 0000000077178fd1 14 bytes [B8, 00, 11, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[520] C:\Windows\system32\USER32.dll!GetMessageW 0000000077179e74 12 bytes [48, B8, 58, 10, 03, 00, 00, ...] .text C:\Windows\system32\csrss.exe[520] C:\Windows\system32\USER32.dll!GetLastActivePopup + 93 00000000771889a9 14 bytes [B8, 60, A9, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[520] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000077188a10 6 bytes [48, B8, FC, 77, 03, 00] .text C:\Windows\system32\csrss.exe[520] C:\Windows\system32\USER32.dll!GetKeyboardState + 8 0000000077188a18 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\csrss.exe[520] C:\Windows\system32\USER32.dll!GetRawInputData 000000007718b000 6 bytes [48, B8, C0, 74, 03, 00] .text C:\Windows\system32\csrss.exe[520] C:\Windows\system32\USER32.dll!GetRawInputData + 8 000000007718b008 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\csrss.exe[520] C:\Windows\system32\USER32.dll!EndTask + 1 00000000771b1605 17 bytes [B8, 34, 22, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[520] C:\Windows\system32\USER32.dll!GetRawInputBuffer + 1 00000000771c5091 12 bytes [B8, 94, 75, 03, 00, 00, 00, ...] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae-svc.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d21401 2 bytes JMP 76a1b263 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae-svc.exe[1520] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d21419 2 bytes JMP 76a1b38e C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae-svc.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d21431 2 bytes JMP 76a99099 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae-svc.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d2144a 2 bytes CALL 769f48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae-svc.exe[1520] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d214dd 2 bytes JMP 76a9898f C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae-svc.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d214f5 2 bytes JMP 76a98b68 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae-svc.exe[1520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d2150d 2 bytes JMP 76a98885 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae-svc.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d21525 2 bytes JMP 76a98c52 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae-svc.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d2153d 2 bytes JMP 76a0fce8 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae-svc.exe[1520] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d21555 2 bytes JMP 76a16937 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae-svc.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d2156d 2 bytes JMP 76a99151 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae-svc.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d21585 2 bytes JMP 76a98cb2 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae-svc.exe[1520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d2159d 2 bytes JMP 76a98849 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae-svc.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d215b5 2 bytes JMP 76a0fd81 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae-svc.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d215cd 2 bytes JMP 76a1b324 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae-svc.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d216b2 2 bytes JMP 76a99014 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae-svc.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d216bd 2 bytes JMP 76a987de C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 00000000772822f1 12 bytes [B8, 88, 74, 05, 00, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077286291 11 bytes [B8, 98, 73, 05, 00, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000772abf20 5 bytes [48, B8, A4, 2A, 05] .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000772abf28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000772ac380 5 bytes [48, B8, 9C, 24, 05] .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772ac388 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 00000000772ac550 5 bytes [48, B8, 54, 29, 05] .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 00000000772ac558 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000772ac570 5 bytes [48, B8, AC, 22, 05] .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 00000000772ac578 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 00000000772ac588 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ac680 5 bytes [48, B8, 3C, 2B, 05] .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 00000000772ac688 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000772ac750 5 bytes [48, B8, 0C, 24, 05] .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 00000000772ac758 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 00000000772ad320 6 bytes [48, B8, 68, 23, 05, 00] .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 00000000772ad328 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\system32\kernel32.dll!VirtualProtectEx + 1 000000007708bf81 13 bytes [B8, 84, 14, 05, 00, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefebedcb1 14 bytes [B8, FC, 93, 05, 00, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec07210 8 bytes [48, B8, 6C, 93, 05, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\system32\ole32.dll!CoCreateInstance + 10 000007fefec0721a 8 bytes [50, C3, 90, 90, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefec12b29 14 bytes [B8, 6C, 94, 05, 00, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\system32\MSCTF.dll!TF_Notify 000007fefe6e1c80 14 bytes [48, B8, 9C, A9, 05, 00, 00, ...] .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 00000000772822f1 12 bytes [B8, 88, 74, 06, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077286291 11 bytes [B8, 98, 73, 06, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000772abf20 5 bytes [48, B8, A4, 2A, 06] .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000772abf28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000772ac380 5 bytes [48, B8, 9C, 24, 06] .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772ac388 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 00000000772ac550 5 bytes [48, B8, 54, 29, 06] .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 00000000772ac558 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000772ac570 5 bytes [48, B8, AC, 22, 06] .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 00000000772ac578 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 00000000772ac588 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ac680 5 bytes [48, B8, 3C, 2B, 06] .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 00000000772ac688 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000772ac750 5 bytes [48, B8, 0C, 24, 06] .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 00000000772ac758 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 00000000772ad320 6 bytes [48, B8, 68, 23, 06, 00] .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 00000000772ad328 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[2092] C:\Windows\system32\kernel32.dll!VirtualProtectEx + 1 000000007708bf81 13 bytes [B8, 84, 14, 06, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[2092] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefebedcb1 14 bytes [B8, FC, 93, 06, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[2092] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec07210 8 bytes [48, B8, 6C, 93, 06, 00, 00, ...] .text C:\Windows\Explorer.EXE[2092] C:\Windows\system32\ole32.dll!CoCreateInstance + 10 000007fefec0721a 8 bytes [50, C3, 90, 90, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[2092] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefec12b29 14 bytes [B8, 6C, 94, 06, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[2092] C:\Windows\system32\MSCTF.dll!TF_Notify 000007fefe6e1c80 14 bytes [48, B8, 9C, A9, 06, 00, 00, ...] .text C:\Windows\Explorer.EXE[2092] C:\Windows\system32\samcli.dll!NetUserSetInfo + 1 000007fefa7468bd 1 byte [B8] .text C:\Windows\Explorer.EXE[2092] C:\Windows\system32\samcli.dll!NetUserSetInfo + 3 000007fefa7468bf 12 bytes [26, 06, 00, 00, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[2092] C:\Windows\system32\samcli.dll!NetUserChangePassword 000007fefa747e18 15 bytes [48, B8, 7C, 27, 06, 00, 00, ...] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtClose + 1 000000007745f9e1 3 bytes [0B, 1D, 05] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtClose + 5 000000007745f9e5 2 bytes [50, C3] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 1 00000000774600b5 3 bytes [08, 1A, 05] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000774600b9 2 bytes [50, C3] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 1 0000000077460389 3 bytes [68, 1C, 05] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 5 000000007746038d 2 bytes [50, C3] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 1 00000000774603b9 3 bytes [96, 19, 05] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 5 00000000774603bd 2 bytes [50, C3] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 1 00000000774603d1 3 bytes [E0, 1B, 05] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 5 00000000774603d5 2 bytes [50, C3] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 1 0000000077460551 3 bytes [34, 1D, 05] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 5 0000000077460555 2 bytes [50, C3] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 1 0000000077460695 3 bytes [E2, 19, 05] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 5 0000000077460699 2 bytes [50, C3] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 1 00000000774618c1 3 bytes [BC, 19, 05] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 5 00000000774618c5 2 bytes [50, C3] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007747dffe 7 bytes [B8, 0D, 77, 05, 00, 50, C3] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007747f7fd 10 bytes [B8, 42, 84, 05, 00, 50, C3, ...] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW + 257 00000000769f4322 7 bytes JMP 00000001000511e5 .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\kernel32.dll!VirtualAllocExNuma + 11 0000000076a74d6a 7 bytes JMP 0000000100051229 .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000763b78e2 8 bytes [B8, 8D, 1D, 05, 00, 50, C3, ...] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000763b7bd3 8 bytes [B8, 45, 1D, 05, 00, 50, C3, ...] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000763b8332 7 bytes [B8, DD, 18, 05, 00, 50, C3] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\USER32.dll!RegisterClassW + 237 00000000763b8b52 8 bytes [B8, B6, 5B, 05, 00, 50, C3, ...] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000763c05ba 11 bytes [B8, 20, 1E, 05, 00, 50, C3, ...] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000763c291f 11 bytes [B8, EE, 77, 05, 00, 50, C3, ...] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000763c5f74 11 bytes [B8, D5, 1D, 05, 00, 50, C3, ...] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000763c6110 7 bytes [B8, B7, 18, 05, 00, 50, C3] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000763c6285 12 bytes [B8, 3C, 79, 05, 00, 50, C3, ...] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\USER32.dll!ScrollWindowEx + 84 00000000763dd5bf 8 bytes [B8, DA, 73, 05, 00, 50, C3, ...] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000763deb96 7 bytes [B8, 41, 77, 05, 00, 50, C3] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 1 00000000763dec69 3 bytes [9B, 78, 05] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 5 00000000763dec6d 5 bytes [50, C3, 90, 90, 90] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\USER32.dll!GetRawInputBuffer 000000007640816c 11 bytes [B8, 9A, 56, 05, 00, 50, C3, ...] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\USER32.dll!GetRawInputData + 1 0000000076418370 3 bytes [FD, 55, 05] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\USER32.dll!GetRawInputData + 5 0000000076418374 5 bytes [50, C3, 90, 90, 90] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\USER32.dll!EndTask + 1 000000007641a7ef 3 bytes [4F, 19, 05] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\USER32.dll!EndTask + 5 000000007641a7f3 5 bytes [50, C3, 90, 90, 90] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000765d548d 10 bytes [B8, 20, 6A, 05, 00, 50, C3, ...] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9cff 8 bytes [B8, 90, 87, 05, 00, 50, C3, ...] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000765e9d42 9 bytes [B8, FA, 69, 05, 00, 50, C3, ...] .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d21401 2 bytes JMP 76a1b263 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d21419 2 bytes JMP 76a1b38e C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d21431 2 bytes JMP 76a99099 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d2144a 2 bytes CALL 769f48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d214dd 2 bytes JMP 76a9898f C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d214f5 2 bytes JMP 76a98b68 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d2150d 2 bytes JMP 76a98885 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d21525 2 bytes JMP 76a98c52 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d2153d 2 bytes JMP 76a0fce8 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d21555 2 bytes JMP 76a16937 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d2156d 2 bytes JMP 76a99151 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d21585 2 bytes JMP 76a98cb2 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d2159d 2 bytes JMP 76a98849 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d215b5 2 bytes JMP 76a0fd81 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d215cd 2 bytes JMP 76a1b324 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d216b2 2 bytes JMP 76a99014 C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d216bd 2 bytes JMP 76a987de C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\Unchecky\bin\unchecky_bg.exe[2124] C:\Windows\syswow64\MSCTF.dll!TF_Notify 00000000751e3a1d 7 bytes [B8, 07, 74, 05, 00, 50, C3] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtClose + 1 000000007745f9e1 3 bytes [0B, 1D, 19] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtClose + 5 000000007745f9e5 2 bytes [50, C3] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 1 00000000774600b5 3 bytes [08, 1A, 19] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000774600b9 2 bytes [50, C3] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 1 0000000077460389 3 bytes [68, 1C, 19] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 5 000000007746038d 2 bytes [50, C3] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 1 00000000774603b9 3 bytes [96, 19, 19] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 5 00000000774603bd 2 bytes [50, C3] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 1 00000000774603d1 3 bytes [E0, 1B, 19] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 5 00000000774603d5 2 bytes [50, C3] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 1 0000000077460551 3 bytes [34, 1D, 19] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 5 0000000077460555 2 bytes [50, C3] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 1 0000000077460695 3 bytes [E2, 19, 19] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 5 0000000077460699 2 bytes [50, C3] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 1 00000000774618c1 3 bytes [BC, 19, 19] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 5 00000000774618c5 2 bytes [50, C3] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007747dffe 7 bytes [B8, 0D, 77, 19, 00, 50, C3] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007747f7fd 10 bytes [B8, 42, 84, 19, 00, 50, C3, ...] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW + 257 00000000769f4322 7 bytes JMP 00000001001911e5 .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\kernel32.dll!VirtualAllocExNuma + 11 0000000076a74d6a 7 bytes JMP 0000000100191229 .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000763b78e2 8 bytes [B8, 8D, 1D, 19, 00, 50, C3, ...] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000763b7bd3 8 bytes [B8, 45, 1D, 19, 00, 50, C3, ...] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000763b8332 7 bytes [B8, DD, 18, 19, 00, 50, C3] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\USER32.dll!RegisterClassW + 237 00000000763b8b52 8 bytes [B8, B6, 5B, 19, 00, 50, C3, ...] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000763c05ba 11 bytes [B8, 20, 1E, 19, 00, 50, C3, ...] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000763c291f 11 bytes [B8, EE, 77, 19, 00, 50, C3, ...] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000763c5f74 11 bytes [B8, D5, 1D, 19, 00, 50, C3, ...] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000763c6110 7 bytes [B8, B7, 18, 19, 00, 50, C3] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000763c6285 12 bytes [B8, 3C, 79, 19, 00, 50, C3, ...] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\USER32.dll!ScrollWindowEx + 84 00000000763dd5bf 8 bytes [B8, DA, 73, 19, 00, 50, C3, ...] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000763deb96 7 bytes [B8, 41, 77, 19, 00, 50, C3] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 1 00000000763dec69 3 bytes [9B, 78, 19] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 5 00000000763dec6d 5 bytes [50, C3, 90, 90, 90] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\USER32.dll!GetRawInputBuffer 000000007640816c 11 bytes [B8, 9A, 56, 19, 00, 50, C3, ...] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\USER32.dll!GetRawInputData + 1 0000000076418370 3 bytes [FD, 55, 19] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\USER32.dll!GetRawInputData + 5 0000000076418374 5 bytes [50, C3, 90, 90, 90] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\USER32.dll!EndTask + 1 000000007641a7ef 3 bytes [4F, 19, 19] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\USER32.dll!EndTask + 5 000000007641a7f3 5 bytes [50, C3, 90, 90, 90] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000765d548d 10 bytes [B8, 20, 6A, 19, 00, 50, C3, ...] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9cff 8 bytes [B8, 90, 87, 19, 00, 50, C3, ...] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000765e9d42 9 bytes [B8, FA, 69, 19, 00, 50, C3, ...] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\MSCTF.dll!TF_Notify 00000000751e3a1d 7 bytes [B8, 07, 74, 19, 00, 50, C3] .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d21401 2 bytes JMP 76a1b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d21419 2 bytes JMP 76a1b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d21431 2 bytes JMP 76a99099 C:\Windows\syswow64\kernel32.dll .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d2144a 2 bytes CALL 769f48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d214dd 2 bytes JMP 76a9898f C:\Windows\syswow64\kernel32.dll .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d214f5 2 bytes JMP 76a98b68 C:\Windows\syswow64\kernel32.dll .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d2150d 2 bytes JMP 76a98885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d21525 2 bytes JMP 76a98c52 C:\Windows\syswow64\kernel32.dll .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d2153d 2 bytes JMP 76a0fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d21555 2 bytes JMP 76a16937 C:\Windows\syswow64\kernel32.dll .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d2156d 2 bytes JMP 76a99151 C:\Windows\syswow64\kernel32.dll .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d21585 2 bytes JMP 76a98cb2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d2159d 2 bytes JMP 76a98849 C:\Windows\syswow64\kernel32.dll .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d215b5 2 bytes JMP 76a0fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d215cd 2 bytes JMP 76a1b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d216b2 2 bytes JMP 76a99014 C:\Windows\syswow64\kernel32.dll .text C:\Users\Giant\AppData\Local\FluxSoftware\Flux\flux.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d216bd 2 bytes JMP 76a987de C:\Windows\syswow64\kernel32.dll .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtClose + 1 000000007745f9e1 3 bytes [0B, 1D, 05] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtClose + 5 000000007745f9e5 2 bytes [50, C3] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 1 00000000774600b5 3 bytes [08, 1A, 05] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000774600b9 2 bytes [50, C3] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 1 0000000077460389 3 bytes [68, 1C, 05] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 5 000000007746038d 2 bytes [50, C3] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 1 00000000774603b9 3 bytes [96, 19, 05] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 5 00000000774603bd 2 bytes [50, C3] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 1 00000000774603d1 3 bytes [E0, 1B, 05] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 5 00000000774603d5 2 bytes [50, C3] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 1 0000000077460551 3 bytes [34, 1D, 05] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 5 0000000077460555 2 bytes [50, C3] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 1 0000000077460695 3 bytes [E2, 19, 05] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 5 0000000077460699 2 bytes [50, C3] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 1 00000000774618c1 3 bytes [BC, 19, 05] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 5 00000000774618c5 2 bytes [50, C3] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007747dffe 7 bytes [B8, 0D, 77, 05, 00, 50, C3] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007747f7fd 10 bytes [B8, 42, 84, 05, 00, 50, C3, ...] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW + 257 00000000769f4322 7 bytes JMP 00000001000511e5 .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\kernel32.dll!VirtualAllocExNuma + 11 0000000076a74d6a 7 bytes JMP 0000000100051229 .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000763b78e2 8 bytes [B8, 8D, 1D, 05, 00, 50, C3, ...] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000763b7bd3 8 bytes [B8, 45, 1D, 05, 00, 50, C3, ...] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000763b8332 7 bytes [B8, DD, 18, 05, 00, 50, C3] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\USER32.dll!RegisterClassW + 237 00000000763b8b52 8 bytes [B8, B6, 5B, 05, 00, 50, C3, ...] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000763c05ba 11 bytes [B8, 20, 1E, 05, 00, 50, C3, ...] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000763c291f 11 bytes [B8, EE, 77, 05, 00, 50, C3, ...] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000763c5f74 11 bytes [B8, D5, 1D, 05, 00, 50, C3, ...] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000763c6110 7 bytes [B8, B7, 18, 05, 00, 50, C3] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000763c6285 12 bytes [B8, 3C, 79, 05, 00, 50, C3, ...] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\USER32.dll!ScrollWindowEx + 84 00000000763dd5bf 8 bytes [B8, DA, 73, 05, 00, 50, C3, ...] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000763deb96 7 bytes [B8, 41, 77, 05, 00, 50, C3] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 1 00000000763dec69 3 bytes [9B, 78, 05] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 5 00000000763dec6d 5 bytes [50, C3, 90, 90, 90] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\USER32.dll!GetRawInputBuffer 000000007640816c 11 bytes [B8, 9A, 56, 05, 00, 50, C3, ...] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\USER32.dll!GetRawInputData + 1 0000000076418370 3 bytes [FD, 55, 05] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\USER32.dll!GetRawInputData + 5 0000000076418374 5 bytes [50, C3, 90, 90, 90] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\USER32.dll!EndTask + 1 000000007641a7ef 3 bytes [4F, 19, 05] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\USER32.dll!EndTask + 5 000000007641a7f3 5 bytes [50, C3, 90, 90, 90] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000765d548d 10 bytes [B8, 20, 6A, 05, 00, 50, C3, ...] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9cff 8 bytes [B8, 90, 87, 05, 00, 50, C3, ...] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000765e9d42 9 bytes [B8, FA, 69, 05, 00, 50, C3, ...] .text D:\Dokumenty\KeeP\KeePass Password Safe\KeePass.exe[2276] C:\Windows\syswow64\MSCTF.dll!TF_Notify 00000000751e3a1d 7 bytes [B8, 07, 74, 05, 00, 50, C3] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtClose + 1 000000007745f9e1 3 bytes [0B, 1D, 05] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtClose + 5 000000007745f9e5 2 bytes [50, C3] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 1 00000000774600b5 3 bytes [08, 1A, 05] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000774600b9 2 bytes [50, C3] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 1 0000000077460389 3 bytes [68, 1C, 05] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 5 000000007746038d 2 bytes [50, C3] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 1 00000000774603b9 3 bytes [96, 19, 05] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 5 00000000774603bd 2 bytes [50, C3] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 1 00000000774603d1 3 bytes [E0, 1B, 05] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 5 00000000774603d5 2 bytes [50, C3] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 1 0000000077460551 3 bytes [34, 1D, 05] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 5 0000000077460555 2 bytes [50, C3] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 1 0000000077460695 3 bytes [E2, 19, 05] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 5 0000000077460699 2 bytes [50, C3] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 1 00000000774618c1 3 bytes [BC, 19, 05] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 5 00000000774618c5 2 bytes [50, C3] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007747dffe 7 bytes [B8, 0D, 77, 05, 00, 50, C3] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007747f7fd 10 bytes [B8, 42, 84, 05, 00, 50, C3, ...] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW + 257 00000000769f4322 7 bytes JMP 00000001000511e5 .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\kernel32.dll!VirtualAllocExNuma + 11 0000000076a74d6a 7 bytes JMP 0000000100051229 .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000763b78e2 8 bytes [B8, 8D, 1D, 05, 00, 50, C3, ...] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000763b7bd3 8 bytes [B8, 45, 1D, 05, 00, 50, C3, ...] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000763b8332 7 bytes [B8, DD, 18, 05, 00, 50, C3] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\USER32.dll!RegisterClassW + 237 00000000763b8b52 8 bytes [B8, B6, 5B, 05, 00, 50, C3, ...] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000763c05ba 11 bytes [B8, 20, 1E, 05, 00, 50, C3, ...] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000763c291f 11 bytes [B8, EE, 77, 05, 00, 50, C3, ...] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000763c5f74 11 bytes [B8, D5, 1D, 05, 00, 50, C3, ...] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000763c6110 7 bytes [B8, B7, 18, 05, 00, 50, C3] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000763c6285 12 bytes [B8, 3C, 79, 05, 00, 50, C3, ...] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\USER32.dll!ScrollWindowEx + 84 00000000763dd5bf 8 bytes [B8, DA, 73, 05, 00, 50, C3, ...] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000763deb96 7 bytes [B8, 41, 77, 05, 00, 50, C3] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 1 00000000763dec69 3 bytes [9B, 78, 05] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 5 00000000763dec6d 5 bytes [50, C3, 90, 90, 90] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\USER32.dll!GetRawInputBuffer 000000007640816c 11 bytes [B8, 9A, 56, 05, 00, 50, C3, ...] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\USER32.dll!GetRawInputData + 1 0000000076418370 3 bytes [FD, 55, 05] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\USER32.dll!GetRawInputData + 5 0000000076418374 5 bytes [50, C3, 90, 90, 90] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\USER32.dll!EndTask + 1 000000007641a7ef 3 bytes [4F, 19, 05] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\USER32.dll!EndTask + 5 000000007641a7f3 5 bytes [50, C3, 90, 90, 90] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000765d548d 10 bytes [B8, 20, 6A, 05, 00, 50, C3, ...] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9cff 8 bytes [B8, 90, 87, 05, 00, 50, C3, ...] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000765e9d42 9 bytes [B8, FA, 69, 05, 00, 50, C3, ...] .text D:\Dokumenty\Malwarebytes Anti-Exploit\mbae.exe[2328] C:\Windows\syswow64\MSCTF.dll!TF_Notify 00000000751e3a1d 7 bytes [B8, 07, 74, 05, 00, 50, C3] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 00000000772822f1 12 bytes [B8, 88, 74, 06, 00, 00, 00, ...] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077286291 11 bytes [B8, 98, 73, 06, 00, 00, 00, ...] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000772abf20 5 bytes [48, B8, A4, 2A, 06] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000772abf28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000772ac380 5 bytes [48, B8, 9C, 24, 06] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772ac388 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 00000000772ac550 5 bytes [48, B8, 54, 29, 06] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 00000000772ac558 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000772ac570 5 bytes [48, B8, AC, 22, 06] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 00000000772ac578 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 00000000772ac588 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ac680 5 bytes [48, B8, 3C, 2B, 06] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 00000000772ac688 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000772ac750 5 bytes [48, B8, 0C, 24, 06] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 00000000772ac758 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 00000000772ad320 6 bytes [48, B8, 68, 23, 06, 00] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 00000000772ad328 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\system32\kernel32.dll!VirtualProtectEx + 1 000000007708bf81 13 bytes [B8, 84, 14, 06, 00, 00, 00, ...] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefebedcb1 14 bytes [B8, FC, 93, 06, 00, 00, 00, ...] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec07210 8 bytes [48, B8, 6C, 93, 06, 00, 00, ...] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\system32\ole32.dll!CoCreateInstance + 10 000007fefec0721a 8 bytes [50, C3, 90, 90, 90, 90, 90, ...] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefec12b29 14 bytes [B8, 6C, 94, 06, 00, 00, 00, ...] .text C:\Program Files\Sandboxie\SbieCtrl.exe[2928] C:\Windows\system32\MSCTF.dll!TF_Notify 000007fefe6e1c80 14 bytes [48, B8, 9C, A9, 06, 00, 00, ...] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 00000000772822f1 12 bytes [B8, 88, 74, 16, 00, 00, 00, ...] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077286291 11 bytes [B8, 98, 73, 16, 00, 00, 00, ...] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000772abf20 5 bytes [48, B8, A4, 2A, 16] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000772abf28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000772ac380 5 bytes [48, B8, 9C, 24, 16] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772ac388 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 00000000772ac550 5 bytes [48, B8, 54, 29, 16] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 00000000772ac558 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000772ac570 5 bytes [48, B8, AC, 22, 16] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 00000000772ac578 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 00000000772ac588 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ac680 5 bytes [48, B8, 3C, 2B, 16] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 00000000772ac688 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000772ac750 5 bytes [48, B8, 0C, 24, 16] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 00000000772ac758 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 00000000772ad320 6 bytes [48, B8, 68, 23, 16, 00] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 00000000772ad328 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\system32\kernel32.dll!VirtualProtectEx + 1 000000007708bf81 13 bytes [B8, 84, 14, 16, 00, 00, 00, ...] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefebedcb1 14 bytes [B8, FC, 93, 16, 00, 00, 00, ...] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec07210 8 bytes [48, B8, 6C, 93, 16, 00, 00, ...] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\system32\ole32.dll!CoCreateInstance + 10 000007fefec0721a 8 bytes [50, C3, 90, 90, 90, 90, 90, ...] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefec12b29 14 bytes [B8, 6C, 94, 16, 00, 00, 00, ...] .text D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe[3480] C:\Windows\system32\MSCTF.dll!TF_Notify 000007fefe6e1c80 14 bytes [48, B8, 9C, A9, 16, 00, 00, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!RtlAdjustPrivilege 000000007726a0c0 6 bytes {JMP QWORD [RIP-0x80a0c6]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772822f0 5 bytes JMP 0000000174c883b0 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077286290 5 bytes JMP 0000000174c882f0 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk 000000007728a430 5 bytes JMP 0000000100060880 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx 0000000077295140 5 bytes JMP 0000000174c8d350 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentDirectory_U 00000000772a5d20 5 bytes JMP 0000000174c66cc0 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentDirectory_U 00000000772a6050 5 bytes JMP 0000000174c66f30 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryElevationFlags 00000000772a6440 5 bytes JMP 0000000174c98220 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!LdrQueryImageFileExecutionOptions 00000000772a66e0 5 bytes JMP 0000000174c88470 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter 00000000772abe60 6 bytes [51, 48, B8, 00, 12, 06] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter + 8 00000000772abe68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForSingleObject + 8 00000000772abe78 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 00000000772abe90 6 bytes JMP 0000000174c5d910 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile + 8 00000000772abe98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ba1e8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 8 00000000772abea8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b1b88} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000772abeb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletion + 8 00000000772abec8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseSemaphore + 8 00000000772abed8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 8 00000000772abee8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyPort + 8 00000000772abef8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f1438} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772abf08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetEvent + 8 00000000772abf18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf418} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000772abf28 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9dea08} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 8 00000000772abf38 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bee18} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationFile + 8 00000000772abf48 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9db028} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000772abf58 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9daba8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey + 8 00000000772abf68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtFindAtom + 8 00000000772abf78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultLocale + 8 00000000772abf88 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9db448} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryKey + 8 00000000772abf98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da868} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey + 8 00000000772abfa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 8 00000000772abfb8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9e1fc8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess + 8 00000000772abfc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects32 + 8 00000000772abfd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFileGather + 8 00000000772abfe8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9e1f78} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000772abff8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9ee8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000772ac008 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 8 00000000772ac018 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf6f8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 8 00000000772ac028 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseMutant + 8 00000000772ac038 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec0c8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 00000000772ac048 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cfcd8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 8 00000000772ac058 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9deb38} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVirtualMemory + 8 00000000772ac068 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000772ac078 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 8 00000000772ac088 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec948} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000772ac098 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf8f8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000772ac0a8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm 00000000772ac0c0 6 bytes [51, 48, B8, 60, 14, 06] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm + 8 00000000772ac0c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772ac0d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 8 00000000772ac0e8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority 00000000772ac100 6 bytes [51, 48, B8, A0, 14, 06] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority + 8 00000000772ac108 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReadFileScatter + 8 00000000772ac118 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000772ac128 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000772ac138 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPerformanceCounter + 8 00000000772ac148 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da228} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey + 8 00000000772ac158 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf448} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000772ac168 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDelayExecution + 8 00000000772ac178 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ba0d8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 8 00000000772ac188 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2868} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformation + 8 00000000772ac198 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d25b8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000772ac1a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimer + 8 00000000772ac1b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bc838} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 8 00000000772ac1c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000772ac1d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCloseObjectAuditAlarm + 8 00000000772ac1e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec8b8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000772ac1f8 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 2 00000000772ac202 4 bytes {JMP 0xfffffffffd9bbb90} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772ac208 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtClearEvent + 8 00000000772ac218 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 8 00000000772ac228 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1b08} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000772ac238 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ebfb8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 00000000772ac248 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateToken + 8 00000000772ac258 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage 00000000772ac270 6 bytes [51, 48, B8, 10, 16, 06] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage + 8 00000000772ac278 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000772ac288 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom 00000000772ac2a0 6 bytes [51, 48, B8, 40, 16, 06] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom + 8 00000000772ac2a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d18b8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000772ac2b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bcbc8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVolumeInformationFile + 8 00000000772ac2c8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d2238} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000772ac2d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtFlushBuffersFile + 8 00000000772ac2e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtApphelpCacheControl + 8 00000000772ac2f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000772ac308 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000772ac318 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtIsProcessInJob + 8 00000000772ac328 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 00000000772ac338 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySection + 8 00000000772ac348 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread + 8 00000000772ac358 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData 00000000772ac370 6 bytes [51, 48, B8, 10, 17, 06] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData + 8 00000000772ac378 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf278} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772ac388 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEvent + 8 00000000772ac398 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtWriteRequestData + 8 00000000772ac3a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000772ac3b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeAndAuditAlarm + 8 00000000772ac3c8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects 00000000772ac3e0 6 bytes [51, 48, B8, 80, 17, 06] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects + 8 00000000772ac3e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationObject + 8 00000000772ac3f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFile + 8 00000000772ac408 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2318} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtTraceEvent + 8 00000000772ac418 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtPowerInformation + 8 00000000772ac428 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d88e8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000772ac438 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCancelTimer + 8 00000000772ac448 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimer + 8 00000000772ac458 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAcceptConnectPort + 8 00000000772ac468 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheck + 8 00000000772ac478 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType + 8 00000000772ac488 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultList + 8 00000000772ac498 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarm + 8 00000000772ac4a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarmByHandle + 8 00000000772ac4b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 8 00000000772ac4c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAddDriverEntry + 8 00000000772ac4d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustGroupsToken + 8 00000000772ac4e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlertResumeThread + 8 00000000772ac4f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlertThread + 8 00000000772ac508 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateLocallyUniqueId + 8 00000000772ac518 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateReserveObject + 8 00000000772ac528 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateUserPhysicalPages + 8 00000000772ac538 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateUuids + 8 00000000772ac548 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 00000000772ac558 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCancelMessage + 8 00000000772ac568 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0de8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 00000000772ac578 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0c68} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 00000000772ac588 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePortSection + 8 00000000772ac598 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateResourceReserve + 8 00000000772ac5a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateSectionView + 8 00000000772ac5b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateSecurityContext + 8 00000000772ac5c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeletePortSection + 8 00000000772ac5d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteResourceReserve + 8 00000000772ac5e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteSectionView + 8 00000000772ac5f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteSecurityContext + 8 00000000772ac608 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDisconnectPort + 8 00000000772ac618 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf118} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort + 8 00000000772ac628 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcOpenSenderProcess + 8 00000000772ac638 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcOpenSenderThread + 8 00000000772ac648 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cedb8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcQueryInformation + 8 00000000772ac658 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cedd8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcQueryInformationMessage + 8 00000000772ac668 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcRevokeSecurityContext + 8 00000000772ac678 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf878} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 00000000772ac688 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSetInformation + 8 00000000772ac698 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAreMappedFilesTheSame + 8 00000000772ac6a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2448} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 8 00000000772ac6b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFileEx + 8 00000000772ac6c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCancelSynchronousIoFile + 8 00000000772ac6d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCommitComplete + 8 00000000772ac6e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCommitEnlistment + 8 00000000772ac6f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCommitTransaction + 8 00000000772ac708 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCompactKeys + 8 00000000772ac718 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCompareTokens + 8 00000000772ac728 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCompleteConnectPort + 8 00000000772ac738 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCompressKey + 8 00000000772ac748 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0538} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 00000000772ac758 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateDebugObject + 8 00000000772ac768 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateDirectoryObject + 8 00000000772ac778 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEnlistment + 8 00000000772ac788 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 8 00000000772ac798 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000772ac7a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2078} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateJobObject + 8 00000000772ac7b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateJobSet + 8 00000000772ac7c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyTransacted + 8 00000000772ac7d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000772ac7e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b9388} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMailslotFile + 8 00000000772ac7f8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d16a8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000772ac808 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b9528} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000772ac818 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePagingFile + 8 00000000772ac828 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000772ac832 4 bytes {JMP 0xfffffffffd9d0290} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 8 00000000772ac838 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePrivateNamespace + 8 00000000772ac848 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000772ac858 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProfile + 8 00000000772ac868 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProfileEx + 8 00000000772ac878 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateResourceManager + 8 00000000772ac888 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1938} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000772ac898 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 8 00000000772ac8a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000772ac8b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000772ac8c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateToken + 8 00000000772ac8d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTransaction + 8 00000000772ac8e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTransactionManager + 8 00000000772ac8f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 8 00000000772ac908 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWaitablePort + 8 00000000772ac918 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWorkerFactory + 8 00000000772ac928 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 8 00000000772ac938 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDebugContinue + 8 00000000772ac948 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteAtom + 8 00000000772ac958 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 8 00000000772ac968 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteDriverEntry + 8 00000000772ac978 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bef58} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000772ac988 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9daa68} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey + 8 00000000772ac998 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteObjectAuditAlarm + 8 00000000772ac9a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDeletePrivateNamespace + 8 00000000772ac9b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da8b8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey + 8 00000000772ac9c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDisableLastKnownGood + 8 00000000772ac9d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDisplayString + 8 00000000772ac9e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDrawText + 8 00000000772ac9f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtEnableLastKnownGood + 8 00000000772aca08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateBootEntries + 8 00000000772aca18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateDriverEntries + 8 00000000772aca28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateSystemEnvironmentValuesEx + 8 00000000772aca38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateTransactionObject + 8 00000000772aca48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtExtendSection + 8 00000000772aca58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtFilterToken + 8 00000000772aca68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtFlushInstallUILanguage + 8 00000000772aca78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtFlushInstructionCache + 8 00000000772aca88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtFlushKey + 8 00000000772aca98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtFlushProcessWriteBuffers + 8 00000000772acaa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtFlushVirtualMemory + 8 00000000772acab8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtFlushWriteBuffer + 8 00000000772acac8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtFreeUserPhysicalPages + 8 00000000772acad8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtFreezeRegistry + 8 00000000772acae8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtFreezeTransactions + 8 00000000772acaf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 8 00000000772acb08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtGetCurrentProcessorNumber + 8 00000000772acb18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtGetDevicePowerState + 8 00000000772acb28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtGetMUIRegistryInfo + 8 00000000772acb38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 8 00000000772acb48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 8 00000000772acb58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtGetNlsSectionPtr + 8 00000000772acb68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtGetNotificationResourceManager + 8 00000000772acb78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtGetPlugPlayEvent + 8 00000000772acb88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtGetWriteWatch + 8 00000000772acb98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cebc8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateAnonymousToken + 8 00000000772acba8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cebf8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateThread + 8 00000000772acbb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtInitializeNlsFiles + 8 00000000772acbc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtInitializeRegistry + 8 00000000772acbd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtInitiatePowerAction + 8 00000000772acbe8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtIsSystemResumeAutomatic + 8 00000000772acbf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtIsUILanguageComitted + 8 00000000772acc08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtListenPort + 8 00000000772acc18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9dbc78} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000772acc28 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d76a8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKey + 8 00000000772acc38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKey2 + 8 00000000772acc48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKeyEx + 8 00000000772acc58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtLockFile + 8 00000000772acc68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtLockProductActivationKeys + 8 00000000772acc78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtLockRegistryKey + 8 00000000772acc88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtLockVirtualMemory + 8 00000000772acc98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtMakePermanentObject + 8 00000000772acca8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject + 8 00000000772accb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtMapCMFModule + 8 00000000772accc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPages + 8 00000000772accd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 8 00000000772acce8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtModifyDriverEntry + 8 00000000772accf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeDirectoryFile + 8 00000000772acd08 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d81b8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 8 00000000772acd18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d7088} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 8 00000000772acd28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeSession + 8 00000000772acd38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEnlistment + 8 00000000772acd48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair + 8 00000000772acd58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000772acd68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenJobObject + 8 00000000772acd78 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9138} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000772acd88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyTransacted + 8 00000000772acd98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyTransactedEx + 8 00000000772acda8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000772acdb8 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 2 00000000772acdc2 4 bytes {JMP 0xfffffffffd9d1290} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000772acdc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenObjectAuditAlarm + 8 00000000772acdd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenPrivateNamespace + 8 00000000772acde8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772acdf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenResourceManager + 8 00000000772ace08 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1588} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000772ace18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSession + 8 00000000772ace28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000772ace38 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eb038} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000772ace48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000772ace58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTransaction + 8 00000000772ace68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTransactionManager + 8 00000000772ace78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtPlugPlayControl + 8 00000000772ace88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtPrePrepareComplete + 8 00000000772ace98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtPrePrepareEnlistment + 8 00000000772acea8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtPrepareComplete + 8 00000000772aceb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtPrepareEnlistment + 8 00000000772acec8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegeCheck + 8 00000000772aced8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegeObjectAuditAlarm + 8 00000000772acee8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegedServiceAuditAlarm + 8 00000000772acef8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtPropagationComplete + 8 00000000772acf08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtPropagationFailed + 8 00000000772acf18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtPulseEvent + 8 00000000772acf28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryBootEntryOrder + 8 00000000772acf38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryBootOptions + 8 00000000772acf48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDebugFilterState + 8 00000000772acf58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryObject + 8 00000000772acf68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDriverEntryOrder + 8 00000000772acf78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEaFile + 8 00000000772acf88 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bae58} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000772acf98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationAtom + 8 00000000772acfa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationEnlistment + 8 00000000772acfb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationJobObject + 8 00000000772acfc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationPort + 8 00000000772acfd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationResourceManager + 8 00000000772acfe8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationTransaction + 8 00000000772acff8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationTransactionManager + 8 00000000772ad008 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationWorkerFactory + 8 00000000772ad018 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInstallUILanguage + 8 00000000772ad028 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryIntervalProfile + 8 00000000772ad038 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryIoCompletion + 8 00000000772ad048 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryLicenseValue + 8 00000000772ad058 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9c88} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey + 8 00000000772ad068 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMutant + 8 00000000772ad078 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryOpenSubKeys + 8 00000000772ad088 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryOpenSubKeysEx + 8 00000000772ad098 12 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPortInformationProcess + 5 00000000772ad0a5 1 byte [06] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPortInformationProcess + 8 00000000772ad0a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryQuotaInformationFile + 8 00000000772ad0b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityAttributesToken + 8 00000000772ad0c8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eae18} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityObject + 8 00000000772ad0d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySemaphore + 8 00000000772ad0e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySymbolicLinkObject + 8 00000000772ad0f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemEnvironmentValue + 8 00000000772ad108 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemEnvironmentValueEx + 8 00000000772ad118 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformationEx + 8 00000000772ad128 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimerResolution + 8 00000000772ad138 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 8 00000000772ad148 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000772ad160 6 bytes [51, 48, B8, 00, 25, 06] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000772ad168 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReadOnlyEnlistment + 8 00000000772ad178 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverEnlistment + 8 00000000772ad188 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverResourceManager + 8 00000000772ad198 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverTransactionManager + 8 00000000772ad1a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtRegisterProtocolAddressInformation + 8 00000000772ad1b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtRegisterThreadTerminatePort + 8 00000000772ad1c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseKeyedEvent + 8 00000000772ad1d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseWorkerFactoryWorker + 8 00000000772ad1e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletionEx + 8 00000000772ad1f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveProcessDebug + 8 00000000772ad208 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d7088} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey + 8 00000000772ad218 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtRenameTransactionManager + 8 00000000772ad228 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReplaceKey + 8 00000000772ad238 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReplacePartitionUnit + 8 00000000772ad248 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReplyPort + 8 00000000772ad258 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtRequestPort + 8 00000000772ad268 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtResetEvent + 8 00000000772ad278 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtResetWriteWatch + 8 00000000772ad288 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtRestoreKey + 8 00000000772ad298 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess + 8 00000000772ad2a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackComplete + 8 00000000772ad2b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackEnlistment + 8 00000000772ad2c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackTransaction + 8 00000000772ad2d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtRollforwardTransactionManager + 8 00000000772ad2e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f0068} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSaveKey + 8 00000000772ad2f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSaveKeyEx + 8 00000000772ad308 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSaveMergedKeys + 8 00000000772ad318 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cfba8} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 00000000772ad328 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSerializeBoot + 8 00000000772ad338 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 8 00000000772ad348 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 8 00000000772ad358 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000772ad368 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetDebugFilterState + 8 00000000772ad378 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultHardErrorPort + 8 00000000772ad388 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultLocale + 8 00000000772ad398 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultUILanguage + 8 00000000772ad3a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetDriverEntryOrder + 8 00000000772ad3b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetEaFile + 8 00000000772ad3c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetHighEventPair + 8 00000000772ad3d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetHighWaitLowEventPair + 8 00000000772ad3e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationDebugObject + 8 00000000772ad3f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationEnlistment + 8 00000000772ad408 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f1728} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationJobObject + 8 00000000772ad418 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationKey + 8 00000000772ad428 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationResourceManager + 8 00000000772ad438 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ead88} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationToken + 8 00000000772ad448 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationTransaction + 8 00000000772ad458 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationTransactionManager + 8 00000000772ad468 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationWorkerFactory + 8 00000000772ad478 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetIntervalProfile + 8 00000000772ad488 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetIoCompletion + 8 00000000772ad498 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetIoCompletionEx + 8 00000000772ad4a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetLdtEntries + 8 00000000772ad4b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetLowEventPair + 8 00000000772ad4c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetLowWaitHighEventPair + 8 00000000772ad4d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetQuotaInformationFile + 8 00000000772ad4e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eab18} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 8 00000000772ad4f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemEnvironmentValue + 8 00000000772ad508 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemEnvironmentValueEx + 8 00000000772ad518 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000772ad528 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 8 00000000772ad538 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemTime + 8 00000000772ad548 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetThreadExecutionState + 8 00000000772ad558 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimerEx + 8 00000000772ad568 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimerResolution + 8 00000000772ad578 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetUuidSeed + 8 00000000772ad588 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetVolumeInformationFile + 8 00000000772ad598 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem + 8 00000000772ad5a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownWorkerFactory + 8 00000000772ad5b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSignalAndWaitForSingleObject + 8 00000000772ad5c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSinglePhaseReject + 8 00000000772ad5d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtStartProfile + 8 00000000772ad5e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtStopProfile + 8 00000000772ad5f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 00000000772ad608 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 00000000772ad618 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000772ad628 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtTestAlert 00000000772ad640 6 bytes [51, 48, B8, E0, 29, 06] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtTestAlert + 8 00000000772ad648 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtThawRegistry + 8 00000000772ad658 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtThawTransactions + 8 00000000772ad668 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtTraceControl + 8 00000000772ad678 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtTranslateFilePath + 8 00000000772ad688 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtUmsThreadYield + 8 00000000772ad698 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadDriver + 8 00000000772ad6a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey + 8 00000000772ad6b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey2 + 8 00000000772ad6c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKeyEx + 8 00000000772ad6d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtUnlockFile + 8 00000000772ad6e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtUnlockVirtualMemory + 8 00000000772ad6f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000772ad708 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForDebugEvent + 8 00000000772ad718 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForKeyedEvent + 8 00000000772ad728 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForWorkViaWorkerFactory + 8 00000000772ad738 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtWaitHighEventPair + 8 00000000772ad748 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 8 00000000772ad758 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtWorkerFactoryWorkerReady + 8 00000000772ad768 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!RtlGetFullPathName_UEx 00000000772b0cd0 5 bytes JMP 0000000174c671d0 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\kernel32.dll!CreateActCtxW 000000007705a180 5 bytes JMP 0000000174c9da80 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007705dae0 5 bytes JMP 0000000174c8e480 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\kernel32.dll!SetLocaleInfoA 00000000770af430 5 bytes JMP 0000000174c9e700 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\kernel32.dll!AllocConsole 00000000770c5c60 5 bytes JMP 0000000174c72120 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000770cf690 5 bytes JMP 0000000174c5e7e0 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\kernel32.dll!ReplaceFile 00000000770d4390 5 bytes JMP 0000000174c6b4e0 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\kernel32.dll!WinExec 00000000770db4b0 5 bytes JMP 0000000174c8d4e0 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\KERNELBASE.dll!OpenThreadToken 000007fefd171950 6 bytes {JMP QWORD [RIP-0x200516be]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\KERNELBASE.dll!SetThreadToken 000007fefd1784a0 6 bytes {JMP QWORD [RIP-0x20058246]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\KERNELBASE.dll!AccessCheckByType 000007fefd17caf0 6 bytes {JMP QWORD [RIP-0x2005c89e]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\KERNELBASE.dll!CreateFileMappingW 000007fefd180b40 6 bytes {JMP QWORD [RIP-0x200608f6]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\KERNELBASE.dll!GetFinalPathNameByHandleW 000007fefd189100 6 bytes {JMP QWORD [RIP-0x200690fe]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\KERNELBASE.dll!GetTokenInformation 000007fefd18b150 6 bytes {JMP QWORD [RIP-0x2006aeee]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd1b0250 6 bytes {JMP QWORD [RIP-0x20090256]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fefd881bd0 6 bytes {JMP QWORD [RIP-0x20761946]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\WS2_32.dll!bind 000007fefd881f00 6 bytes {JMP QWORD [RIP-0x20761c96]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd8845c1 5 bytes {JMP QWORD [RIP-0x207645ae]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\WS2_32.dll!listen 000007fefd888290 6 bytes {JMP QWORD [RIP-0x2076801e]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\WS2_32.dll!gethostbyname + 1 000007fefd888df1 5 bytes {JMP QWORD [RIP-0x20768b6e]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\WS2_32.dll!gethostname 000007fefd88ae20 6 bytes {JMP QWORD [RIP-0x2076aba6]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\WS2_32.dll!WSANSPIoctl 000007fefd8a44c0 6 bytes {JMP QWORD [RIP-0x207844b6]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd8ae0f0 6 bytes {JMP QWORD [RIP-0x2078e0d6]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\RPCRT4.dll!RpcBindingInqAuthClientExW 000007feff094d80 4 bytes [FF, 25, A2, B2] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\RPCRT4.dll!RpcBindingInqAuthClientExW + 5 000007feff094d85 1 byte [DE] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesW 000007fefeae1460 6 bytes {JMP QWORD [RIP-0x219c1386]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!CloseEventLog + 1 000007fefeae9271 5 bytes {JMP QWORD [RIP-0x219c920e]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!QueryServiceStatusEx 000007fefeae9474 6 bytes {JMP QWORD [RIP-0x219c940a]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!RegConnectRegistryW 000007fefeaeab20 6 bytes {JMP QWORD [RIP-0x219ca986]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExW 000007fefeaeeb20 6 bytes {JMP QWORD [RIP-0x219cea86]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!ReportEventW 000007fefeaf0050 6 bytes {JMP QWORD [RIP-0x219cfff6]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!LookupAccountNameW 000007fefeaf0b24 6 bytes {JMP QWORD [RIP-0x219d099a]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!RegisterEventSourceW + 1 000007fefeaf6031 5 bytes {JMP QWORD [RIP-0x219d5fee]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!DeregisterEventSource 000007fefeafa5a0 6 bytes {JMP QWORD [RIP-0x219da556]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!RegQueryValueExW 000007fefeaff050 6 bytes {JMP QWORD [RIP-0x219dedae]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!RegOpenKeyExW 000007fefeb04db0 6 bytes {JMP QWORD [RIP-0x219e4b16]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb05548 6 bytes {JMP QWORD [RIP-0x219e5446]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameW 000007fefeb056a0 6 bytes {JMP QWORD [RIP-0x219e55e6]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameW 000007fefeb05770 6 bytes {JMP QWORD [RIP-0x219e56a6]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!RegisterEventSourceA + 1 000007fefeb07461 5 bytes {JMP QWORD [RIP-0x219e7426]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!QueryServiceObjectSecurity 000007fefeb1b2dc 6 bytes {JMP QWORD [RIP-0x219fb1fa]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!QueryServiceConfig2W 000007fefeb1b310 6 bytes {JMP QWORD [RIP-0x219fb296]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!QueryServiceConfig2A 000007fefeb1b330 6 bytes {JMP QWORD [RIP-0x219fb2be]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefeb1b77c 6 bytes {JMP QWORD [RIP-0x219fb682]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!CreateRestrictedToken 000007fefeb1b7fc 6 bytes {JMP QWORD [RIP-0x219fb65a]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefeb1b8f0 3 bytes [FF, 25, 22] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW + 4 000007fefeb1b8f4 2 bytes [60, DE] .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefeb1b95c 6 bytes {JMP QWORD [RIP-0x219fb852]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!CredRenameA 000007fefeb22d50 6 bytes {JMP QWORD [RIP-0x21a02bee]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!GetEffectiveRightsFromAclW 000007fefeb25b00 6 bytes {JMP QWORD [RIP-0x21a05956]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesA 000007fefeb2d170 6 bytes {JMP QWORD [RIP-0x21a0d09e]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExA 000007fefeb2d2e0 6 bytes {JMP QWORD [RIP-0x21a0d24e]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusA 000007fefeb2d4e0 6 bytes {JMP QWORD [RIP-0x21a0d45e]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusW 000007fefeb2d8e0 6 bytes {JMP QWORD [RIP-0x21a0d856]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!UnlockServiceDatabase 000007fefeb2d930 6 bytes {JMP QWORD [RIP-0x21a0d83e]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!QueryServiceLockStatusW 000007fefeb2d9a0 6 bytes {JMP QWORD [RIP-0x21a0d8f6]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!QueryServiceLockStatusA 000007fefeb2dab0 6 bytes {JMP QWORD [RIP-0x21a0da0e]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!LockServiceDatabase 000007fefeb2dbc0 6 bytes {JMP QWORD [RIP-0x21a0dad6]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameA 000007fefeb2dc40 6 bytes {JMP QWORD [RIP-0x21a0db8e]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameA 000007fefeb2dcd0 6 bytes {JMP QWORD [RIP-0x21a0dc0e]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!CredDeleteW 000007fefeb40910 6 bytes {JMP QWORD [RIP-0x21a2079e]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!CredDeleteA 000007fefeb409d0 6 bytes {JMP QWORD [RIP-0x21a20866]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!ReportEventA 000007fefeb41cc0 6 bytes {JMP QWORD [RIP-0x21a21c6e]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!RegConnectRegistryA 000007fefeb4c860 6 bytes {JMP QWORD [RIP-0x21a2c6ce]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!CredReadDomainCredentialsW 000007fefeb4d820 6 bytes {JMP QWORD [RIP-0x21a2d6c6]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!CredReadDomainCredentialsA 000007fefeb4d950 6 bytes {JMP QWORD [RIP-0x21a2d7fe]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!CredWriteDomainCredentialsW 000007fefeb4da80 6 bytes {JMP QWORD [RIP-0x21a2d936]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!CredWriteDomainCredentialsA 000007fefeb4db60 6 bytes {JMP QWORD [RIP-0x21a2da1e]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!CredEnumerateW 000007fefeb4dc60 6 bytes {JMP QWORD [RIP-0x21a2dade]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!CredEnumerateA 000007fefeb4dd90 6 bytes {JMP QWORD [RIP-0x21a2dc16]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!CredReadW 000007fefeb4dec0 6 bytes {JMP QWORD [RIP-0x21a2dd86]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!CredReadA 000007fefeb4dfd0 6 bytes {JMP QWORD [RIP-0x21a2de9e]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!CredWriteW 000007fefeb4e0e0 6 bytes {JMP QWORD [RIP-0x21a2dfb6]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!CredWriteA 000007fefeb4e190 6 bytes {JMP QWORD [RIP-0x21a2e06e]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithTokenW 000007fefeb50c80 6 bytes {JMP QWORD [RIP-0x21a30b66]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefebc642c 5 bytes JMP 000007fffeb055e8 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefebc6484 5 bytes JMP 000007fffeaee870 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefebc6518 5 bytes JMP 000007fffeafae24 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerW 000007fefebc659c 5 bytes JMP 000007fffeaee858 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatus 000007fefebc6730 5 bytes JMP 000007fffeaf61ac .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatusEx 000007fefebc6784 5 bytes JMP 000007fffeae9474 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!StartServiceW 000007fefebc6824 5 bytes JMP 000007fffeae9460 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!SetServiceStatus 000007fefebc687c 5 bytes JMP 000007fffeae8e94 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerA 000007fefebc6aa4 5 bytes JMP 000007fffeafa380 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefebc6c34 5 bytes JMP 000007fffeafa36c .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!StartServiceA 000007fefebc6d00 5 bytes JMP 000007fffeb1b240 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!QueryServiceObjectSecurity 000007fefebc6d58 5 bytes JMP 000007fffeb1b2dc .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefebc6e00 5 bytes JMP 000007fffeb1b24c .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefebc6f2c 5 bytes JMP 000007fffeb1b95c .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefebc7220 5 bytes JMP 000007fffeb1b8f0 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefebc739c 5 bytes JMP 000007fffeb1b9d4 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefebc7538 5 bytes JMP 000007fffeb1b9c8 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefebc75e8 5 bytes JMP 000007fffeb1b77c .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefebc790c 5 bytes JMP 000007fffeb05548 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefebc7ab4 5 bytes JMP 000007fffeb055d4 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigA 000007fefebc7b04 5 bytes JMP 000007fffeb1b2fc .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigW 000007fefebc7c34 5 bytes JMP 000007fffeaeecac .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2A 000007fefebc7d78 5 bytes JMP 000007fffeb1b330 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2W 000007fefebc8244 5 bytes JMP 000007fffeb1b310 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherA 000007fefebc99e4 5 bytes JMP 000007fffeb1b234 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherW 000007fefebc9ac8 5 bytes JMP 000007fffeae6e4c .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerW 000007fefebca51c 5 bytes JMP 000007fffeae2c1c .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerA 000007fefebca530 5 bytes JMP 000007fffeb1b2d0 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExW 000007fefebca5b0 5 bytes JMP 000007fffeae8e60 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExA 000007fefebca5c4 5 bytes JMP 000007fffeb1b2c4 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChange 000007fefebcbb28 5 bytes JMP 000007fffeaeda10 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChangeA 000007fefebcbb3c 5 bytes JMP 000007fffeb07440 .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\GDI32.dll!EnumFontFamiliesExW 000007fefea28724 6 bytes {JMP QWORD [RIP-0x21908542]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\GDI32.dll!GdiAddFontResourceW 000007fefea2a074 6 bytes {JMP QWORD [RIP-0x21909eba]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\GDI32.dll!GdiDllInitialize 000007fefea2ae78 6 bytes {JMP QWORD [RIP-0x2190acc6]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\GDI32.dll!RemoveFontResourceExW 000007fefea34784 6 bytes {JMP QWORD [RIP-0x219145c2]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\GDI32.dll!GetFontResourceInfoW + 1 000007fefea34845 5 bytes {JMP QWORD [RIP-0x2191467a]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\GDI32.dll!EnumFontFamiliesExA 000007fefea491f0 6 bytes {JMP QWORD [RIP-0x21929016]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\GDI32.dll!CreateScalableFontResourceW + 1 000007fefea49f4d 5 bytes {JMP QWORD [RIP-0x21929d7a]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\IMM32.DLL!ImmAssociateContext 000007fefeab1750 6 bytes {JMP QWORD [RIP-0x21991566]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\IMM32.DLL!ImmAssociateContextEx 000007fefeab8240 6 bytes {JMP QWORD [RIP-0x2199804e]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\sxs.dll!SxsInstallW 000007fefcebebe0 6 bytes {JMP QWORD [RIP-0x1fd9e9e6]} .text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2324] C:\Windows\system32\SSPICLI.DLL!LsaRegisterLogonProcess + 1 000007fefcdc9211 5 bytes {JMP QWORD [RIP-0x1fca8f66]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlAdjustPrivilege 000000007726a0c0 6 bytes {JMP QWORD [RIP-0x80a0c6]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772822f0 5 bytes JMP 0000000174c883b0 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077286290 5 bytes JMP 0000000174c882f0 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk 000000007728a430 5 bytes JMP 0000000100030880 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx 0000000077295140 5 bytes JMP 0000000174c8d350 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentDirectory_U 00000000772a5d20 5 bytes JMP 0000000174c66cc0 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentDirectory_U 00000000772a6050 5 bytes JMP 0000000174c66f30 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!LdrQueryImageFileExecutionOptions 00000000772a66e0 5 bytes JMP 0000000174c88470 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter 00000000772abe60 6 bytes [51, 48, B8, 00, 12, 03] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter + 8 00000000772abe68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForSingleObject + 8 00000000772abe78 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 00000000772abe90 6 bytes JMP 0000000174c5d910 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile + 8 00000000772abe98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ba1e8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 8 00000000772abea8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b1b88} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000772abeb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletion + 8 00000000772abec8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseSemaphore + 8 00000000772abed8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 8 00000000772abee8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyPort + 8 00000000772abef8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f1438} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772abf08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetEvent + 8 00000000772abf18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf418} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000772abf28 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9dea08} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 8 00000000772abf38 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bee18} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationFile + 8 00000000772abf48 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9db028} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000772abf58 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9daba8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey + 8 00000000772abf68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtFindAtom + 8 00000000772abf78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultLocale + 8 00000000772abf88 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9db448} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryKey + 8 00000000772abf98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da868} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey + 8 00000000772abfa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 8 00000000772abfb8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9e1fc8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess + 8 00000000772abfc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects32 + 8 00000000772abfd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFileGather + 8 00000000772abfe8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9e1f78} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000772abff8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9ee8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000772ac008 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 8 00000000772ac018 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf6f8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 8 00000000772ac028 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseMutant + 8 00000000772ac038 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec0c8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 00000000772ac048 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cfcd8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 8 00000000772ac058 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9deb38} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVirtualMemory + 8 00000000772ac068 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000772ac078 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 8 00000000772ac088 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec948} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000772ac098 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf8f8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000772ac0a8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm 00000000772ac0c0 6 bytes [51, 48, B8, 60, 14, 03] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm + 8 00000000772ac0c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772ac0d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 8 00000000772ac0e8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority 00000000772ac100 6 bytes [51, 48, B8, A0, 14, 03] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority + 8 00000000772ac108 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtReadFileScatter + 8 00000000772ac118 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000772ac128 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000772ac138 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPerformanceCounter + 8 00000000772ac148 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da228} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey + 8 00000000772ac158 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf448} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000772ac168 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDelayExecution + 8 00000000772ac178 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ba0d8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 8 00000000772ac188 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2868} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformation + 8 00000000772ac198 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d25b8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000772ac1a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimer + 8 00000000772ac1b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bc838} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 8 00000000772ac1c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000772ac1d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCloseObjectAuditAlarm + 8 00000000772ac1e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec8b8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000772ac1f8 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 2 00000000772ac202 4 bytes {JMP 0xfffffffffd9bbb90} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772ac208 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtClearEvent + 8 00000000772ac218 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 8 00000000772ac228 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1b08} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000772ac238 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ebfb8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 00000000772ac248 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateToken + 8 00000000772ac258 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage 00000000772ac270 6 bytes [51, 48, B8, 10, 16, 03] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage + 8 00000000772ac278 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000772ac288 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom 00000000772ac2a0 6 bytes [51, 48, B8, 40, 16, 03] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom + 8 00000000772ac2a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d18b8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000772ac2b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bcbc8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVolumeInformationFile + 8 00000000772ac2c8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d2238} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000772ac2d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtFlushBuffersFile + 8 00000000772ac2e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtApphelpCacheControl + 8 00000000772ac2f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000772ac308 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000772ac318 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtIsProcessInJob + 8 00000000772ac328 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 00000000772ac338 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySection + 8 00000000772ac348 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread + 8 00000000772ac358 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData 00000000772ac370 6 bytes [51, 48, B8, 10, 17, 03] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData + 8 00000000772ac378 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf278} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772ac388 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEvent + 8 00000000772ac398 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteRequestData + 8 00000000772ac3a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000772ac3b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeAndAuditAlarm + 8 00000000772ac3c8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects 00000000772ac3e0 6 bytes [51, 48, B8, 80, 17, 03] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects + 8 00000000772ac3e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationObject + 8 00000000772ac3f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFile + 8 00000000772ac408 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2318} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtTraceEvent + 8 00000000772ac418 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtPowerInformation + 8 00000000772ac428 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d88e8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000772ac438 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCancelTimer + 8 00000000772ac448 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimer + 8 00000000772ac458 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAcceptConnectPort + 8 00000000772ac468 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheck + 8 00000000772ac478 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType + 8 00000000772ac488 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultList + 8 00000000772ac498 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarm + 8 00000000772ac4a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarmByHandle + 8 00000000772ac4b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 8 00000000772ac4c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAddDriverEntry + 8 00000000772ac4d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustGroupsToken + 8 00000000772ac4e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlertResumeThread + 8 00000000772ac4f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlertThread + 8 00000000772ac508 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateLocallyUniqueId + 8 00000000772ac518 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateReserveObject + 8 00000000772ac528 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateUserPhysicalPages + 8 00000000772ac538 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateUuids + 8 00000000772ac548 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 00000000772ac558 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCancelMessage + 8 00000000772ac568 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0de8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 00000000772ac578 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0c68} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 00000000772ac588 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePortSection + 8 00000000772ac598 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateResourceReserve + 8 00000000772ac5a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateSectionView + 8 00000000772ac5b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateSecurityContext + 8 00000000772ac5c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeletePortSection + 8 00000000772ac5d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteResourceReserve + 8 00000000772ac5e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteSectionView + 8 00000000772ac5f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteSecurityContext + 8 00000000772ac608 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDisconnectPort + 8 00000000772ac618 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf118} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort + 8 00000000772ac628 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcOpenSenderProcess + 8 00000000772ac638 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcOpenSenderThread + 8 00000000772ac648 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cedb8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcQueryInformation + 8 00000000772ac658 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cedd8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcQueryInformationMessage + 8 00000000772ac668 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcRevokeSecurityContext + 8 00000000772ac678 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf878} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 00000000772ac688 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSetInformation + 8 00000000772ac698 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAreMappedFilesTheSame + 8 00000000772ac6a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2448} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 8 00000000772ac6b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFileEx + 8 00000000772ac6c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCancelSynchronousIoFile + 8 00000000772ac6d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCommitComplete + 8 00000000772ac6e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCommitEnlistment + 8 00000000772ac6f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCommitTransaction + 8 00000000772ac708 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCompactKeys + 8 00000000772ac718 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCompareTokens + 8 00000000772ac728 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCompleteConnectPort + 8 00000000772ac738 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCompressKey + 8 00000000772ac748 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0538} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 00000000772ac758 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateDebugObject + 8 00000000772ac768 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateDirectoryObject + 8 00000000772ac778 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEnlistment + 8 00000000772ac788 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 8 00000000772ac798 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000772ac7a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2078} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateJobObject + 8 00000000772ac7b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateJobSet + 8 00000000772ac7c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyTransacted + 8 00000000772ac7d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000772ac7e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b9388} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMailslotFile + 8 00000000772ac7f8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d16a8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000772ac808 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b9528} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000772ac818 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePagingFile + 8 00000000772ac828 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000772ac832 4 bytes {JMP 0xfffffffffd9d0290} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 8 00000000772ac838 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePrivateNamespace + 8 00000000772ac848 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000772ac858 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProfile + 8 00000000772ac868 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProfileEx + 8 00000000772ac878 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateResourceManager + 8 00000000772ac888 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1938} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000772ac898 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 8 00000000772ac8a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000772ac8b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000772ac8c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateToken + 8 00000000772ac8d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTransaction + 8 00000000772ac8e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTransactionManager + 8 00000000772ac8f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 8 00000000772ac908 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWaitablePort + 8 00000000772ac918 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWorkerFactory + 8 00000000772ac928 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 8 00000000772ac938 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDebugContinue + 8 00000000772ac948 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteAtom + 8 00000000772ac958 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 8 00000000772ac968 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteDriverEntry + 8 00000000772ac978 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bef58} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000772ac988 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9daa68} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey + 8 00000000772ac998 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteObjectAuditAlarm + 8 00000000772ac9a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDeletePrivateNamespace + 8 00000000772ac9b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da8b8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey + 8 00000000772ac9c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDisableLastKnownGood + 8 00000000772ac9d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDisplayString + 8 00000000772ac9e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDrawText + 8 00000000772ac9f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtEnableLastKnownGood + 8 00000000772aca08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateBootEntries + 8 00000000772aca18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateDriverEntries + 8 00000000772aca28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateSystemEnvironmentValuesEx + 8 00000000772aca38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateTransactionObject + 8 00000000772aca48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtExtendSection + 8 00000000772aca58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtFilterToken + 8 00000000772aca68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtFlushInstallUILanguage + 8 00000000772aca78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtFlushInstructionCache + 8 00000000772aca88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtFlushKey + 8 00000000772aca98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtFlushProcessWriteBuffers + 8 00000000772acaa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtFlushVirtualMemory + 8 00000000772acab8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtFlushWriteBuffer + 8 00000000772acac8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtFreeUserPhysicalPages + 8 00000000772acad8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtFreezeRegistry + 8 00000000772acae8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtFreezeTransactions + 8 00000000772acaf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 8 00000000772acb08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtGetCurrentProcessorNumber + 8 00000000772acb18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtGetDevicePowerState + 8 00000000772acb28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtGetMUIRegistryInfo + 8 00000000772acb38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 8 00000000772acb48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 8 00000000772acb58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtGetNlsSectionPtr + 8 00000000772acb68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtGetNotificationResourceManager + 8 00000000772acb78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtGetPlugPlayEvent + 8 00000000772acb88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtGetWriteWatch + 8 00000000772acb98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cebc8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateAnonymousToken + 8 00000000772acba8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cebf8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateThread + 8 00000000772acbb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtInitializeNlsFiles + 8 00000000772acbc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtInitializeRegistry + 8 00000000772acbd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtInitiatePowerAction + 8 00000000772acbe8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtIsSystemResumeAutomatic + 8 00000000772acbf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtIsUILanguageComitted + 8 00000000772acc08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtListenPort + 8 00000000772acc18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9dbc78} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000772acc28 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d76a8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKey + 8 00000000772acc38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKey2 + 8 00000000772acc48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKeyEx + 8 00000000772acc58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtLockFile + 8 00000000772acc68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtLockProductActivationKeys + 8 00000000772acc78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtLockRegistryKey + 8 00000000772acc88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtLockVirtualMemory + 8 00000000772acc98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtMakePermanentObject + 8 00000000772acca8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject + 8 00000000772accb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtMapCMFModule + 8 00000000772accc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPages + 8 00000000772accd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 8 00000000772acce8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyDriverEntry + 8 00000000772accf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeDirectoryFile + 8 00000000772acd08 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d81b8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 8 00000000772acd18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d7088} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 8 00000000772acd28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeSession + 8 00000000772acd38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEnlistment + 8 00000000772acd48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair + 8 00000000772acd58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000772acd68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenJobObject + 8 00000000772acd78 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9138} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000772acd88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyTransacted + 8 00000000772acd98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyTransactedEx + 8 00000000772acda8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000772acdb8 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 2 00000000772acdc2 4 bytes {JMP 0xfffffffffd9d1290} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000772acdc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenObjectAuditAlarm + 8 00000000772acdd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenPrivateNamespace + 8 00000000772acde8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772acdf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenResourceManager + 8 00000000772ace08 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1588} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000772ace18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSession + 8 00000000772ace28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000772ace38 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eb038} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000772ace48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000772ace58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTransaction + 8 00000000772ace68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTransactionManager + 8 00000000772ace78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtPlugPlayControl + 8 00000000772ace88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtPrePrepareComplete + 8 00000000772ace98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtPrePrepareEnlistment + 8 00000000772acea8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtPrepareComplete + 8 00000000772aceb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtPrepareEnlistment + 8 00000000772acec8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegeCheck + 8 00000000772aced8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegeObjectAuditAlarm + 8 00000000772acee8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegedServiceAuditAlarm + 8 00000000772acef8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtPropagationComplete + 8 00000000772acf08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtPropagationFailed + 8 00000000772acf18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtPulseEvent + 8 00000000772acf28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryBootEntryOrder + 8 00000000772acf38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryBootOptions + 8 00000000772acf48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDebugFilterState + 8 00000000772acf58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryObject + 8 00000000772acf68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDriverEntryOrder + 8 00000000772acf78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEaFile + 8 00000000772acf88 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bae58} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000772acf98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationAtom + 8 00000000772acfa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationEnlistment + 8 00000000772acfb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationJobObject + 8 00000000772acfc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationPort + 8 00000000772acfd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationResourceManager + 8 00000000772acfe8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationTransaction + 8 00000000772acff8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationTransactionManager + 8 00000000772ad008 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationWorkerFactory + 8 00000000772ad018 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInstallUILanguage + 8 00000000772ad028 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryIntervalProfile + 8 00000000772ad038 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryIoCompletion + 8 00000000772ad048 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryLicenseValue + 8 00000000772ad058 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9c88} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey + 8 00000000772ad068 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMutant + 8 00000000772ad078 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryOpenSubKeys + 8 00000000772ad088 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryOpenSubKeysEx + 8 00000000772ad098 12 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPortInformationProcess + 5 00000000772ad0a5 1 byte [03] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPortInformationProcess + 8 00000000772ad0a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryQuotaInformationFile + 8 00000000772ad0b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityAttributesToken + 8 00000000772ad0c8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eae18} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityObject + 8 00000000772ad0d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySemaphore + 8 00000000772ad0e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySymbolicLinkObject + 8 00000000772ad0f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemEnvironmentValue + 8 00000000772ad108 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemEnvironmentValueEx + 8 00000000772ad118 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformationEx + 8 00000000772ad128 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimerResolution + 8 00000000772ad138 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 8 00000000772ad148 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000772ad160 6 bytes [51, 48, B8, 00, 25, 03] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000772ad168 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtReadOnlyEnlistment + 8 00000000772ad178 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverEnlistment + 8 00000000772ad188 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverResourceManager + 8 00000000772ad198 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverTransactionManager + 8 00000000772ad1a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtRegisterProtocolAddressInformation + 8 00000000772ad1b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtRegisterThreadTerminatePort + 8 00000000772ad1c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseKeyedEvent + 8 00000000772ad1d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseWorkerFactoryWorker + 8 00000000772ad1e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletionEx + 8 00000000772ad1f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveProcessDebug + 8 00000000772ad208 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d7088} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey + 8 00000000772ad218 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtRenameTransactionManager + 8 00000000772ad228 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtReplaceKey + 8 00000000772ad238 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtReplacePartitionUnit + 8 00000000772ad248 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReplyPort + 8 00000000772ad258 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtRequestPort + 8 00000000772ad268 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtResetEvent + 8 00000000772ad278 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtResetWriteWatch + 8 00000000772ad288 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtRestoreKey + 8 00000000772ad298 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess + 8 00000000772ad2a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackComplete + 8 00000000772ad2b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackEnlistment + 8 00000000772ad2c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackTransaction + 8 00000000772ad2d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtRollforwardTransactionManager + 8 00000000772ad2e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f0068} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSaveKey + 8 00000000772ad2f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSaveKeyEx + 8 00000000772ad308 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSaveMergedKeys + 8 00000000772ad318 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cfba8} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 00000000772ad328 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSerializeBoot + 8 00000000772ad338 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 8 00000000772ad348 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 8 00000000772ad358 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000772ad368 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetDebugFilterState + 8 00000000772ad378 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultHardErrorPort + 8 00000000772ad388 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultLocale + 8 00000000772ad398 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultUILanguage + 8 00000000772ad3a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetDriverEntryOrder + 8 00000000772ad3b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetEaFile + 8 00000000772ad3c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetHighEventPair + 8 00000000772ad3d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetHighWaitLowEventPair + 8 00000000772ad3e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationDebugObject + 8 00000000772ad3f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationEnlistment + 8 00000000772ad408 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f1728} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationJobObject + 8 00000000772ad418 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationKey + 8 00000000772ad428 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationResourceManager + 8 00000000772ad438 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ead88} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationToken + 8 00000000772ad448 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationTransaction + 8 00000000772ad458 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationTransactionManager + 8 00000000772ad468 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationWorkerFactory + 8 00000000772ad478 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetIntervalProfile + 8 00000000772ad488 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetIoCompletion + 8 00000000772ad498 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetIoCompletionEx + 8 00000000772ad4a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetLdtEntries + 8 00000000772ad4b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetLowEventPair + 8 00000000772ad4c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetLowWaitHighEventPair + 8 00000000772ad4d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetQuotaInformationFile + 8 00000000772ad4e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eab18} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 8 00000000772ad4f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemEnvironmentValue + 8 00000000772ad508 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemEnvironmentValueEx + 8 00000000772ad518 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000772ad528 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 8 00000000772ad538 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemTime + 8 00000000772ad548 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetThreadExecutionState + 8 00000000772ad558 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimerEx + 8 00000000772ad568 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimerResolution + 8 00000000772ad578 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetUuidSeed + 8 00000000772ad588 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetVolumeInformationFile + 8 00000000772ad598 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem + 8 00000000772ad5a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownWorkerFactory + 8 00000000772ad5b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSignalAndWaitForSingleObject + 8 00000000772ad5c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSinglePhaseReject + 8 00000000772ad5d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtStartProfile + 8 00000000772ad5e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtStopProfile + 8 00000000772ad5f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 00000000772ad608 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 00000000772ad618 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000772ad628 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtTestAlert 00000000772ad640 6 bytes [51, 48, B8, E0, 29, 03] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtTestAlert + 8 00000000772ad648 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtThawRegistry + 8 00000000772ad658 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtThawTransactions + 8 00000000772ad668 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtTraceControl + 8 00000000772ad678 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtTranslateFilePath + 8 00000000772ad688 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtUmsThreadYield + 8 00000000772ad698 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadDriver + 8 00000000772ad6a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey + 8 00000000772ad6b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey2 + 8 00000000772ad6c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKeyEx + 8 00000000772ad6d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtUnlockFile + 8 00000000772ad6e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtUnlockVirtualMemory + 8 00000000772ad6f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000772ad708 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForDebugEvent + 8 00000000772ad718 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForKeyedEvent + 8 00000000772ad728 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForWorkViaWorkerFactory + 8 00000000772ad738 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtWaitHighEventPair + 8 00000000772ad748 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 8 00000000772ad758 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtWorkerFactoryWorkerReady + 8 00000000772ad768 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlGetFullPathName_UEx 00000000772b0cd0 5 bytes JMP 0000000174c671d0 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\KERNELBASE.dll!SetThreadToken 000007fefd1784a0 6 bytes {JMP QWORD [RIP-0x200582ae]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\KERNELBASE.dll!AccessCheckByType 000007fefd17caf0 6 bytes {JMP QWORD [RIP-0x2005c906]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\KERNELBASE.dll!CreateFileMappingW 000007fefd180b40 6 bytes {JMP QWORD [RIP-0x2006095e]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\KERNELBASE.dll!GetFinalPathNameByHandleW 000007fefd189100 6 bytes {JMP QWORD [RIP-0x200690fe]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\KERNELBASE.dll!GetTokenInformation 000007fefd18b150 6 bytes {JMP QWORD [RIP-0x2006af56]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd1b0250 6 bytes {JMP QWORD [RIP-0x20090256]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesW 000007fefeae1460 6 bytes {JMP QWORD [RIP-0x219c13b6]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!CloseEventLog + 1 000007fefeae9271 5 bytes {JMP QWORD [RIP-0x219c923e]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!QueryServiceStatusEx 000007fefeae9474 6 bytes {JMP QWORD [RIP-0x219c943a]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!RegConnectRegistryW 000007fefeaeab20 6 bytes {JMP QWORD [RIP-0x219ca9b6]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExW 000007fefeaeeb20 6 bytes {JMP QWORD [RIP-0x219ceab6]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!ReportEventW 000007fefeaf0050 6 bytes {JMP QWORD [RIP-0x219d0026]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!LookupAccountNameW 000007fefeaf0b24 6 bytes {JMP QWORD [RIP-0x219d09ca]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!RegisterEventSourceW + 1 000007fefeaf6031 5 bytes {JMP QWORD [RIP-0x219d601e]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!DeregisterEventSource 000007fefeafa5a0 6 bytes {JMP QWORD [RIP-0x219da586]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb05548 6 bytes {JMP QWORD [RIP-0x219e5476]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameW 000007fefeb056a0 6 bytes {JMP QWORD [RIP-0x219e5616]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameW 000007fefeb05770 6 bytes {JMP QWORD [RIP-0x219e56d6]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!RegisterEventSourceA + 1 000007fefeb07461 5 bytes {JMP QWORD [RIP-0x219e7456]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!QueryServiceObjectSecurity 000007fefeb1b2dc 6 bytes {JMP QWORD [RIP-0x219fb22a]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!QueryServiceConfig2W 000007fefeb1b310 6 bytes {JMP QWORD [RIP-0x219fb2c6]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!QueryServiceConfig2A 000007fefeb1b330 6 bytes {JMP QWORD [RIP-0x219fb2ee]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefeb1b77c 6 bytes {JMP QWORD [RIP-0x219fb6b2]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!CreateRestrictedToken 000007fefeb1b7fc 6 bytes {JMP QWORD [RIP-0x219fb68a]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefeb1b8f0 6 bytes {JMP QWORD [RIP-0x219fb80e]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefeb1b95c 6 bytes {JMP QWORD [RIP-0x219fb882]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!CredRenameA 000007fefeb22d50 6 bytes {JMP QWORD [RIP-0x21a02c1e]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!GetEffectiveRightsFromAclW 000007fefeb25b00 6 bytes {JMP QWORD [RIP-0x21a05986]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesA 000007fefeb2d170 6 bytes {JMP QWORD [RIP-0x21a0d0ce]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExA 000007fefeb2d2e0 6 bytes {JMP QWORD [RIP-0x21a0d27e]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusA 000007fefeb2d4e0 6 bytes {JMP QWORD [RIP-0x21a0d48e]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusW 000007fefeb2d8e0 6 bytes {JMP QWORD [RIP-0x21a0d886]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!UnlockServiceDatabase 000007fefeb2d930 6 bytes {JMP QWORD [RIP-0x21a0d86e]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!QueryServiceLockStatusW 000007fefeb2d9a0 6 bytes {JMP QWORD [RIP-0x21a0d926]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!QueryServiceLockStatusA 000007fefeb2dab0 6 bytes {JMP QWORD [RIP-0x21a0da3e]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!LockServiceDatabase 000007fefeb2dbc0 6 bytes {JMP QWORD [RIP-0x21a0db06]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameA 000007fefeb2dc40 6 bytes {JMP QWORD [RIP-0x21a0dbbe]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameA 000007fefeb2dcd0 6 bytes {JMP QWORD [RIP-0x21a0dc3e]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!CredDeleteW 000007fefeb40910 6 bytes {JMP QWORD [RIP-0x21a207ce]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!CredDeleteA 000007fefeb409d0 6 bytes {JMP QWORD [RIP-0x21a20896]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!ReportEventA 000007fefeb41cc0 6 bytes {JMP QWORD [RIP-0x21a21c9e]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!RegConnectRegistryA 000007fefeb4c860 6 bytes {JMP QWORD [RIP-0x21a2c6fe]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!CredReadDomainCredentialsW 000007fefeb4d820 6 bytes {JMP QWORD [RIP-0x21a2d6f6]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!CredReadDomainCredentialsA 000007fefeb4d950 6 bytes {JMP QWORD [RIP-0x21a2d82e]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!CredWriteDomainCredentialsW 000007fefeb4da80 6 bytes {JMP QWORD [RIP-0x21a2d966]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!CredWriteDomainCredentialsA 000007fefeb4db60 6 bytes {JMP QWORD [RIP-0x21a2da4e]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!CredEnumerateW 000007fefeb4dc60 6 bytes {JMP QWORD [RIP-0x21a2db0e]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!CredEnumerateA 000007fefeb4dd90 6 bytes {JMP QWORD [RIP-0x21a2dc46]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!CredReadW 000007fefeb4dec0 6 bytes {JMP QWORD [RIP-0x21a2ddb6]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!CredReadA 000007fefeb4dfd0 6 bytes {JMP QWORD [RIP-0x21a2dece]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!CredWriteW 000007fefeb4e0e0 6 bytes {JMP QWORD [RIP-0x21a2dfe6]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!CredWriteA 000007fefeb4e190 6 bytes {JMP QWORD [RIP-0x21a2e09e]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithTokenW 000007fefeb50c80 6 bytes {JMP QWORD [RIP-0x21a30b96]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefebc642c 5 bytes JMP 000007fffeb055e8 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefebc6484 5 bytes JMP 000007fffeaee870 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefebc6518 5 bytes JMP 000007fffeafae24 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerW 000007fefebc659c 5 bytes JMP 000007fffeaee858 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatus 000007fefebc6730 5 bytes JMP 000007fffeaf61ac .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatusEx 000007fefebc6784 5 bytes JMP 000007fffeae9474 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!StartServiceW 000007fefebc6824 5 bytes JMP 000007fffeae9460 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!SetServiceStatus 000007fefebc687c 5 bytes JMP 000007fffeae8e94 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerA 000007fefebc6aa4 5 bytes JMP 000007fffeafa380 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefebc6c34 5 bytes JMP 000007fffeafa36c .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!StartServiceA 000007fefebc6d00 5 bytes JMP 000007fffeb1b240 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!QueryServiceObjectSecurity 000007fefebc6d58 5 bytes JMP 000007fffeb1b2dc .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefebc6e00 5 bytes JMP 000007fffeb1b24c .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefebc6f2c 5 bytes JMP 000007fffeb1b95c .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefebc7220 5 bytes JMP 000007fffeb1b8f0 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefebc739c 5 bytes JMP 000007fffeb1b9d4 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefebc7538 5 bytes JMP 000007fffeb1b9c8 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefebc75e8 5 bytes JMP 000007fffeb1b77c .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefebc790c 5 bytes JMP 000007fffeb05548 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefebc7ab4 5 bytes JMP 000007fffeb055d4 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigA 000007fefebc7b04 5 bytes JMP 000007fffeb1b2fc .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigW 000007fefebc7c34 5 bytes JMP 000007fffeaeecac .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2A 000007fefebc7d78 5 bytes JMP 000007fffeb1b330 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2W 000007fefebc8244 5 bytes JMP 000007fffeb1b310 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherA 000007fefebc99e4 5 bytes JMP 000007fffeb1b234 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherW 000007fefebc9ac8 5 bytes JMP 000007fffeae6e4c .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerW 000007fefebca51c 5 bytes JMP 000007fffeae2c1c .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerA 000007fefebca530 5 bytes JMP 000007fffeb1b2d0 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExW 000007fefebca5b0 5 bytes JMP 000007fffeae8e60 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExA 000007fefebca5c4 5 bytes JMP 000007fffeb1b2c4 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChange 000007fefebcbb28 5 bytes JMP 000007fffeaeda10 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChangeA 000007fefebcbb3c 5 bytes JMP 000007fffeb07440 .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\RPCRT4.dll!RpcBindingInqAuthClientExW 000007feff094d80 4 bytes [FF, 25, 02, B4] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\RPCRT4.dll!RpcBindingInqAuthClientExW + 5 000007feff094d85 1 byte [DE] .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\GDI32.dll!EnumFontFamiliesExW 000007fefea28724 6 bytes {JMP QWORD [RIP-0x2190855a]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\GDI32.dll!GdiAddFontResourceW 000007fefea2a074 6 bytes {JMP QWORD [RIP-0x21909ed2]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\GDI32.dll!GdiDllInitialize 000007fefea2ae78 6 bytes {JMP QWORD [RIP-0x2190acde]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\GDI32.dll!RemoveFontResourceExW 000007fefea34784 6 bytes {JMP QWORD [RIP-0x219145da]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\GDI32.dll!GetFontResourceInfoW + 1 000007fefea34845 5 bytes {JMP QWORD [RIP-0x21914692]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\GDI32.dll!EnumFontFamiliesExA 000007fefea491f0 6 bytes {JMP QWORD [RIP-0x2192902e]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\GDI32.dll!CreateScalableFontResourceW + 1 000007fefea49f4d 5 bytes {JMP QWORD [RIP-0x21929d92]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\IMM32.DLL!ImmAssociateContext 000007fefeab1750 6 bytes {JMP QWORD [RIP-0x2199157e]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\IMM32.DLL!ImmAssociateContextEx 000007fefeab8240 6 bytes {JMP QWORD [RIP-0x21998066]} .text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[3652] C:\Windows\system32\SspiCli.dll!LsaRegisterLogonProcess + 1 000007fefcdc9211 5 bytes {JMP QWORD [RIP-0x1fca900e]} .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 00000000772822f1 12 bytes [B8, 88, 74, 06, 00, 00, 00, ...] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077286291 11 bytes [B8, 98, 73, 06, 00, 00, 00, ...] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000772abf20 5 bytes [48, B8, A4, 2A, 06] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000772abf28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000772ac380 5 bytes [48, B8, 9C, 24, 06] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772ac388 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 00000000772ac550 5 bytes [48, B8, 54, 29, 06] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 00000000772ac558 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000772ac570 5 bytes [48, B8, AC, 22, 06] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 00000000772ac578 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 00000000772ac588 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ac680 5 bytes [48, B8, 3C, 2B, 06] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 00000000772ac688 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000772ac750 5 bytes [48, B8, 0C, 24, 06] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 00000000772ac758 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 00000000772ad320 6 bytes [48, B8, 68, 23, 06, 00] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 00000000772ad328 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefebedcb1 14 bytes [B8, FC, 93, 06, 00, 00, 00, ...] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec07210 8 bytes [48, B8, 6C, 93, 06, 00, 00, ...] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\system32\ole32.dll!CoCreateInstance + 10 000007fefec0721a 8 bytes [50, C3, 90, 90, 90, 90, 90, ...] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefec12b29 14 bytes [B8, 6C, 94, 06, 00, 00, 00, ...] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\system32\MSCTF.dll!TF_Notify 000007fefe6e1c80 14 bytes [48, B8, 9C, A9, 06, 00, 00, ...] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\system32\SAMCLI.DLL!NetUserSetInfo + 1 000007fefa7468bd 1 byte [B8] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\system32\SAMCLI.DLL!NetUserSetInfo + 3 000007fefa7468bf 12 bytes [26, 06, 00, 00, 00, 00, 00, ...] .text C:\Program Files\Sandboxie\SbieSvc.exe[2208] C:\Windows\system32\SAMCLI.DLL!NetUserChangePassword 000007fefa747e18 15 bytes [48, B8, 7C, 27, 06, 00, 00, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772822f0 5 bytes JMP 0000000174c883b0 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077286290 5 bytes JMP 0000000174c882f0 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk 000000007728a430 5 bytes JMP 0000000100030880 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx 0000000077295140 5 bytes JMP 0000000174c8d350 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentDirectory_U 00000000772a5d20 5 bytes JMP 0000000174c66cc0 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentDirectory_U 00000000772a6050 5 bytes JMP 0000000174c66f30 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!LdrQueryImageFileExecutionOptions 00000000772a66e0 5 bytes JMP 0000000174c88470 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter 00000000772abe60 6 bytes [51, 48, B8, 00, 12, 03] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter + 8 00000000772abe68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForSingleObject + 8 00000000772abe78 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 00000000772abe90 6 bytes JMP 0000000174c5d910 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile + 8 00000000772abe98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ba1e8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 8 00000000772abea8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b1b88} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000772abeb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletion + 8 00000000772abec8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseSemaphore + 8 00000000772abed8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 8 00000000772abee8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyPort + 8 00000000772abef8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f1438} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772abf08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetEvent + 8 00000000772abf18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf418} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000772abf28 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9dea08} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 8 00000000772abf38 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bee18} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationFile + 8 00000000772abf48 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9db028} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000772abf58 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9daba8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey + 8 00000000772abf68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtFindAtom + 8 00000000772abf78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultLocale + 8 00000000772abf88 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9db448} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryKey + 8 00000000772abf98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da868} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey + 8 00000000772abfa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 8 00000000772abfb8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9e1fc8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess + 8 00000000772abfc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects32 + 8 00000000772abfd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFileGather + 8 00000000772abfe8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9e1f78} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000772abff8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9ee8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000772ac008 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 8 00000000772ac018 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf6f8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 8 00000000772ac028 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseMutant + 8 00000000772ac038 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec0c8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 00000000772ac048 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cfcd8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 8 00000000772ac058 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9deb38} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVirtualMemory + 8 00000000772ac068 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000772ac078 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 8 00000000772ac088 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec948} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000772ac098 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf8f8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000772ac0a8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm 00000000772ac0c0 6 bytes [51, 48, B8, 60, 14, 03] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm + 8 00000000772ac0c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772ac0d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 8 00000000772ac0e8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority 00000000772ac100 6 bytes [51, 48, B8, A0, 14, 03] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority + 8 00000000772ac108 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtReadFileScatter + 8 00000000772ac118 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000772ac128 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000772ac138 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPerformanceCounter + 8 00000000772ac148 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da228} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey + 8 00000000772ac158 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf448} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000772ac168 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtDelayExecution + 8 00000000772ac178 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ba0d8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 8 00000000772ac188 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2868} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformation + 8 00000000772ac198 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d25b8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000772ac1a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimer + 8 00000000772ac1b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bc838} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 8 00000000772ac1c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000772ac1d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCloseObjectAuditAlarm + 8 00000000772ac1e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec8b8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000772ac1f8 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 2 00000000772ac202 4 bytes {JMP 0xfffffffffd9bbb90} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772ac208 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtClearEvent + 8 00000000772ac218 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 8 00000000772ac228 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1b08} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000772ac238 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ebfb8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 00000000772ac248 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateToken + 8 00000000772ac258 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage 00000000772ac270 6 bytes [51, 48, B8, 10, 16, 03] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage + 8 00000000772ac278 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000772ac288 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom 00000000772ac2a0 6 bytes [51, 48, B8, 40, 16, 03] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom + 8 00000000772ac2a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d18b8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000772ac2b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bcbc8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVolumeInformationFile + 8 00000000772ac2c8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d2238} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000772ac2d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtFlushBuffersFile + 8 00000000772ac2e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtApphelpCacheControl + 8 00000000772ac2f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000772ac308 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000772ac318 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtIsProcessInJob + 8 00000000772ac328 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 00000000772ac338 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySection + 8 00000000772ac348 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread + 8 00000000772ac358 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData 00000000772ac370 6 bytes [51, 48, B8, 10, 17, 03] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData + 8 00000000772ac378 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf278} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772ac388 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEvent + 8 00000000772ac398 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteRequestData + 8 00000000772ac3a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000772ac3b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeAndAuditAlarm + 8 00000000772ac3c8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects 00000000772ac3e0 6 bytes [51, 48, B8, 80, 17, 03] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects + 8 00000000772ac3e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationObject + 8 00000000772ac3f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFile + 8 00000000772ac408 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2318} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtTraceEvent + 8 00000000772ac418 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtPowerInformation + 8 00000000772ac428 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d88e8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000772ac438 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCancelTimer + 8 00000000772ac448 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimer + 8 00000000772ac458 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAcceptConnectPort + 8 00000000772ac468 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheck + 8 00000000772ac478 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType + 8 00000000772ac488 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultList + 8 00000000772ac498 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarm + 8 00000000772ac4a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarmByHandle + 8 00000000772ac4b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 8 00000000772ac4c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAddDriverEntry + 8 00000000772ac4d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustGroupsToken + 8 00000000772ac4e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlertResumeThread + 8 00000000772ac4f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlertThread + 8 00000000772ac508 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateLocallyUniqueId + 8 00000000772ac518 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateReserveObject + 8 00000000772ac528 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateUserPhysicalPages + 8 00000000772ac538 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateUuids + 8 00000000772ac548 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 00000000772ac558 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCancelMessage + 8 00000000772ac568 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0de8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 00000000772ac578 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0c68} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 00000000772ac588 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePortSection + 8 00000000772ac598 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateResourceReserve + 8 00000000772ac5a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateSectionView + 8 00000000772ac5b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateSecurityContext + 8 00000000772ac5c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeletePortSection + 8 00000000772ac5d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteResourceReserve + 8 00000000772ac5e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteSectionView + 8 00000000772ac5f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteSecurityContext + 8 00000000772ac608 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDisconnectPort + 8 00000000772ac618 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf118} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort + 8 00000000772ac628 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcOpenSenderProcess + 8 00000000772ac638 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcOpenSenderThread + 8 00000000772ac648 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cedb8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcQueryInformation + 8 00000000772ac658 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cedd8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcQueryInformationMessage + 8 00000000772ac668 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcRevokeSecurityContext + 8 00000000772ac678 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf878} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 00000000772ac688 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSetInformation + 8 00000000772ac698 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAreMappedFilesTheSame + 8 00000000772ac6a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2448} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 8 00000000772ac6b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFileEx + 8 00000000772ac6c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCancelSynchronousIoFile + 8 00000000772ac6d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCommitComplete + 8 00000000772ac6e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCommitEnlistment + 8 00000000772ac6f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCommitTransaction + 8 00000000772ac708 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCompactKeys + 8 00000000772ac718 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCompareTokens + 8 00000000772ac728 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCompleteConnectPort + 8 00000000772ac738 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCompressKey + 8 00000000772ac748 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0538} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 00000000772ac758 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateDebugObject + 8 00000000772ac768 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateDirectoryObject + 8 00000000772ac778 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEnlistment + 8 00000000772ac788 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 8 00000000772ac798 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000772ac7a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2078} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateJobObject + 8 00000000772ac7b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateJobSet + 8 00000000772ac7c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyTransacted + 8 00000000772ac7d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000772ac7e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b9388} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMailslotFile + 8 00000000772ac7f8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d16a8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000772ac808 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b9528} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000772ac818 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePagingFile + 8 00000000772ac828 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000772ac832 4 bytes {JMP 0xfffffffffd9d0290} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 8 00000000772ac838 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePrivateNamespace + 8 00000000772ac848 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000772ac858 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProfile + 8 00000000772ac868 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProfileEx + 8 00000000772ac878 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateResourceManager + 8 00000000772ac888 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1938} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000772ac898 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 8 00000000772ac8a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000772ac8b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000772ac8c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateToken + 8 00000000772ac8d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTransaction + 8 00000000772ac8e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTransactionManager + 8 00000000772ac8f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 8 00000000772ac908 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWaitablePort + 8 00000000772ac918 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWorkerFactory + 8 00000000772ac928 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 8 00000000772ac938 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugContinue + 8 00000000772ac948 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteAtom + 8 00000000772ac958 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 8 00000000772ac968 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteDriverEntry + 8 00000000772ac978 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bef58} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000772ac988 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9daa68} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey + 8 00000000772ac998 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteObjectAuditAlarm + 8 00000000772ac9a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtDeletePrivateNamespace + 8 00000000772ac9b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da8b8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey + 8 00000000772ac9c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtDisableLastKnownGood + 8 00000000772ac9d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtDisplayString + 8 00000000772ac9e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtDrawText + 8 00000000772ac9f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtEnableLastKnownGood + 8 00000000772aca08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateBootEntries + 8 00000000772aca18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateDriverEntries + 8 00000000772aca28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateSystemEnvironmentValuesEx + 8 00000000772aca38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateTransactionObject + 8 00000000772aca48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtExtendSection + 8 00000000772aca58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtFilterToken + 8 00000000772aca68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtFlushInstallUILanguage + 8 00000000772aca78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtFlushInstructionCache + 8 00000000772aca88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtFlushKey + 8 00000000772aca98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtFlushProcessWriteBuffers + 8 00000000772acaa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtFlushVirtualMemory + 8 00000000772acab8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtFlushWriteBuffer + 8 00000000772acac8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtFreeUserPhysicalPages + 8 00000000772acad8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtFreezeRegistry + 8 00000000772acae8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtFreezeTransactions + 8 00000000772acaf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 8 00000000772acb08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtGetCurrentProcessorNumber + 8 00000000772acb18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtGetDevicePowerState + 8 00000000772acb28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtGetMUIRegistryInfo + 8 00000000772acb38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 8 00000000772acb48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 8 00000000772acb58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtGetNlsSectionPtr + 8 00000000772acb68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtGetNotificationResourceManager + 8 00000000772acb78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtGetPlugPlayEvent + 8 00000000772acb88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtGetWriteWatch + 8 00000000772acb98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cebc8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateAnonymousToken + 8 00000000772acba8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cebf8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateThread + 8 00000000772acbb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtInitializeNlsFiles + 8 00000000772acbc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtInitializeRegistry + 8 00000000772acbd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtInitiatePowerAction + 8 00000000772acbe8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtIsSystemResumeAutomatic + 8 00000000772acbf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtIsUILanguageComitted + 8 00000000772acc08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtListenPort + 8 00000000772acc18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9dbc78} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000772acc28 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d76a8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKey + 8 00000000772acc38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKey2 + 8 00000000772acc48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKeyEx + 8 00000000772acc58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtLockFile + 8 00000000772acc68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtLockProductActivationKeys + 8 00000000772acc78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtLockRegistryKey + 8 00000000772acc88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtLockVirtualMemory + 8 00000000772acc98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtMakePermanentObject + 8 00000000772acca8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject + 8 00000000772accb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtMapCMFModule + 8 00000000772accc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPages + 8 00000000772accd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 8 00000000772acce8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyDriverEntry + 8 00000000772accf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeDirectoryFile + 8 00000000772acd08 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d81b8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 8 00000000772acd18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d7088} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 8 00000000772acd28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeSession + 8 00000000772acd38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEnlistment + 8 00000000772acd48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair + 8 00000000772acd58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000772acd68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenJobObject + 8 00000000772acd78 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9138} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000772acd88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyTransacted + 8 00000000772acd98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyTransactedEx + 8 00000000772acda8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000772acdb8 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 2 00000000772acdc2 4 bytes {JMP 0xfffffffffd9d1290} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000772acdc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenObjectAuditAlarm + 8 00000000772acdd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenPrivateNamespace + 8 00000000772acde8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772acdf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenResourceManager + 8 00000000772ace08 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1588} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000772ace18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSession + 8 00000000772ace28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000772ace38 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eb038} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000772ace48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000772ace58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTransaction + 8 00000000772ace68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTransactionManager + 8 00000000772ace78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtPlugPlayControl + 8 00000000772ace88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtPrePrepareComplete + 8 00000000772ace98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtPrePrepareEnlistment + 8 00000000772acea8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtPrepareComplete + 8 00000000772aceb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtPrepareEnlistment + 8 00000000772acec8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegeCheck + 8 00000000772aced8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegeObjectAuditAlarm + 8 00000000772acee8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegedServiceAuditAlarm + 8 00000000772acef8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtPropagationComplete + 8 00000000772acf08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtPropagationFailed + 8 00000000772acf18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtPulseEvent + 8 00000000772acf28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryBootEntryOrder + 8 00000000772acf38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryBootOptions + 8 00000000772acf48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDebugFilterState + 8 00000000772acf58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryObject + 8 00000000772acf68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDriverEntryOrder + 8 00000000772acf78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEaFile + 8 00000000772acf88 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bae58} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000772acf98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationAtom + 8 00000000772acfa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationEnlistment + 8 00000000772acfb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationJobObject + 8 00000000772acfc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationPort + 8 00000000772acfd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationResourceManager + 8 00000000772acfe8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationTransaction + 8 00000000772acff8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationTransactionManager + 8 00000000772ad008 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationWorkerFactory + 8 00000000772ad018 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInstallUILanguage + 8 00000000772ad028 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryIntervalProfile + 8 00000000772ad038 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryIoCompletion + 8 00000000772ad048 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryLicenseValue + 8 00000000772ad058 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9c88} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey + 8 00000000772ad068 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMutant + 8 00000000772ad078 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryOpenSubKeys + 8 00000000772ad088 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryOpenSubKeysEx + 8 00000000772ad098 12 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPortInformationProcess + 5 00000000772ad0a5 1 byte [03] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPortInformationProcess + 8 00000000772ad0a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryQuotaInformationFile + 8 00000000772ad0b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityAttributesToken + 8 00000000772ad0c8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eae18} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityObject + 8 00000000772ad0d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySemaphore + 8 00000000772ad0e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySymbolicLinkObject + 8 00000000772ad0f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemEnvironmentValue + 8 00000000772ad108 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemEnvironmentValueEx + 8 00000000772ad118 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformationEx + 8 00000000772ad128 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimerResolution + 8 00000000772ad138 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 8 00000000772ad148 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000772ad160 6 bytes [51, 48, B8, 00, 25, 03] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000772ad168 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtReadOnlyEnlistment + 8 00000000772ad178 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverEnlistment + 8 00000000772ad188 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverResourceManager + 8 00000000772ad198 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverTransactionManager + 8 00000000772ad1a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtRegisterProtocolAddressInformation + 8 00000000772ad1b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtRegisterThreadTerminatePort + 8 00000000772ad1c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseKeyedEvent + 8 00000000772ad1d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseWorkerFactoryWorker + 8 00000000772ad1e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletionEx + 8 00000000772ad1f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveProcessDebug + 8 00000000772ad208 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d7088} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey + 8 00000000772ad218 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtRenameTransactionManager + 8 00000000772ad228 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtReplaceKey + 8 00000000772ad238 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtReplacePartitionUnit + 8 00000000772ad248 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReplyPort + 8 00000000772ad258 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtRequestPort + 8 00000000772ad268 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtResetEvent + 8 00000000772ad278 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtResetWriteWatch + 8 00000000772ad288 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtRestoreKey + 8 00000000772ad298 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess + 8 00000000772ad2a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackComplete + 8 00000000772ad2b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackEnlistment + 8 00000000772ad2c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackTransaction + 8 00000000772ad2d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtRollforwardTransactionManager + 8 00000000772ad2e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f0068} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSaveKey + 8 00000000772ad2f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSaveKeyEx + 8 00000000772ad308 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSaveMergedKeys + 8 00000000772ad318 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cfba8} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 00000000772ad328 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSerializeBoot + 8 00000000772ad338 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 8 00000000772ad348 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 8 00000000772ad358 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000772ad368 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetDebugFilterState + 8 00000000772ad378 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultHardErrorPort + 8 00000000772ad388 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultLocale + 8 00000000772ad398 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultUILanguage + 8 00000000772ad3a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetDriverEntryOrder + 8 00000000772ad3b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetEaFile + 8 00000000772ad3c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetHighEventPair + 8 00000000772ad3d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetHighWaitLowEventPair + 8 00000000772ad3e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationDebugObject + 8 00000000772ad3f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationEnlistment + 8 00000000772ad408 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f1728} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationJobObject + 8 00000000772ad418 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationKey + 8 00000000772ad428 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationResourceManager + 8 00000000772ad438 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ead88} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationToken + 8 00000000772ad448 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationTransaction + 8 00000000772ad458 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationTransactionManager + 8 00000000772ad468 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationWorkerFactory + 8 00000000772ad478 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetIntervalProfile + 8 00000000772ad488 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetIoCompletion + 8 00000000772ad498 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetIoCompletionEx + 8 00000000772ad4a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetLdtEntries + 8 00000000772ad4b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetLowEventPair + 8 00000000772ad4c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetLowWaitHighEventPair + 8 00000000772ad4d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetQuotaInformationFile + 8 00000000772ad4e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eab18} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 8 00000000772ad4f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemEnvironmentValue + 8 00000000772ad508 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemEnvironmentValueEx + 8 00000000772ad518 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000772ad528 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 8 00000000772ad538 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemTime + 8 00000000772ad548 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetThreadExecutionState + 8 00000000772ad558 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimerEx + 8 00000000772ad568 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimerResolution + 8 00000000772ad578 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetUuidSeed + 8 00000000772ad588 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSetVolumeInformationFile + 8 00000000772ad598 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem + 8 00000000772ad5a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownWorkerFactory + 8 00000000772ad5b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSignalAndWaitForSingleObject + 8 00000000772ad5c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSinglePhaseReject + 8 00000000772ad5d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtStartProfile + 8 00000000772ad5e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtStopProfile + 8 00000000772ad5f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 00000000772ad608 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 00000000772ad618 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000772ad628 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtTestAlert 00000000772ad640 6 bytes [51, 48, B8, E0, 29, 03] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtTestAlert + 8 00000000772ad648 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtThawRegistry + 8 00000000772ad658 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtThawTransactions + 8 00000000772ad668 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtTraceControl + 8 00000000772ad678 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtTranslateFilePath + 8 00000000772ad688 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtUmsThreadYield + 8 00000000772ad698 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadDriver + 8 00000000772ad6a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey + 8 00000000772ad6b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey2 + 8 00000000772ad6c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKeyEx + 8 00000000772ad6d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtUnlockFile + 8 00000000772ad6e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtUnlockVirtualMemory + 8 00000000772ad6f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000772ad708 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForDebugEvent + 8 00000000772ad718 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForKeyedEvent + 8 00000000772ad728 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForWorkViaWorkerFactory + 8 00000000772ad738 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtWaitHighEventPair + 8 00000000772ad748 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 8 00000000772ad758 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!NtWorkerFactoryWorkerReady + 8 00000000772ad768 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\ntdll.dll!RtlGetFullPathName_UEx 00000000772b0cd0 5 bytes JMP 0000000174c671d0 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\KERNELBASE.dll!GetFinalPathNameByHandleW 000007fefd189100 6 bytes {JMP QWORD [RIP-0x200690fe]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd1b0250 6 bytes {JMP QWORD [RIP-0x20090256]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesW 000007fefeae1460 6 bytes {JMP QWORD [RIP-0x219c13b6]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!CloseEventLog + 1 000007fefeae9271 5 bytes {JMP QWORD [RIP-0x219c923e]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!QueryServiceStatusEx 000007fefeae9474 6 bytes {JMP QWORD [RIP-0x219c943a]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!AccessCheckByType 000007fefeaea2e0 6 bytes {JMP QWORD [RIP-0x219ca0fe]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!RegConnectRegistryW 000007fefeaeab20 6 bytes {JMP QWORD [RIP-0x219ca9b6]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExW 000007fefeaeeb20 6 bytes {JMP QWORD [RIP-0x219ceab6]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!ReportEventW 000007fefeaf0050 6 bytes {JMP QWORD [RIP-0x219d0026]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!LookupAccountNameW 000007fefeaf0b24 6 bytes {JMP QWORD [RIP-0x219d09ca]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!RegisterEventSourceW + 1 000007fefeaf6031 5 bytes {JMP QWORD [RIP-0x219d601e]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!DeregisterEventSource 000007fefeafa5a0 6 bytes {JMP QWORD [RIP-0x219da586]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!GetTokenInformation 000007fefeafe0b0 6 bytes {JMP QWORD [RIP-0x219ddec6]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb05548 6 bytes {JMP QWORD [RIP-0x219e5476]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameW 000007fefeb056a0 6 bytes {JMP QWORD [RIP-0x219e5616]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameW 000007fefeb05770 6 bytes {JMP QWORD [RIP-0x219e56d6]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!RegisterEventSourceA + 1 000007fefeb07461 5 bytes {JMP QWORD [RIP-0x219e7456]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!QueryServiceObjectSecurity 000007fefeb1b2dc 6 bytes {JMP QWORD [RIP-0x219fb22a]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!QueryServiceConfig2W 000007fefeb1b310 6 bytes {JMP QWORD [RIP-0x219fb2c6]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!QueryServiceConfig2A 000007fefeb1b330 6 bytes {JMP QWORD [RIP-0x219fb2ee]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefeb1b77c 6 bytes {JMP QWORD [RIP-0x219fb6b2]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!CreateRestrictedToken 000007fefeb1b7fc 6 bytes {JMP QWORD [RIP-0x219fb68a]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefeb1b8f0 6 bytes {JMP QWORD [RIP-0x219fb80e]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefeb1b95c 6 bytes {JMP QWORD [RIP-0x219fb882]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!CredRenameA 000007fefeb22d50 6 bytes {JMP QWORD [RIP-0x21a02c1e]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!GetEffectiveRightsFromAclW 000007fefeb25b00 6 bytes {JMP QWORD [RIP-0x21a05986]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesA 000007fefeb2d170 6 bytes {JMP QWORD [RIP-0x21a0d0ce]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExA 000007fefeb2d2e0 6 bytes {JMP QWORD [RIP-0x21a0d27e]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusA 000007fefeb2d4e0 6 bytes {JMP QWORD [RIP-0x21a0d48e]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusW 000007fefeb2d8e0 6 bytes {JMP QWORD [RIP-0x21a0d886]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!UnlockServiceDatabase 000007fefeb2d930 6 bytes {JMP QWORD [RIP-0x21a0d86e]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!QueryServiceLockStatusW 000007fefeb2d9a0 6 bytes {JMP QWORD [RIP-0x21a0d926]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!QueryServiceLockStatusA 000007fefeb2dab0 6 bytes {JMP QWORD [RIP-0x21a0da3e]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!LockServiceDatabase 000007fefeb2dbc0 6 bytes {JMP QWORD [RIP-0x21a0db06]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameA 000007fefeb2dc40 6 bytes {JMP QWORD [RIP-0x21a0dbbe]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameA 000007fefeb2dcd0 6 bytes {JMP QWORD [RIP-0x21a0dc3e]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!CredDeleteW 000007fefeb40910 6 bytes {JMP QWORD [RIP-0x21a207ce]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!CredDeleteA 000007fefeb409d0 6 bytes {JMP QWORD [RIP-0x21a20896]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!ReportEventA 000007fefeb41cc0 6 bytes {JMP QWORD [RIP-0x21a21c9e]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!RegConnectRegistryA 000007fefeb4c860 6 bytes {JMP QWORD [RIP-0x21a2c6fe]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!CredReadDomainCredentialsW 000007fefeb4d820 6 bytes {JMP QWORD [RIP-0x21a2d6f6]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!CredReadDomainCredentialsA 000007fefeb4d950 6 bytes {JMP QWORD [RIP-0x21a2d82e]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!CredWriteDomainCredentialsW 000007fefeb4da80 6 bytes {JMP QWORD [RIP-0x21a2d966]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!CredWriteDomainCredentialsA 000007fefeb4db60 6 bytes {JMP QWORD [RIP-0x21a2da4e]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!CredEnumerateW 000007fefeb4dc60 6 bytes {JMP QWORD [RIP-0x21a2db0e]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!CredEnumerateA 000007fefeb4dd90 6 bytes {JMP QWORD [RIP-0x21a2dc46]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!CredReadW 000007fefeb4dec0 6 bytes {JMP QWORD [RIP-0x21a2ddb6]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!CredReadA 000007fefeb4dfd0 6 bytes {JMP QWORD [RIP-0x21a2dece]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!CredWriteW 000007fefeb4e0e0 6 bytes {JMP QWORD [RIP-0x21a2dfe6]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!CredWriteA 000007fefeb4e190 6 bytes {JMP QWORD [RIP-0x21a2e09e]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithTokenW 000007fefeb50c80 6 bytes {JMP QWORD [RIP-0x21a30b96]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefebc642c 5 bytes JMP 000007fffeb055e8 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefebc6484 5 bytes JMP 000007fffeaee870 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefebc6518 5 bytes JMP 000007fffeafae24 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerW 000007fefebc659c 5 bytes JMP 000007fffeaee858 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatus 000007fefebc6730 5 bytes JMP 000007fffeaf61ac .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatusEx 000007fefebc6784 5 bytes JMP 000007fffeae9474 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!StartServiceW 000007fefebc6824 5 bytes JMP 000007fffeae9460 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!SetServiceStatus 000007fefebc687c 5 bytes JMP 000007fffeae8e94 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerA 000007fefebc6aa4 5 bytes JMP 000007fffeafa380 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefebc6c34 5 bytes JMP 000007fffeafa36c .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!StartServiceA 000007fefebc6d00 5 bytes JMP 000007fffeb1b240 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!QueryServiceObjectSecurity 000007fefebc6d58 5 bytes JMP 000007fffeb1b2dc .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefebc6e00 5 bytes JMP 000007fffeb1b24c .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefebc6f2c 5 bytes JMP 000007fffeb1b95c .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefebc7220 5 bytes JMP 000007fffeb1b8f0 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefebc739c 5 bytes JMP 000007fffeb1b9d4 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefebc7538 5 bytes JMP 000007fffeb1b9c8 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefebc75e8 5 bytes JMP 000007fffeb1b77c .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefebc790c 5 bytes JMP 000007fffeb05548 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefebc7ab4 5 bytes JMP 000007fffeb055d4 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigA 000007fefebc7b04 5 bytes JMP 000007fffeb1b2fc .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigW 000007fefebc7c34 5 bytes JMP 000007fffeaeecac .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2A 000007fefebc7d78 5 bytes JMP 000007fffeb1b330 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2W 000007fefebc8244 5 bytes JMP 000007fffeb1b310 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherA 000007fefebc99e4 5 bytes JMP 000007fffeb1b234 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherW 000007fefebc9ac8 5 bytes JMP 000007fffeae6e4c .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerW 000007fefebca51c 5 bytes JMP 000007fffeae2c1c .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerA 000007fefebca530 5 bytes JMP 000007fffeb1b2d0 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExW 000007fefebca5b0 5 bytes JMP 000007fffeae8e60 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExA 000007fefebca5c4 5 bytes JMP 000007fffeb1b2c4 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChange 000007fefebcbb28 5 bytes JMP 000007fffeaeda10 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChangeA 000007fefebcbb3c 5 bytes JMP 000007fffeb07440 .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\GDI32.dll!EnumFontFamiliesExW 000007fefea28724 6 bytes {JMP QWORD [RIP-0x2190855a]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\GDI32.dll!GdiAddFontResourceW 000007fefea2a074 6 bytes {JMP QWORD [RIP-0x21909ed2]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\GDI32.dll!GdiDllInitialize 000007fefea2ae78 6 bytes {JMP QWORD [RIP-0x2190acde]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\GDI32.dll!RemoveFontResourceExW 000007fefea34784 6 bytes {JMP QWORD [RIP-0x219145da]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\GDI32.dll!GetFontResourceInfoW + 1 000007fefea34845 5 bytes {JMP QWORD [RIP-0x21914692]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\GDI32.dll!EnumFontFamiliesExA 000007fefea491f0 6 bytes {JMP QWORD [RIP-0x2192902e]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\GDI32.dll!CreateScalableFontResourceW + 1 000007fefea49f4d 5 bytes {JMP QWORD [RIP-0x21929d92]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\IMM32.DLL!ImmAssociateContext 000007fefeab1750 6 bytes {JMP QWORD [RIP-0x2199157e]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\IMM32.DLL!ImmAssociateContextEx 000007fefeab8240 6 bytes {JMP QWORD [RIP-0x21998066]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\CRYPT32.dll!CertGetCertificateChain 000007fefd260ba0 6 bytes {JMP QWORD [RIP-0x2014099e]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\CRYPT32.dll!CryptUnprotectData + 1 000007fefd2791b9 5 bytes {JMP QWORD [RIP-0x20158fbe]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\CRYPT32.dll!CryptProtectData 000007fefd2796d4 6 bytes {JMP QWORD [RIP-0x201594e2]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ole32.dll!ReleaseStgMedium 000007fefebe9110 6 bytes {JMP QWORD [RIP-0x21ac8ec6]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ole32.dll!CoCreateInstanceEx 000007fefebedcb0 6 bytes {JMP QWORD [RIP-0x21acda96]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec07210 6 bytes {JMP QWORD [RIP-0x21ae6ffe]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ole32.dll!CoUnmarshalInterface + 1 000007fefec0e689 5 bytes {JMP QWORD [RIP-0x21aee466]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ole32.dll!CoMarshalInterface 000007fefec0eedc 6 bytes {JMP QWORD [RIP-0x21aeecb2]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ole32.dll!CoGetClassObject 000007fefec12b28 6 bytes {JMP QWORD [RIP-0x21af291e]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ole32.dll!RevokeDragDrop 000007fefed40ca0 6 bytes {JMP QWORD [RIP-0x21c20a5e]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ole32.dll!RegisterDragDrop 000007fefed40da0 6 bytes {JMP QWORD [RIP-0x21c20b66]} .text C:\Program Files\Sandboxie\SandboxieCrypto.exe[2684] C:\Windows\system32\ole32.dll!CoGetObject + 1 000007fefed43ca1 5 bytes {JMP QWORD [RIP-0x21c23a6e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772822f0 5 bytes JMP 0000000174c883b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077286290 5 bytes JMP 0000000174c882f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk 000000007728a430 5 bytes JMP 0000000100030880 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx 0000000077295140 5 bytes JMP 0000000174c8d350 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentDirectory_U 00000000772a5d20 5 bytes JMP 0000000174c66cc0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentDirectory_U 00000000772a6050 5 bytes JMP 0000000174c66f30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!LdrQueryImageFileExecutionOptions 00000000772a66e0 5 bytes JMP 0000000174c88470 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter 00000000772abe60 6 bytes [51, 48, B8, 00, 12, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter + 8 00000000772abe68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForSingleObject + 8 00000000772abe78 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 00000000772abe90 6 bytes JMP 0000000174c5d910 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile + 8 00000000772abe98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ba1e8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 8 00000000772abea8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b1b88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000772abeb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletion + 8 00000000772abec8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseSemaphore + 8 00000000772abed8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 8 00000000772abee8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyPort + 8 00000000772abef8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f1438} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772abf08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetEvent + 8 00000000772abf18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf418} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000772abf28 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9dea08} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 8 00000000772abf38 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bee18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationFile + 8 00000000772abf48 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9db028} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000772abf58 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9daba8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey + 8 00000000772abf68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtFindAtom + 8 00000000772abf78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultLocale + 8 00000000772abf88 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9db448} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryKey + 8 00000000772abf98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da868} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey + 8 00000000772abfa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 8 00000000772abfb8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9e1fc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess + 8 00000000772abfc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects32 + 8 00000000772abfd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFileGather + 8 00000000772abfe8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9e1f78} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000772abff8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9ee8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000772ac008 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 8 00000000772ac018 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf6f8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 8 00000000772ac028 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseMutant + 8 00000000772ac038 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec0c8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 00000000772ac048 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cfcd8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 8 00000000772ac058 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9deb38} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVirtualMemory + 8 00000000772ac068 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000772ac078 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 8 00000000772ac088 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec948} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000772ac098 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf8f8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000772ac0a8 22 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm 00000000772ac0c0 6 bytes [51, 48, B8, 60, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm + 8 00000000772ac0c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772ac0d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 8 00000000772ac0e8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority 00000000772ac100 6 bytes [51, 48, B8, A0, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority + 8 00000000772ac108 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReadFileScatter + 8 00000000772ac118 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000772ac128 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000772ac138 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPerformanceCounter + 8 00000000772ac148 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da228} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey + 8 00000000772ac158 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf448} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000772ac168 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDelayExecution + 8 00000000772ac178 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ba0d8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 8 00000000772ac188 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2868} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformation + 8 00000000772ac198 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d25b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000772ac1a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimer + 8 00000000772ac1b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bc838} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 8 00000000772ac1c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000772ac1d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCloseObjectAuditAlarm + 8 00000000772ac1e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec8b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000772ac1f8 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 2 00000000772ac202 4 bytes {JMP 0xfffffffffd9bbb90} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772ac208 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtClearEvent + 8 00000000772ac218 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 8 00000000772ac228 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1b08} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000772ac238 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ebfb8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 00000000772ac248 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateToken + 8 00000000772ac258 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage 00000000772ac270 6 bytes [51, 48, B8, 10, 16, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage + 8 00000000772ac278 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000772ac288 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom 00000000772ac2a0 6 bytes [51, 48, B8, 40, 16, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom + 8 00000000772ac2a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d18b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000772ac2b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bcbc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVolumeInformationFile + 8 00000000772ac2c8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d2238} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000772ac2d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtFlushBuffersFile + 8 00000000772ac2e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtApphelpCacheControl + 8 00000000772ac2f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000772ac308 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000772ac318 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtIsProcessInJob + 8 00000000772ac328 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 00000000772ac338 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySection + 8 00000000772ac348 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread + 8 00000000772ac358 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData 00000000772ac370 6 bytes [51, 48, B8, 10, 17, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData + 8 00000000772ac378 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf278} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772ac388 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEvent + 8 00000000772ac398 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteRequestData + 8 00000000772ac3a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000772ac3b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeAndAuditAlarm + 8 00000000772ac3c8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects 00000000772ac3e0 6 bytes [51, 48, B8, 80, 17, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects + 8 00000000772ac3e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationObject + 8 00000000772ac3f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFile + 8 00000000772ac408 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2318} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtTraceEvent + 8 00000000772ac418 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtPowerInformation + 8 00000000772ac428 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d88e8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000772ac438 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCancelTimer + 8 00000000772ac448 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimer + 8 00000000772ac458 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAcceptConnectPort + 8 00000000772ac468 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheck + 8 00000000772ac478 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType + 8 00000000772ac488 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultList + 8 00000000772ac498 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarm + 8 00000000772ac4a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarmByHandle + 8 00000000772ac4b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 8 00000000772ac4c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAddDriverEntry + 8 00000000772ac4d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustGroupsToken + 8 00000000772ac4e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlertResumeThread + 8 00000000772ac4f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlertThread + 8 00000000772ac508 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateLocallyUniqueId + 8 00000000772ac518 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateReserveObject + 8 00000000772ac528 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateUserPhysicalPages + 8 00000000772ac538 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateUuids + 8 00000000772ac548 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 00000000772ac558 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCancelMessage + 8 00000000772ac568 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0de8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 00000000772ac578 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0c68} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 00000000772ac588 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePortSection + 8 00000000772ac598 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateResourceReserve + 8 00000000772ac5a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateSectionView + 8 00000000772ac5b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateSecurityContext + 8 00000000772ac5c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeletePortSection + 8 00000000772ac5d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteResourceReserve + 8 00000000772ac5e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteSectionView + 8 00000000772ac5f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteSecurityContext + 8 00000000772ac608 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDisconnectPort + 8 00000000772ac618 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf118} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort + 8 00000000772ac628 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcOpenSenderProcess + 8 00000000772ac638 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcOpenSenderThread + 8 00000000772ac648 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cedb8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcQueryInformation + 8 00000000772ac658 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cedd8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcQueryInformationMessage + 8 00000000772ac668 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcRevokeSecurityContext + 8 00000000772ac678 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf878} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 00000000772ac688 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSetInformation + 8 00000000772ac698 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAreMappedFilesTheSame + 8 00000000772ac6a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2448} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 8 00000000772ac6b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFileEx + 8 00000000772ac6c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCancelSynchronousIoFile + 8 00000000772ac6d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCommitComplete + 8 00000000772ac6e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCommitEnlistment + 8 00000000772ac6f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCommitTransaction + 8 00000000772ac708 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCompactKeys + 8 00000000772ac718 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCompareTokens + 8 00000000772ac728 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCompleteConnectPort + 8 00000000772ac738 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCompressKey + 8 00000000772ac748 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0538} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 00000000772ac758 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateDebugObject + 8 00000000772ac768 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateDirectoryObject + 8 00000000772ac778 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEnlistment + 8 00000000772ac788 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 8 00000000772ac798 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000772ac7a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2078} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateJobObject + 8 00000000772ac7b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateJobSet + 8 00000000772ac7c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyTransacted + 8 00000000772ac7d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000772ac7e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b9388} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMailslotFile + 8 00000000772ac7f8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d16a8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000772ac808 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b9528} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000772ac818 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePagingFile + 8 00000000772ac828 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000772ac832 4 bytes {JMP 0xfffffffffd9d0290} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 8 00000000772ac838 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePrivateNamespace + 8 00000000772ac848 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000772ac858 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProfile + 8 00000000772ac868 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProfileEx + 8 00000000772ac878 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateResourceManager + 8 00000000772ac888 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1938} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000772ac898 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 8 00000000772ac8a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000772ac8b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000772ac8c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateToken + 8 00000000772ac8d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTransaction + 8 00000000772ac8e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTransactionManager + 8 00000000772ac8f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 8 00000000772ac908 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWaitablePort + 8 00000000772ac918 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWorkerFactory + 8 00000000772ac928 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 8 00000000772ac938 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugContinue + 8 00000000772ac948 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteAtom + 8 00000000772ac958 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 8 00000000772ac968 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteDriverEntry + 8 00000000772ac978 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bef58} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000772ac988 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9daa68} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey + 8 00000000772ac998 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteObjectAuditAlarm + 8 00000000772ac9a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDeletePrivateNamespace + 8 00000000772ac9b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da8b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey + 8 00000000772ac9c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDisableLastKnownGood + 8 00000000772ac9d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDisplayString + 8 00000000772ac9e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDrawText + 8 00000000772ac9f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtEnableLastKnownGood + 8 00000000772aca08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateBootEntries + 8 00000000772aca18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateDriverEntries + 8 00000000772aca28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateSystemEnvironmentValuesEx + 8 00000000772aca38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateTransactionObject + 8 00000000772aca48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtExtendSection + 8 00000000772aca58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtFilterToken + 8 00000000772aca68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtFlushInstallUILanguage + 8 00000000772aca78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtFlushInstructionCache + 8 00000000772aca88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtFlushKey + 8 00000000772aca98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtFlushProcessWriteBuffers + 8 00000000772acaa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtFlushVirtualMemory + 8 00000000772acab8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtFlushWriteBuffer + 8 00000000772acac8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtFreeUserPhysicalPages + 8 00000000772acad8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtFreezeRegistry + 8 00000000772acae8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtFreezeTransactions + 8 00000000772acaf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 8 00000000772acb08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtGetCurrentProcessorNumber + 8 00000000772acb18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtGetDevicePowerState + 8 00000000772acb28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtGetMUIRegistryInfo + 8 00000000772acb38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 8 00000000772acb48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 8 00000000772acb58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtGetNlsSectionPtr + 8 00000000772acb68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtGetNotificationResourceManager + 8 00000000772acb78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtGetPlugPlayEvent + 8 00000000772acb88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtGetWriteWatch + 8 00000000772acb98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cebc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateAnonymousToken + 8 00000000772acba8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cebf8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateThread + 8 00000000772acbb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtInitializeNlsFiles + 8 00000000772acbc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtInitializeRegistry + 8 00000000772acbd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtInitiatePowerAction + 8 00000000772acbe8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtIsSystemResumeAutomatic + 8 00000000772acbf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtIsUILanguageComitted + 8 00000000772acc08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtListenPort + 8 00000000772acc18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9dbc78} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000772acc28 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d76a8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKey + 8 00000000772acc38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKey2 + 8 00000000772acc48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKeyEx + 8 00000000772acc58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtLockFile + 8 00000000772acc68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtLockProductActivationKeys + 8 00000000772acc78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtLockRegistryKey + 8 00000000772acc88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtLockVirtualMemory + 8 00000000772acc98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtMakePermanentObject + 8 00000000772acca8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject + 8 00000000772accb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtMapCMFModule + 8 00000000772accc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPages + 8 00000000772accd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 8 00000000772acce8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyDriverEntry + 8 00000000772accf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeDirectoryFile + 8 00000000772acd08 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d81b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 8 00000000772acd18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d7088} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 8 00000000772acd28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeSession + 8 00000000772acd38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEnlistment + 8 00000000772acd48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair + 8 00000000772acd58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000772acd68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenJobObject + 8 00000000772acd78 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9138} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000772acd88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyTransacted + 8 00000000772acd98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyTransactedEx + 8 00000000772acda8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000772acdb8 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 2 00000000772acdc2 4 bytes {JMP 0xfffffffffd9d1290} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000772acdc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenObjectAuditAlarm + 8 00000000772acdd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenPrivateNamespace + 8 00000000772acde8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772acdf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenResourceManager + 8 00000000772ace08 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1588} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000772ace18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSession + 8 00000000772ace28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000772ace38 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eb038} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000772ace48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000772ace58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTransaction + 8 00000000772ace68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTransactionManager + 8 00000000772ace78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtPlugPlayControl + 8 00000000772ace88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtPrePrepareComplete + 8 00000000772ace98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtPrePrepareEnlistment + 8 00000000772acea8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtPrepareComplete + 8 00000000772aceb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtPrepareEnlistment + 8 00000000772acec8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegeCheck + 8 00000000772aced8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegeObjectAuditAlarm + 8 00000000772acee8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegedServiceAuditAlarm + 8 00000000772acef8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtPropagationComplete + 8 00000000772acf08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtPropagationFailed + 8 00000000772acf18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtPulseEvent + 8 00000000772acf28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryBootEntryOrder + 8 00000000772acf38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryBootOptions + 8 00000000772acf48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDebugFilterState + 8 00000000772acf58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryObject + 8 00000000772acf68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDriverEntryOrder + 8 00000000772acf78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEaFile + 8 00000000772acf88 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bae58} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000772acf98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationAtom + 8 00000000772acfa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationEnlistment + 8 00000000772acfb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationJobObject + 8 00000000772acfc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationPort + 8 00000000772acfd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationResourceManager + 8 00000000772acfe8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationTransaction + 8 00000000772acff8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationTransactionManager + 8 00000000772ad008 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationWorkerFactory + 8 00000000772ad018 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInstallUILanguage + 8 00000000772ad028 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryIntervalProfile + 8 00000000772ad038 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryIoCompletion + 8 00000000772ad048 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryLicenseValue + 8 00000000772ad058 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9c88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey + 8 00000000772ad068 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMutant + 8 00000000772ad078 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryOpenSubKeys + 8 00000000772ad088 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryOpenSubKeysEx + 8 00000000772ad098 12 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPortInformationProcess + 5 00000000772ad0a5 1 byte [03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPortInformationProcess + 8 00000000772ad0a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryQuotaInformationFile + 8 00000000772ad0b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityAttributesToken + 8 00000000772ad0c8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eae18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityObject + 8 00000000772ad0d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySemaphore + 8 00000000772ad0e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySymbolicLinkObject + 8 00000000772ad0f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemEnvironmentValue + 8 00000000772ad108 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemEnvironmentValueEx + 8 00000000772ad118 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformationEx + 8 00000000772ad128 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimerResolution + 8 00000000772ad138 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 8 00000000772ad148 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000772ad160 6 bytes [51, 48, B8, 00, 25, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000772ad168 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReadOnlyEnlistment + 8 00000000772ad178 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverEnlistment + 8 00000000772ad188 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverResourceManager + 8 00000000772ad198 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverTransactionManager + 8 00000000772ad1a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRegisterProtocolAddressInformation + 8 00000000772ad1b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRegisterThreadTerminatePort + 8 00000000772ad1c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseKeyedEvent + 8 00000000772ad1d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseWorkerFactoryWorker + 8 00000000772ad1e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletionEx + 8 00000000772ad1f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveProcessDebug + 8 00000000772ad208 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d7088} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey + 8 00000000772ad218 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRenameTransactionManager + 8 00000000772ad228 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReplaceKey + 8 00000000772ad238 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReplacePartitionUnit + 8 00000000772ad248 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReplyPort + 8 00000000772ad258 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRequestPort + 8 00000000772ad268 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtResetEvent + 8 00000000772ad278 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtResetWriteWatch + 8 00000000772ad288 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRestoreKey + 8 00000000772ad298 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess + 8 00000000772ad2a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackComplete + 8 00000000772ad2b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackEnlistment + 8 00000000772ad2c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackTransaction + 8 00000000772ad2d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRollforwardTransactionManager + 8 00000000772ad2e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f0068} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSaveKey + 8 00000000772ad2f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSaveKeyEx + 8 00000000772ad308 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSaveMergedKeys + 8 00000000772ad318 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cfba8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 00000000772ad328 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSerializeBoot + 8 00000000772ad338 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 8 00000000772ad348 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 8 00000000772ad358 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000772ad368 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetDebugFilterState + 8 00000000772ad378 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultHardErrorPort + 8 00000000772ad388 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultLocale + 8 00000000772ad398 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultUILanguage + 8 00000000772ad3a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetDriverEntryOrder + 8 00000000772ad3b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetEaFile + 8 00000000772ad3c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetHighEventPair + 8 00000000772ad3d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetHighWaitLowEventPair + 8 00000000772ad3e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationDebugObject + 8 00000000772ad3f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationEnlistment + 8 00000000772ad408 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f1728} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationJobObject + 8 00000000772ad418 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationKey + 8 00000000772ad428 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationResourceManager + 8 00000000772ad438 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ead88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationToken + 8 00000000772ad448 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationTransaction + 8 00000000772ad458 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationTransactionManager + 8 00000000772ad468 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationWorkerFactory + 8 00000000772ad478 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetIntervalProfile + 8 00000000772ad488 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetIoCompletion + 8 00000000772ad498 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetIoCompletionEx + 8 00000000772ad4a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetLdtEntries + 8 00000000772ad4b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetLowEventPair + 8 00000000772ad4c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetLowWaitHighEventPair + 8 00000000772ad4d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetQuotaInformationFile + 8 00000000772ad4e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eab18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 8 00000000772ad4f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemEnvironmentValue + 8 00000000772ad508 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemEnvironmentValueEx + 8 00000000772ad518 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000772ad528 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 8 00000000772ad538 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemTime + 8 00000000772ad548 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetThreadExecutionState + 8 00000000772ad558 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimerEx + 8 00000000772ad568 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimerResolution + 8 00000000772ad578 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetUuidSeed + 8 00000000772ad588 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetVolumeInformationFile + 8 00000000772ad598 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem + 8 00000000772ad5a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownWorkerFactory + 8 00000000772ad5b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSignalAndWaitForSingleObject + 8 00000000772ad5c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSinglePhaseReject + 8 00000000772ad5d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtStartProfile + 8 00000000772ad5e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtStopProfile + 8 00000000772ad5f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 00000000772ad608 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 00000000772ad618 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000772ad628 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtTestAlert 00000000772ad640 6 bytes [51, 48, B8, E0, 29, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtTestAlert + 8 00000000772ad648 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtThawRegistry + 8 00000000772ad658 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtThawTransactions + 8 00000000772ad668 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtTraceControl + 8 00000000772ad678 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtTranslateFilePath + 8 00000000772ad688 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtUmsThreadYield + 8 00000000772ad698 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadDriver + 8 00000000772ad6a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey + 8 00000000772ad6b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey2 + 8 00000000772ad6c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKeyEx + 8 00000000772ad6d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtUnlockFile + 8 00000000772ad6e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtUnlockVirtualMemory + 8 00000000772ad6f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000772ad708 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForDebugEvent + 8 00000000772ad718 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForKeyedEvent + 8 00000000772ad728 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForWorkViaWorkerFactory + 8 00000000772ad738 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWaitHighEventPair + 8 00000000772ad748 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 8 00000000772ad758 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWorkerFactoryWorkerReady + 8 00000000772ad768 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!RtlGetFullPathName_UEx 00000000772b0cd0 5 bytes JMP 0000000174c671d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\kernel32.dll!CreateActCtxW 000000007705a180 5 bytes JMP 0000000174c9da80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007705dae0 5 bytes JMP 0000000174c8e480 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\kernel32.dll!SetLocaleInfoA 00000000770af430 5 bytes JMP 0000000174c9e700 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\kernel32.dll!AllocConsole 00000000770c5c60 5 bytes JMP 0000000174c72120 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000770cf690 5 bytes JMP 0000000174c5e7e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\kernel32.dll!ReplaceFile 00000000770d4390 5 bytes JMP 0000000174c6b4e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\kernel32.dll!WinExec 00000000770db4b0 5 bytes JMP 0000000174c8d4e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\KERNELBASE.dll!GetFinalPathNameByHandleW 000007fefd189100 6 bytes {JMP QWORD [RIP-0x200690fe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd1b0250 6 bytes {JMP QWORD [RIP-0x20090256]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesW 000007fefeae1460 6 bytes {JMP QWORD [RIP-0x219c13b6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!CloseEventLog + 1 000007fefeae9271 5 bytes {JMP QWORD [RIP-0x219c923e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!QueryServiceStatusEx 000007fefeae9474 6 bytes {JMP QWORD [RIP-0x219c943a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!RegConnectRegistryW 000007fefeaeab20 6 bytes {JMP QWORD [RIP-0x219ca9b6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!SetSecurityInfo 000007fefeaeb210 6 bytes {JMP QWORD [RIP-0x219cb096]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!GetSecurityInfo 000007fefeaedad0 6 bytes {JMP QWORD [RIP-0x219cd94e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExW 000007fefeaeeb20 6 bytes {JMP QWORD [RIP-0x219ceab6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!ReportEventW 000007fefeaf0050 6 bytes {JMP QWORD [RIP-0x219d0026]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!LookupAccountNameW 000007fefeaf0b24 6 bytes {JMP QWORD [RIP-0x219d09ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!RegisterEventSourceW + 1 000007fefeaf6031 5 bytes {JMP QWORD [RIP-0x219d601e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!DeregisterEventSource 000007fefeafa5a0 6 bytes {JMP QWORD [RIP-0x219da586]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb05548 6 bytes {JMP QWORD [RIP-0x219e5476]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameW 000007fefeb056a0 6 bytes {JMP QWORD [RIP-0x219e5616]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameW 000007fefeb05770 6 bytes {JMP QWORD [RIP-0x219e56d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!RegisterEventSourceA + 1 000007fefeb07461 5 bytes {JMP QWORD [RIP-0x219e7456]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!QueryServiceObjectSecurity 000007fefeb1b2dc 6 bytes {JMP QWORD [RIP-0x219fb22a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!QueryServiceConfig2W 000007fefeb1b310 6 bytes {JMP QWORD [RIP-0x219fb2c6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!QueryServiceConfig2A 000007fefeb1b330 6 bytes {JMP QWORD [RIP-0x219fb2ee]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefeb1b77c 6 bytes {JMP QWORD [RIP-0x219fb6b2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!CreateRestrictedToken 000007fefeb1b7fc 6 bytes {JMP QWORD [RIP-0x219fb68a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefeb1b8f0 6 bytes {JMP QWORD [RIP-0x219fb80e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefeb1b95c 6 bytes {JMP QWORD [RIP-0x219fb882]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!CredRenameA 000007fefeb22d50 6 bytes {JMP QWORD [RIP-0x21a02c1e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!GetEffectiveRightsFromAclW 000007fefeb25b00 6 bytes {JMP QWORD [RIP-0x21a05976]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesA 000007fefeb2d170 6 bytes {JMP QWORD [RIP-0x21a0d0ce]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExA 000007fefeb2d2e0 6 bytes {JMP QWORD [RIP-0x21a0d27e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusA 000007fefeb2d4e0 6 bytes {JMP QWORD [RIP-0x21a0d48e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusW 000007fefeb2d8e0 6 bytes {JMP QWORD [RIP-0x21a0d886]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!UnlockServiceDatabase 000007fefeb2d930 6 bytes {JMP QWORD [RIP-0x21a0d86e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!QueryServiceLockStatusW 000007fefeb2d9a0 6 bytes {JMP QWORD [RIP-0x21a0d926]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!QueryServiceLockStatusA 000007fefeb2dab0 6 bytes {JMP QWORD [RIP-0x21a0da3e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!LockServiceDatabase 000007fefeb2dbc0 6 bytes {JMP QWORD [RIP-0x21a0db06]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameA 000007fefeb2dc40 6 bytes {JMP QWORD [RIP-0x21a0dbbe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameA 000007fefeb2dcd0 6 bytes {JMP QWORD [RIP-0x21a0dc3e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!CredDeleteW 000007fefeb40910 6 bytes {JMP QWORD [RIP-0x21a207ce]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!CredDeleteA 000007fefeb409d0 6 bytes {JMP QWORD [RIP-0x21a20896]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!ReportEventA 000007fefeb41cc0 6 bytes {JMP QWORD [RIP-0x21a21c9e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!RegConnectRegistryA 000007fefeb4c860 6 bytes {JMP QWORD [RIP-0x21a2c6fe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!CredReadDomainCredentialsW 000007fefeb4d820 6 bytes {JMP QWORD [RIP-0x21a2d6f6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!CredReadDomainCredentialsA 000007fefeb4d950 6 bytes {JMP QWORD [RIP-0x21a2d82e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!CredWriteDomainCredentialsW 000007fefeb4da80 6 bytes {JMP QWORD [RIP-0x21a2d966]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!CredWriteDomainCredentialsA 000007fefeb4db60 6 bytes {JMP QWORD [RIP-0x21a2da4e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!CredEnumerateW 000007fefeb4dc60 6 bytes {JMP QWORD [RIP-0x21a2db0e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!CredEnumerateA 000007fefeb4dd90 6 bytes {JMP QWORD [RIP-0x21a2dc46]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!CredReadW 000007fefeb4dec0 6 bytes {JMP QWORD [RIP-0x21a2ddb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!CredReadA 000007fefeb4dfd0 6 bytes {JMP QWORD [RIP-0x21a2dece]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!CredWriteW 000007fefeb4e0e0 6 bytes {JMP QWORD [RIP-0x21a2dfe6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!CredWriteA 000007fefeb4e190 6 bytes {JMP QWORD [RIP-0x21a2e09e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithTokenW 000007fefeb50c80 6 bytes {JMP QWORD [RIP-0x21a30b96]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefebc642c 5 bytes JMP 000007fffeb055e8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefebc6484 5 bytes JMP 000007fffeaee870 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefebc6518 5 bytes JMP 000007fffeafae24 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerW 000007fefebc659c 5 bytes JMP 000007fffeaee858 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatus 000007fefebc6730 5 bytes JMP 000007fffeaf61ac .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatusEx 000007fefebc6784 5 bytes JMP 000007fffeae9474 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!StartServiceW 000007fefebc6824 5 bytes JMP 000007fffeae9460 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!SetServiceStatus 000007fefebc687c 5 bytes JMP 000007fffeae8e94 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerA 000007fefebc6aa4 5 bytes JMP 000007fffeafa380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefebc6c34 5 bytes JMP 000007fffeafa36c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!StartServiceA 000007fefebc6d00 5 bytes JMP 000007fffeb1b240 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!QueryServiceObjectSecurity 000007fefebc6d58 5 bytes JMP 000007fffeb1b2dc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefebc6e00 5 bytes JMP 000007fffeb1b24c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefebc6f2c 5 bytes JMP 000007fffeb1b95c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefebc7220 5 bytes JMP 000007fffeb1b8f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefebc739c 5 bytes JMP 000007fffeb1b9d4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefebc7538 5 bytes JMP 000007fffeb1b9c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefebc75e8 5 bytes JMP 000007fffeb1b77c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefebc790c 5 bytes JMP 000007fffeb05548 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefebc7ab4 5 bytes JMP 000007fffeb055d4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigA 000007fefebc7b04 5 bytes JMP 000007fffeb1b2fc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigW 000007fefebc7c34 5 bytes JMP 000007fffeaeecac .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2A 000007fefebc7d78 5 bytes JMP 000007fffeb1b330 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2W 000007fefebc8244 5 bytes JMP 000007fffeb1b310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherA 000007fefebc99e4 5 bytes JMP 000007fffeb1b234 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherW 000007fefebc9ac8 5 bytes JMP 000007fffeae6e4c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerW 000007fefebca51c 5 bytes JMP 000007fffeae2c1c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerA 000007fefebca530 5 bytes JMP 000007fffeb1b2d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExW 000007fefebca5b0 5 bytes JMP 000007fffeae8e60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExA 000007fefebca5c4 5 bytes JMP 000007fffeb1b2c4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChange 000007fefebcbb28 5 bytes JMP 000007fffeaeda10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChangeA 000007fefebcbb3c 5 bytes JMP 000007fffeb07440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!CreateWindowStationW 00000000771614c0 5 bytes JMP 0000000174c745b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!DdeInitializeW 0000000077164b74 5 bytes JMP 0000000174c72f40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077165350 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!OpenInputDesktop 0000000077166f00 5 bytes JMP 0000000174c75e00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!RegisterDeviceNotificationA 0000000077166fe4 5 bytes JMP 0000000174c6dd50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!UnregisterDeviceNotification 00000000771673b8 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetClassInfoA 0000000077167490 5 bytes JMP 0000000174c717c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetClassInfoExA 00000000771674c8 5 bytes JMP 0000000174c71680 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!EnumDesktopWindows 0000000077167d9c 5 bytes JMP 0000000174c74560 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!ActivateKeyboardLayout 00000000771683c0 5 bytes JMP 0000000174c6dad0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SetParent 0000000077168530 5 bytes JMP 0000000174c75990 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077169bcc 5 bytes JMP 0000000174c78b20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!UnregisterClassA 0000000077169e70 5 bytes JMP 0000000174c71560 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!RegisterClassA 0000000077169f68 5 bytes JMP 0000000174c713e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!CreateWindowExA 000000007716a2e0 5 bytes JMP 0000000174c6d510 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!PostMessageA 000000007716a404 5 bytes JMP 0000000174c77de0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!MoveWindow 000000007716aad0 5 bytes JMP 0000000174c6db40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007716b500 5 bytes JMP 0000000174c78f10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!UpdateLayeredWindowIndirect + 368 000000007716b830 5 bytes JMP 0000000174c6da30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SetCursor 000000007716c930 5 bytes JMP 0000000174c75b10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!ScreenToClient 000000007716ca58 5 bytes JMP 0000000174c6e9d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!EnumThreadWindows 000000007716ce5c 5 bytes JMP 0000000174c74500 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!IsWindowEnabled 000000007716d15c 5 bytes JMP 0000000174c6e820 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!AttachThreadInput 000000007716d240 5 bytes JMP 0000000174c6ecc0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!FindWindowW 000000007716d264 5 bytes JMP 0000000174c749b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007716d2b0 5 bytes JMP 0000000174c779e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SendMessageA 000000007716d338 5 bytes JMP 0000000174c77aa0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000000007716d440 5 bytes JMP 0000000174c75440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!UnregisterClassW 000000007716d464 5 bytes JMP 0000000174c714e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SetForegroundWindow 000000007716d540 5 bytes JMP 0000000174c75c50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SetThreadDesktop 000000007716d6d0 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetWindowTextW 000000007716d7a4 5 bytes JMP 0000000174c79bd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!OpenDesktopW 000000007716d870 5 bytes JMP 0000000174c74590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!EnumDesktopsW 000000007716d964 5 bytes JMP 0000000174c74570 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007716dc40 5 bytes JMP 0000000174c77db0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007716f874 5 bytes JMP 0000000174c757f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetUserObjectInformationW 000000007716f9c0 5 bytes JMP 0000000174c75e30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007716fac0 5 bytes JMP 0000000174c77ca0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000077170810 5 bytes JMP 0000000174c6d2c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!RegisterClassW 00000000771708c0 5 bytes JMP 0000000174c712e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077170b74 5 bytes JMP 0000000174c77a40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!RegisterClassExW 0000000077170e9c 5 bytes JMP 0000000174c710e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetClassInfoExW 0000000077171550 5 bytes JMP 0000000174c715e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetClassInfoW 00000000771716d0 5 bytes JMP 0000000174c71720 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!ClientToScreen 00000000771732b8 5 bytes JMP 0000000174c6e940 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SetWindowLongW 00000000771733b0 5 bytes JMP 0000000174c78ad0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetWindowLongPtrA 00000000771737c0 5 bytes JMP 0000000174c78c40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SetWindowPos 0000000077173c50 5 bytes JMP 0000000174c6e4a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetWindow 0000000077174bf4 5 bytes JMP 0000000174c75930 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!EnumChildWindows 0000000077174ce0 5 bytes JMP 0000000174c74490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetIconInfo 0000000077174eec 5 bytes JMP 0000000174c75b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetClassNameW 0000000077174f28 5 bytes JMP 0000000174c71860 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetClassLongPtrW 00000000771752a4 5 bytes JMP 0000000174c78cf0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!IsWindowUnicode 0000000077175360 5 bytes JMP 0000000174c6e840 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetWindowLongA 0000000077175408 5 bytes JMP 0000000174c78a90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetShellWindow 00000000771754a0 5 bytes JMP 0000000174c74df0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!EnumWindows 0000000077175e28 5 bytes JMP 0000000174c74480 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!MonitorFromWindow 0000000077175f08 5 bytes JMP 0000000174c75ce0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!DispatchMessageA 0000000077176274 5 bytes JMP 0000000174c77170 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetClassLongW 0000000077176458 5 bytes JMP 0000000174c78b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SendMessageW 0000000077176b50 5 bytes JMP 0000000174c77b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetClientRect 0000000077176bc8 5 bytes JMP 0000000174c6ea60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetWindowRect 0000000077176c0c 5 bytes JMP 0000000174c6eb30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!MapWindowPoints 0000000077176cd4 5 bytes JMP 0000000174c6e870 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SetPropW 0000000077176f50 5 bytes JMP 0000000174c78670 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!RemovePropW 0000000077176fd0 5 bytes JMP 0000000174c78750 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771776c0 5 bytes JMP 0000000174c78e40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!PostMessageW 00000000771776e4 5 bytes JMP 0000000174c77e80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!IsWindow 0000000077177928 5 bytes JMP 0000000174c6e810 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SetScrollInfo + 380 0000000077177ec0 5 bytes JMP 0000000174c74310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetWindowLongW 0000000077177f20 5 bytes JMP 0000000174c78a50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetPropW 0000000077178878 5 bytes JMP 0000000174c784d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetParent 00000000771789e4 5 bytes JMP 0000000174c75950 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetWindowInfo 0000000077178b08 5 bytes JMP 0000000174c6ec00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!IsIconic 0000000077178c5c 5 bytes JMP 0000000174c6e850 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!IsZoomed 0000000077178c8c 5 bytes JMP 0000000174c6e860 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!IsWindowVisible 0000000077178d24 5 bytes JMP 0000000174c6e830 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetWindowLongPtrW 00000000771796c0 5 bytes JMP 0000000174c78b90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!DispatchMessageW 000000007717991c 5 bytes JMP 0000000174c771a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!AnimateWindow 000000007717bff0 5 bytes JMP 0000000174c6dda0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamW 000000007717ce40 5 bytes JMP 0000000174c73f50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!DialogBoxParamW 000000007717d410 5 bytes JMP 0000000174c74090 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetClipboardData 000000007717e874 5 bytes JMP 0000000174c766c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetPropA 000000007717f4cc 5 bytes JMP 0000000174c785a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771828e4 5 bytes JMP 0000000174c77d80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!WaitForInputIdle 0000000077183fa0 5 bytes JMP 0000000174c6de30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW 0000000077184efc 5 bytes JMP 0000000174c73ec0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamW 0000000077184f70 5 bytes JMP 0000000174c73f90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!CloseClipboard 0000000077185a50 5 bytes JMP 0000000174c75f00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!OpenClipboard 0000000077185a70 5 bytes JMP 0000000174c75eb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW 0000000077187468 5 bytes JMP 0000000174c73e20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!CreateDialogParamW 000000007718751c 5 bytes JMP 0000000174c73fd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!FindWindowA 0000000077188270 5 bytes JMP 0000000174c74ab0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077188be0 5 bytes JMP 0000000174c77c60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077188c20 5 bytes JMP 0000000174c75770 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SendInput 0000000077188cd0 5 bytes JMP 0000000174c75d80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!FindWindowExW 0000000077188d20 5 bytes JMP 0000000174c74bb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!BlockInput 000000007718ad60 5 bytes JMP 0000000174c75d70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!ClipCursor 000000007718adb0 5 bytes JMP 0000000174c75a00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!UserHandleGrantAccess 000000007718b400 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!EnumDesktopsA 000000007719ffa0 5 bytes JMP 0000000174c74580 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!CreateWindowStationA 00000000771a14c4 5 bytes JMP 0000000174c745d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!OpenDesktopA 00000000771a1724 5 bytes JMP 0000000174c74590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SetCursorPos 00000000771a1f58 5 bytes JMP 0000000174c75be0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SetDoubleClickTime 00000000771a1f70 5 bytes JMP 0000000174c9e700 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SwapMouseButton 00000000771a1fa4 5 bytes JMP 0000000174c9e700 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamA 00000000771a2be4 5 bytes JMP 0000000174c73fb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamA 00000000771a2c0c 5 bytes JMP 0000000174c73f70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!DialogBoxParamA 00000000771a2c34 5 bytes JMP 0000000174c740f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!CreateDialogParamA 00000000771a2cf8 5 bytes JMP 0000000174c74030 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!ExitWindowsEx 00000000771b14e0 5 bytes JMP 0000000174c6db00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!EndTask 00000000771b1604 5 bytes JMP 0000000174c6dca0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!DdeInitializeA 00000000771b24a8 5 bytes JMP 0000000174c72f80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!MessageBoxW 00000000771d1314 5 bytes JMP 0000000174c6dbb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!MessageBoxExW 00000000771d1394 5 bytes JMP 0000000174c6dc20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetClassNameA 00000000771db394 5 bytes JMP 0000000174c719b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetClassLongPtrA 00000000771dcb6c 5 bytes JMP 0000000174c78d00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetClassLongA 00000000771dcbac 5 bytes JMP 0000000174c78b80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!GetWindowTextA 00000000771dccd0 5 bytes JMP 0000000174c79c00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!RegisterClassExA 00000000771dd670 5 bytes JMP 0000000174c711e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!FindWindowExA 00000000771ddae0 5 bytes JMP 0000000174c74cd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!RemovePropA 00000000771dde90 5 bytes JMP 0000000174c787b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\USER32.dll!SetPropA 00000000771ddf94 5 bytes JMP 0000000174c786e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\GDI32.dll!EnumFontFamiliesExW 000007fefea28724 6 bytes {JMP QWORD [RIP-0x2190854a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\GDI32.dll!GdiAddFontResourceW 000007fefea2a074 6 bytes {JMP QWORD [RIP-0x21909ec2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\GDI32.dll!GdiDllInitialize 000007fefea2ae78 6 bytes {JMP QWORD [RIP-0x2190acce]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\GDI32.dll!RemoveFontResourceExW 000007fefea34784 6 bytes {JMP QWORD [RIP-0x219145ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\GDI32.dll!GetFontResourceInfoW + 1 000007fefea34845 5 bytes {JMP QWORD [RIP-0x21914682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\GDI32.dll!EnumFontFamiliesExA 000007fefea491f0 6 bytes {JMP QWORD [RIP-0x2192901e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\GDI32.dll!CreateScalableFontResourceW + 1 000007fefea49f4d 5 bytes {JMP QWORD [RIP-0x21929d82]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\WTSAPI32.dll!WTSEnumerateSessionsW 000007fefaed1430 6 bytes {JMP QWORD [RIP-0x1ddb1246]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\WTSAPI32.dll!WTSQueryUserToken 000007fefaed18f0 6 bytes {JMP QWORD [RIP-0x1ddb170e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\WTSAPI32.dll!WTSRegisterSessionNotification 000007fefaed1d00 6 bytes {JMP QWORD [RIP-0x1ddb1b06]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\WTSAPI32.dll!WTSUnRegisterSessionNotification + 1 000007fefaed1e31 5 bytes {JMP QWORD [RIP-0x1ddb1c26]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\WTSAPI32.dll!WTSRegisterSessionNotificationEx 000007fefaed5030 6 bytes {JMP QWORD [RIP-0x1ddb4e2e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\WTSAPI32.dll!WTSUnRegisterSessionNotificationEx 000007fefaed50b4 6 bytes {JMP QWORD [RIP-0x1ddb4ea2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\WTSAPI32.dll!WTSEnumerateProcessesW 000007fefaed54b0 6 bytes {JMP QWORD [RIP-0x1ddb52be]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\IMM32.DLL!ImmAssociateContext 000007fefeab1750 6 bytes {JMP QWORD [RIP-0x21991536]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\IMM32.DLL!ImmAssociateContextEx 000007fefeab8240 6 bytes {JMP QWORD [RIP-0x2199801e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ole32.dll!ReleaseStgMedium 000007fefebe9110 6 bytes {JMP QWORD [RIP-0x21ac8e86]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ole32.dll!CoCreateInstanceEx 000007fefebedcb0 6 bytes {JMP QWORD [RIP-0x21acda56]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec07210 6 bytes {JMP QWORD [RIP-0x21ae6fbe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ole32.dll!CoUnmarshalInterface + 1 000007fefec0e689 5 bytes {JMP QWORD [RIP-0x21aee426]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ole32.dll!CoMarshalInterface 000007fefec0eedc 6 bytes {JMP QWORD [RIP-0x21aeec72]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ole32.dll!CoGetClassObject 000007fefec12b28 6 bytes {JMP QWORD [RIP-0x21af28de]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ole32.dll!RevokeDragDrop 000007fefed40ca0 6 bytes {JMP QWORD [RIP-0x21c20a1e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ole32.dll!RegisterDragDrop 000007fefed40da0 6 bytes {JMP QWORD [RIP-0x21c20b26]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\ole32.dll!CoGetObject + 1 000007fefed43ca1 5 bytes {JMP QWORD [RIP-0x21c23a2e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\wkscli.dll!NetUseAdd 000007fefaef21f0 6 bytes {JMP QWORD [RIP-0x1ddd1f5e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\SSPICLI.DLL!LsaRegisterLogonProcess + 1 000007fefcdc9211 5 bytes {JMP QWORD [RIP-0x1fca8f76]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd8845c1 5 bytes {JMP QWORD [RIP-0x20764316]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\WS2_32.dll!WSANSPIoctl 000007fefd8a44c0 6 bytes {JMP QWORD [RIP-0x2078421e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd8ae0f0 6 bytes {JMP QWORD [RIP-0x2078de3e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\CRYPT32.dll!CertGetCertificateChain 000007fefd260ba0 6 bytes {JMP QWORD [RIP-0x201408d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\CRYPT32.dll!CryptUnprotectData + 1 000007fefd2791b9 5 bytes {JMP QWORD [RIP-0x20158ef6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\CRYPT32.dll!CryptProtectData 000007fefd2796d4 6 bytes {JMP QWORD [RIP-0x2015941a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\pdh.dll!PdhLookupPerfNameByIndexW 000007fef8989e5c 6 bytes {JMP QWORD [RIP-0x1b869b82]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\pdh.dll!PdhConnectMachineW 000007fef89b3000 6 bytes {JMP QWORD [RIP-0x1b892d2e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\IPHLPAPI.DLL!CancelMibChangeNotify2 000007fefad36ff4 6 bytes {JMP QWORD [RIP-0x1dc16cd2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\IPHLPAPI.DLL!IcmpCloseHandle 000007fefad37cc0 6 bytes {JMP QWORD [RIP-0x1dc179ce]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\IPHLPAPI.DLL!IcmpSendEcho2Ex 000007fefad37f5c 6 bytes {JMP QWORD [RIP-0x1dc17c4a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\IPHLPAPI.DLL!IcmpCreateFile 000007fefad38250 6 bytes {JMP QWORD [RIP-0x1dc17f6e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\IPHLPAPI.DLL!IcmpSendEcho 000007fefad38340 6 bytes {JMP QWORD [RIP-0x1dc18046]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\IPHLPAPI.DLL!IcmpSendEcho2 000007fefad3839c 6 bytes {JMP QWORD [RIP-0x1dc1809a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\IPHLPAPI.DLL!NotifyRouteChange2 000007fefad394b0 6 bytes {JMP QWORD [RIP-0x1dc19196]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\IPHLPAPI.DLL!Icmp6SendEcho2 000007fefad39ce0 6 bytes {JMP QWORD [RIP-0x1dc199d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\IPHLPAPI.DLL!Icmp6CreateFile 000007fefad3a030 6 bytes {JMP QWORD [RIP-0x1dc19d46]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\WINNSI.DLL!NsiRpcRegisterChangeNotification 000007fefad21910 6 bytes {JMP QWORD [RIP-0x1dc015e6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\SETUPAPI.dll!VerifyCatalogFile + 1 000007fefef36799 5 bytes {JMP QWORD [RIP-0x21e16466]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\CFGMGR32.dll!CM_Add_Driver_PackageW 000007fefd0275f8 6 bytes {JMP QWORD [RIP-0x1ff072be]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\CFGMGR32.dll!CM_Add_Driver_Package_ExW 000007fefd027650 6 bytes {JMP QWORD [RIP-0x1ff0730e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\System32\wevtapi.dll!EvtIntAssertConfig 000007fefca400a0 6 bytes {JMP QWORD [RIP-0x1f91fd56]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\WINSTA.dll!WinStationIsSessionRemoteable 000007fefcf11578 6 bytes {JMP QWORD [RIP-0x1fdf11f6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\WINSTA.dll!WinStationQueryInformationW 000007fefcf116d4 6 bytes {JMP QWORD [RIP-0x1fdf1362]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\WINSTA.dll!WinStationEnumerateW 000007fefcf12530 6 bytes {JMP QWORD [RIP-0x1fdf21c6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\WINSTA.dll!WinStationFreeMemory 000007fefcf12a64 6 bytes {JMP QWORD [RIP-0x1fdf26ea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\WINSTA.dll!WinStationNameFromLogonIdW 000007fefcf15190 6 bytes {JMP QWORD [RIP-0x1fdf4e06]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\WINSTA.dll!WinStationGetConnectionProperty 000007fefcf15fa4 6 bytes {JMP QWORD [RIP-0x1fdf5c12]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\WINSTA.dll!WinStationOpenServerW 000007fefcf16788 6 bytes {JMP QWORD [RIP-0x1fdf6436]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\WINSTA.dll!WinStationCloseServer 000007fefcf16808 6 bytes {JMP QWORD [RIP-0x1fdf64ae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\WINSTA.dll!WinStationDisconnect 000007fefcf1898c 6 bytes {JMP QWORD [RIP-0x1fdf862a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3568] C:\Windows\system32\WINSTA.dll!WinStationFreePropertyValue + 1 000007fefcf1fafd 5 bytes {JMP QWORD [RIP-0x1fdff762]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772822f0 5 bytes JMP 0000000174c883b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077286290 5 bytes JMP 0000000174c882f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk 000000007728a430 5 bytes JMP 0000000100030880 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx 0000000077295140 5 bytes JMP 0000000174c8d350 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentDirectory_U 00000000772a5d20 5 bytes JMP 0000000174c66cc0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentDirectory_U 00000000772a6050 5 bytes JMP 0000000174c66f30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!LdrQueryImageFileExecutionOptions 00000000772a66e0 5 bytes JMP 0000000174c88470 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter 00000000772abe60 6 bytes [51, 48, B8, 00, 12, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter + 8 00000000772abe68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForSingleObject + 8 00000000772abe78 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 00000000772abe90 6 bytes JMP 0000000174c5d910 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile + 8 00000000772abe98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ba1e8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 8 00000000772abea8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b1b88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000772abeb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletion + 8 00000000772abec8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseSemaphore + 8 00000000772abed8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 8 00000000772abee8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyPort + 8 00000000772abef8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f1438} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772abf08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetEvent + 8 00000000772abf18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf418} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000772abf28 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9dea08} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 8 00000000772abf38 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bee18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationFile + 8 00000000772abf48 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9db028} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000772abf58 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9daba8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey + 8 00000000772abf68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtFindAtom + 8 00000000772abf78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultLocale + 8 00000000772abf88 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9db448} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryKey + 8 00000000772abf98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da868} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey + 8 00000000772abfa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 8 00000000772abfb8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9e1fc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess + 8 00000000772abfc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects32 + 8 00000000772abfd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFileGather + 8 00000000772abfe8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9e1f78} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000772abff8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9ee8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000772ac008 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 8 00000000772ac018 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf6f8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 8 00000000772ac028 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseMutant + 8 00000000772ac038 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec0c8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 00000000772ac048 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cfcd8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 8 00000000772ac058 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9deb38} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVirtualMemory + 8 00000000772ac068 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000772ac078 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 8 00000000772ac088 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec948} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000772ac098 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf8f8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000772ac0a8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm 00000000772ac0c0 6 bytes [51, 48, B8, 60, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm + 8 00000000772ac0c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772ac0d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 8 00000000772ac0e8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority 00000000772ac100 6 bytes [51, 48, B8, A0, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority + 8 00000000772ac108 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReadFileScatter + 8 00000000772ac118 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000772ac128 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000772ac138 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPerformanceCounter + 8 00000000772ac148 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da228} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey + 8 00000000772ac158 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf448} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000772ac168 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDelayExecution + 8 00000000772ac178 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ba0d8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 8 00000000772ac188 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2868} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformation + 8 00000000772ac198 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d25b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000772ac1a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimer + 8 00000000772ac1b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bc838} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 8 00000000772ac1c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000772ac1d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCloseObjectAuditAlarm + 8 00000000772ac1e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec8b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000772ac1f8 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 2 00000000772ac202 4 bytes {JMP 0xfffffffffd9bbb90} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772ac208 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtClearEvent + 8 00000000772ac218 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 8 00000000772ac228 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1b08} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000772ac238 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ebfb8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 00000000772ac248 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateToken + 8 00000000772ac258 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage 00000000772ac270 6 bytes [51, 48, B8, 10, 16, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage + 8 00000000772ac278 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000772ac288 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom 00000000772ac2a0 6 bytes [51, 48, B8, 40, 16, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom + 8 00000000772ac2a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d18b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000772ac2b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bcbc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVolumeInformationFile + 8 00000000772ac2c8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d2238} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000772ac2d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtFlushBuffersFile + 8 00000000772ac2e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtApphelpCacheControl + 8 00000000772ac2f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000772ac308 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000772ac318 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtIsProcessInJob + 8 00000000772ac328 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 00000000772ac338 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySection + 8 00000000772ac348 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread + 8 00000000772ac358 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData 00000000772ac370 6 bytes [51, 48, B8, 10, 17, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData + 8 00000000772ac378 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf278} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772ac388 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEvent + 8 00000000772ac398 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteRequestData + 8 00000000772ac3a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000772ac3b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeAndAuditAlarm + 8 00000000772ac3c8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects 00000000772ac3e0 6 bytes [51, 48, B8, 80, 17, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects + 8 00000000772ac3e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationObject + 8 00000000772ac3f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFile + 8 00000000772ac408 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2318} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTraceEvent + 8 00000000772ac418 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtPowerInformation + 8 00000000772ac428 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d88e8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000772ac438 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCancelTimer + 8 00000000772ac448 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimer + 8 00000000772ac458 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAcceptConnectPort + 8 00000000772ac468 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheck + 8 00000000772ac478 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType + 8 00000000772ac488 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultList + 8 00000000772ac498 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarm + 8 00000000772ac4a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarmByHandle + 8 00000000772ac4b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 8 00000000772ac4c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAddDriverEntry + 8 00000000772ac4d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustGroupsToken + 8 00000000772ac4e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlertResumeThread + 8 00000000772ac4f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlertThread + 8 00000000772ac508 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateLocallyUniqueId + 8 00000000772ac518 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateReserveObject + 8 00000000772ac528 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateUserPhysicalPages + 8 00000000772ac538 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateUuids + 8 00000000772ac548 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 00000000772ac558 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCancelMessage + 8 00000000772ac568 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0de8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 00000000772ac578 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0c68} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 00000000772ac588 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePortSection + 8 00000000772ac598 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateResourceReserve + 8 00000000772ac5a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateSectionView + 8 00000000772ac5b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateSecurityContext + 8 00000000772ac5c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeletePortSection + 8 00000000772ac5d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteResourceReserve + 8 00000000772ac5e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteSectionView + 8 00000000772ac5f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteSecurityContext + 8 00000000772ac608 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDisconnectPort + 8 00000000772ac618 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf118} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort + 8 00000000772ac628 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcOpenSenderProcess + 8 00000000772ac638 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcOpenSenderThread + 8 00000000772ac648 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cedb8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcQueryInformation + 8 00000000772ac658 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cedd8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcQueryInformationMessage + 8 00000000772ac668 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcRevokeSecurityContext + 8 00000000772ac678 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf878} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 00000000772ac688 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSetInformation + 8 00000000772ac698 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAreMappedFilesTheSame + 8 00000000772ac6a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2448} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 8 00000000772ac6b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFileEx + 8 00000000772ac6c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCancelSynchronousIoFile + 8 00000000772ac6d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCommitComplete + 8 00000000772ac6e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCommitEnlistment + 8 00000000772ac6f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCommitTransaction + 8 00000000772ac708 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCompactKeys + 8 00000000772ac718 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCompareTokens + 8 00000000772ac728 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCompleteConnectPort + 8 00000000772ac738 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCompressKey + 8 00000000772ac748 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0538} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 00000000772ac758 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateDebugObject + 8 00000000772ac768 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateDirectoryObject + 8 00000000772ac778 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEnlistment + 8 00000000772ac788 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 8 00000000772ac798 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000772ac7a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2078} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateJobObject + 8 00000000772ac7b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateJobSet + 8 00000000772ac7c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyTransacted + 8 00000000772ac7d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000772ac7e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b9388} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMailslotFile + 8 00000000772ac7f8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d16a8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000772ac808 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b9528} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000772ac818 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePagingFile + 8 00000000772ac828 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000772ac832 4 bytes {JMP 0xfffffffffd9d0290} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 8 00000000772ac838 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePrivateNamespace + 8 00000000772ac848 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000772ac858 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProfile + 8 00000000772ac868 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProfileEx + 8 00000000772ac878 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateResourceManager + 8 00000000772ac888 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1938} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000772ac898 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 8 00000000772ac8a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000772ac8b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000772ac8c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateToken + 8 00000000772ac8d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTransaction + 8 00000000772ac8e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTransactionManager + 8 00000000772ac8f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 8 00000000772ac908 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWaitablePort + 8 00000000772ac918 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWorkerFactory + 8 00000000772ac928 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 8 00000000772ac938 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugContinue + 8 00000000772ac948 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteAtom + 8 00000000772ac958 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 8 00000000772ac968 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteDriverEntry + 8 00000000772ac978 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bef58} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000772ac988 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9daa68} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey + 8 00000000772ac998 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteObjectAuditAlarm + 8 00000000772ac9a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDeletePrivateNamespace + 8 00000000772ac9b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da8b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey + 8 00000000772ac9c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDisableLastKnownGood + 8 00000000772ac9d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDisplayString + 8 00000000772ac9e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDrawText + 8 00000000772ac9f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtEnableLastKnownGood + 8 00000000772aca08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateBootEntries + 8 00000000772aca18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateDriverEntries + 8 00000000772aca28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateSystemEnvironmentValuesEx + 8 00000000772aca38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateTransactionObject + 8 00000000772aca48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtExtendSection + 8 00000000772aca58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtFilterToken + 8 00000000772aca68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtFlushInstallUILanguage + 8 00000000772aca78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtFlushInstructionCache + 8 00000000772aca88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtFlushKey + 8 00000000772aca98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtFlushProcessWriteBuffers + 8 00000000772acaa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtFlushVirtualMemory + 8 00000000772acab8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtFlushWriteBuffer + 8 00000000772acac8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtFreeUserPhysicalPages + 8 00000000772acad8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtFreezeRegistry + 8 00000000772acae8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtFreezeTransactions + 8 00000000772acaf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 8 00000000772acb08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtGetCurrentProcessorNumber + 8 00000000772acb18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtGetDevicePowerState + 8 00000000772acb28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtGetMUIRegistryInfo + 8 00000000772acb38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 8 00000000772acb48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 8 00000000772acb58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtGetNlsSectionPtr + 8 00000000772acb68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtGetNotificationResourceManager + 8 00000000772acb78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtGetPlugPlayEvent + 8 00000000772acb88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtGetWriteWatch + 8 00000000772acb98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cebc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateAnonymousToken + 8 00000000772acba8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cebf8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateThread + 8 00000000772acbb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtInitializeNlsFiles + 8 00000000772acbc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtInitializeRegistry + 8 00000000772acbd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtInitiatePowerAction + 8 00000000772acbe8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtIsSystemResumeAutomatic + 8 00000000772acbf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtIsUILanguageComitted + 8 00000000772acc08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtListenPort + 8 00000000772acc18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9dbc78} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000772acc28 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d76a8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKey + 8 00000000772acc38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKey2 + 8 00000000772acc48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKeyEx + 8 00000000772acc58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtLockFile + 8 00000000772acc68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtLockProductActivationKeys + 8 00000000772acc78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtLockRegistryKey + 8 00000000772acc88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtLockVirtualMemory + 8 00000000772acc98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtMakePermanentObject + 8 00000000772acca8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject + 8 00000000772accb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtMapCMFModule + 8 00000000772accc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPages + 8 00000000772accd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 8 00000000772acce8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyDriverEntry + 8 00000000772accf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeDirectoryFile + 8 00000000772acd08 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d81b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 8 00000000772acd18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d7088} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 8 00000000772acd28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeSession + 8 00000000772acd38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEnlistment + 8 00000000772acd48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair + 8 00000000772acd58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000772acd68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenJobObject + 8 00000000772acd78 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9138} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000772acd88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyTransacted + 8 00000000772acd98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyTransactedEx + 8 00000000772acda8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000772acdb8 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 2 00000000772acdc2 4 bytes {JMP 0xfffffffffd9d1290} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000772acdc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenObjectAuditAlarm + 8 00000000772acdd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenPrivateNamespace + 8 00000000772acde8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772acdf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenResourceManager + 8 00000000772ace08 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1588} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000772ace18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSession + 8 00000000772ace28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000772ace38 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eb038} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000772ace48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000772ace58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTransaction + 8 00000000772ace68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTransactionManager + 8 00000000772ace78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtPlugPlayControl + 8 00000000772ace88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtPrePrepareComplete + 8 00000000772ace98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtPrePrepareEnlistment + 8 00000000772acea8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtPrepareComplete + 8 00000000772aceb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtPrepareEnlistment + 8 00000000772acec8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegeCheck + 8 00000000772aced8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegeObjectAuditAlarm + 8 00000000772acee8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegedServiceAuditAlarm + 8 00000000772acef8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtPropagationComplete + 8 00000000772acf08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtPropagationFailed + 8 00000000772acf18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtPulseEvent + 8 00000000772acf28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryBootEntryOrder + 8 00000000772acf38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryBootOptions + 8 00000000772acf48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDebugFilterState + 8 00000000772acf58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryObject + 8 00000000772acf68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDriverEntryOrder + 8 00000000772acf78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEaFile + 8 00000000772acf88 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bae58} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000772acf98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationAtom + 8 00000000772acfa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationEnlistment + 8 00000000772acfb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationJobObject + 8 00000000772acfc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationPort + 8 00000000772acfd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationResourceManager + 8 00000000772acfe8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationTransaction + 8 00000000772acff8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationTransactionManager + 8 00000000772ad008 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationWorkerFactory + 8 00000000772ad018 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInstallUILanguage + 8 00000000772ad028 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryIntervalProfile + 8 00000000772ad038 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryIoCompletion + 8 00000000772ad048 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryLicenseValue + 8 00000000772ad058 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9c88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey + 8 00000000772ad068 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMutant + 8 00000000772ad078 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryOpenSubKeys + 8 00000000772ad088 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryOpenSubKeysEx + 8 00000000772ad098 12 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPortInformationProcess + 5 00000000772ad0a5 1 byte [03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPortInformationProcess + 8 00000000772ad0a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryQuotaInformationFile + 8 00000000772ad0b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityAttributesToken + 8 00000000772ad0c8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eae18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityObject + 8 00000000772ad0d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySemaphore + 8 00000000772ad0e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySymbolicLinkObject + 8 00000000772ad0f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemEnvironmentValue + 8 00000000772ad108 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemEnvironmentValueEx + 8 00000000772ad118 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformationEx + 8 00000000772ad128 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimerResolution + 8 00000000772ad138 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 8 00000000772ad148 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000772ad160 6 bytes [51, 48, B8, 00, 25, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000772ad168 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReadOnlyEnlistment + 8 00000000772ad178 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverEnlistment + 8 00000000772ad188 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverResourceManager + 8 00000000772ad198 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverTransactionManager + 8 00000000772ad1a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtRegisterProtocolAddressInformation + 8 00000000772ad1b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtRegisterThreadTerminatePort + 8 00000000772ad1c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseKeyedEvent + 8 00000000772ad1d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseWorkerFactoryWorker + 8 00000000772ad1e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletionEx + 8 00000000772ad1f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveProcessDebug + 8 00000000772ad208 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d7088} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey + 8 00000000772ad218 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtRenameTransactionManager + 8 00000000772ad228 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReplaceKey + 8 00000000772ad238 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReplacePartitionUnit + 8 00000000772ad248 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReplyPort + 8 00000000772ad258 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtRequestPort + 8 00000000772ad268 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtResetEvent + 8 00000000772ad278 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtResetWriteWatch + 8 00000000772ad288 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtRestoreKey + 8 00000000772ad298 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess + 8 00000000772ad2a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackComplete + 8 00000000772ad2b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackEnlistment + 8 00000000772ad2c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackTransaction + 8 00000000772ad2d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtRollforwardTransactionManager + 8 00000000772ad2e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f0068} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSaveKey + 8 00000000772ad2f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSaveKeyEx + 8 00000000772ad308 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSaveMergedKeys + 8 00000000772ad318 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cfba8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 00000000772ad328 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSerializeBoot + 8 00000000772ad338 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 8 00000000772ad348 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 8 00000000772ad358 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000772ad368 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetDebugFilterState + 8 00000000772ad378 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultHardErrorPort + 8 00000000772ad388 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultLocale + 8 00000000772ad398 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultUILanguage + 8 00000000772ad3a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetDriverEntryOrder + 8 00000000772ad3b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetEaFile + 8 00000000772ad3c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetHighEventPair + 8 00000000772ad3d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetHighWaitLowEventPair + 8 00000000772ad3e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationDebugObject + 8 00000000772ad3f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationEnlistment + 8 00000000772ad408 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f1728} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationJobObject + 8 00000000772ad418 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationKey + 8 00000000772ad428 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationResourceManager + 8 00000000772ad438 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ead88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationToken + 8 00000000772ad448 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationTransaction + 8 00000000772ad458 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationTransactionManager + 8 00000000772ad468 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationWorkerFactory + 8 00000000772ad478 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetIntervalProfile + 8 00000000772ad488 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetIoCompletion + 8 00000000772ad498 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetIoCompletionEx + 8 00000000772ad4a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetLdtEntries + 8 00000000772ad4b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetLowEventPair + 8 00000000772ad4c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetLowWaitHighEventPair + 8 00000000772ad4d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetQuotaInformationFile + 8 00000000772ad4e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eab18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 8 00000000772ad4f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemEnvironmentValue + 8 00000000772ad508 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemEnvironmentValueEx + 8 00000000772ad518 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000772ad528 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 8 00000000772ad538 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemTime + 8 00000000772ad548 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetThreadExecutionState + 8 00000000772ad558 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimerEx + 8 00000000772ad568 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimerResolution + 8 00000000772ad578 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetUuidSeed + 8 00000000772ad588 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetVolumeInformationFile + 8 00000000772ad598 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem + 8 00000000772ad5a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownWorkerFactory + 8 00000000772ad5b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSignalAndWaitForSingleObject + 8 00000000772ad5c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSinglePhaseReject + 8 00000000772ad5d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtStartProfile + 8 00000000772ad5e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtStopProfile + 8 00000000772ad5f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 00000000772ad608 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 00000000772ad618 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000772ad628 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTestAlert 00000000772ad640 6 bytes [51, 48, B8, E0, 29, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTestAlert + 8 00000000772ad648 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtThawRegistry + 8 00000000772ad658 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtThawTransactions + 8 00000000772ad668 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTraceControl + 8 00000000772ad678 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTranslateFilePath + 8 00000000772ad688 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtUmsThreadYield + 8 00000000772ad698 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadDriver + 8 00000000772ad6a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey + 8 00000000772ad6b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey2 + 8 00000000772ad6c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKeyEx + 8 00000000772ad6d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtUnlockFile + 8 00000000772ad6e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtUnlockVirtualMemory + 8 00000000772ad6f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000772ad708 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForDebugEvent + 8 00000000772ad718 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForKeyedEvent + 8 00000000772ad728 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForWorkViaWorkerFactory + 8 00000000772ad738 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtWaitHighEventPair + 8 00000000772ad748 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 8 00000000772ad758 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtWorkerFactoryWorkerReady + 8 00000000772ad768 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!RtlGetFullPathName_UEx 00000000772b0cd0 5 bytes JMP 0000000174c671d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\kernel32.dll!CreateActCtxW 000000007705a180 5 bytes JMP 0000000174c9da80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007705dae0 5 bytes JMP 0000000174c8e480 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\kernel32.dll!SetLocaleInfoA 00000000770af430 5 bytes JMP 0000000174c9e700 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\kernel32.dll!AllocConsole 00000000770c5c60 5 bytes JMP 0000000174c72120 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000770cf690 5 bytes JMP 0000000174c5e7e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\kernel32.dll!ReplaceFile 00000000770d4390 5 bytes JMP 0000000174c6b4e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\kernel32.dll!WinExec 00000000770db4b0 5 bytes JMP 0000000174c8d4e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\KERNELBASE.dll!GetFinalPathNameByHandleW 000007fefd189100 6 bytes {JMP QWORD [RIP-0x200690fe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd1b0250 6 bytes {JMP QWORD [RIP-0x20090256]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesW 000007fefeae1460 6 bytes {JMP QWORD [RIP-0x219c13b6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!CloseEventLog + 1 000007fefeae9271 5 bytes {JMP QWORD [RIP-0x219c923e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!QueryServiceStatusEx 000007fefeae9474 6 bytes {JMP QWORD [RIP-0x219c943a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!RegConnectRegistryW 000007fefeaeab20 6 bytes {JMP QWORD [RIP-0x219ca9b6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!SetSecurityInfo 000007fefeaeb210 6 bytes {JMP QWORD [RIP-0x219cb096]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!GetSecurityInfo 000007fefeaedad0 6 bytes {JMP QWORD [RIP-0x219cd94e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExW 000007fefeaeeb20 6 bytes {JMP QWORD [RIP-0x219ceab6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!ReportEventW 000007fefeaf0050 6 bytes {JMP QWORD [RIP-0x219d0026]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!LookupAccountNameW 000007fefeaf0b24 6 bytes {JMP QWORD [RIP-0x219d09ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!RegisterEventSourceW + 1 000007fefeaf6031 5 bytes {JMP QWORD [RIP-0x219d601e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!DeregisterEventSource 000007fefeafa5a0 6 bytes {JMP QWORD [RIP-0x219da586]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb05548 6 bytes {JMP QWORD [RIP-0x219e5476]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameW 000007fefeb056a0 6 bytes {JMP QWORD [RIP-0x219e5616]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameW 000007fefeb05770 6 bytes {JMP QWORD [RIP-0x219e56d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!RegisterEventSourceA + 1 000007fefeb07461 5 bytes {JMP QWORD [RIP-0x219e7456]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!QueryServiceObjectSecurity 000007fefeb1b2dc 6 bytes {JMP QWORD [RIP-0x219fb22a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!QueryServiceConfig2W 000007fefeb1b310 6 bytes {JMP QWORD [RIP-0x219fb2c6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!QueryServiceConfig2A 000007fefeb1b330 6 bytes {JMP QWORD [RIP-0x219fb2ee]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefeb1b77c 6 bytes {JMP QWORD [RIP-0x219fb6b2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!CreateRestrictedToken 000007fefeb1b7fc 6 bytes {JMP QWORD [RIP-0x219fb68a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefeb1b8f0 6 bytes {JMP QWORD [RIP-0x219fb80e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefeb1b95c 6 bytes {JMP QWORD [RIP-0x219fb882]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!CredRenameA 000007fefeb22d50 6 bytes {JMP QWORD [RIP-0x21a02c1e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!GetEffectiveRightsFromAclW 000007fefeb25b00 6 bytes {JMP QWORD [RIP-0x21a05976]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesA 000007fefeb2d170 6 bytes {JMP QWORD [RIP-0x21a0d0ce]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExA 000007fefeb2d2e0 6 bytes {JMP QWORD [RIP-0x21a0d27e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusA 000007fefeb2d4e0 6 bytes {JMP QWORD [RIP-0x21a0d48e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusW 000007fefeb2d8e0 6 bytes {JMP QWORD [RIP-0x21a0d886]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!UnlockServiceDatabase 000007fefeb2d930 6 bytes {JMP QWORD [RIP-0x21a0d86e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!QueryServiceLockStatusW 000007fefeb2d9a0 6 bytes {JMP QWORD [RIP-0x21a0d926]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!QueryServiceLockStatusA 000007fefeb2dab0 6 bytes {JMP QWORD [RIP-0x21a0da3e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!LockServiceDatabase 000007fefeb2dbc0 6 bytes {JMP QWORD [RIP-0x21a0db06]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameA 000007fefeb2dc40 6 bytes {JMP QWORD [RIP-0x21a0dbbe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameA 000007fefeb2dcd0 6 bytes {JMP QWORD [RIP-0x21a0dc3e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!CredDeleteW 000007fefeb40910 6 bytes {JMP QWORD [RIP-0x21a207ce]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!CredDeleteA 000007fefeb409d0 6 bytes {JMP QWORD [RIP-0x21a20896]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!ReportEventA 000007fefeb41cc0 6 bytes {JMP QWORD [RIP-0x21a21c9e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!RegConnectRegistryA 000007fefeb4c860 6 bytes {JMP QWORD [RIP-0x21a2c6fe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!CredReadDomainCredentialsW 000007fefeb4d820 6 bytes {JMP QWORD [RIP-0x21a2d6f6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!CredReadDomainCredentialsA 000007fefeb4d950 6 bytes {JMP QWORD [RIP-0x21a2d82e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!CredWriteDomainCredentialsW 000007fefeb4da80 6 bytes {JMP QWORD [RIP-0x21a2d966]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!CredWriteDomainCredentialsA 000007fefeb4db60 6 bytes {JMP QWORD [RIP-0x21a2da4e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!CredEnumerateW 000007fefeb4dc60 6 bytes {JMP QWORD [RIP-0x21a2db0e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!CredEnumerateA 000007fefeb4dd90 6 bytes {JMP QWORD [RIP-0x21a2dc46]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!CredReadW 000007fefeb4dec0 6 bytes {JMP QWORD [RIP-0x21a2ddb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!CredReadA 000007fefeb4dfd0 6 bytes {JMP QWORD [RIP-0x21a2dece]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!CredWriteW 000007fefeb4e0e0 6 bytes {JMP QWORD [RIP-0x21a2dfe6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!CredWriteA 000007fefeb4e190 6 bytes {JMP QWORD [RIP-0x21a2e09e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithTokenW 000007fefeb50c80 6 bytes {JMP QWORD [RIP-0x21a30b96]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefebc642c 5 bytes JMP 000007fffeb055e8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefebc6484 5 bytes JMP 000007fffeaee870 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefebc6518 5 bytes JMP 000007fffeafae24 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerW 000007fefebc659c 5 bytes JMP 000007fffeaee858 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatus 000007fefebc6730 5 bytes JMP 000007fffeaf61ac .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatusEx 000007fefebc6784 5 bytes JMP 000007fffeae9474 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!StartServiceW 000007fefebc6824 5 bytes JMP 000007fffeae9460 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!SetServiceStatus 000007fefebc687c 5 bytes JMP 000007fffeae8e94 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerA 000007fefebc6aa4 5 bytes JMP 000007fffeafa380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefebc6c34 5 bytes JMP 000007fffeafa36c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!StartServiceA 000007fefebc6d00 5 bytes JMP 000007fffeb1b240 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!QueryServiceObjectSecurity 000007fefebc6d58 5 bytes JMP 000007fffeb1b2dc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefebc6e00 5 bytes JMP 000007fffeb1b24c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefebc6f2c 5 bytes JMP 000007fffeb1b95c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefebc7220 5 bytes JMP 000007fffeb1b8f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefebc739c 5 bytes JMP 000007fffeb1b9d4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefebc7538 5 bytes JMP 000007fffeb1b9c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefebc75e8 5 bytes JMP 000007fffeb1b77c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefebc790c 5 bytes JMP 000007fffeb05548 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefebc7ab4 5 bytes JMP 000007fffeb055d4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigA 000007fefebc7b04 5 bytes JMP 000007fffeb1b2fc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigW 000007fefebc7c34 5 bytes JMP 000007fffeaeecac .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2A 000007fefebc7d78 5 bytes JMP 000007fffeb1b330 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2W 000007fefebc8244 5 bytes JMP 000007fffeb1b310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherA 000007fefebc99e4 5 bytes JMP 000007fffeb1b234 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherW 000007fefebc9ac8 5 bytes JMP 000007fffeae6e4c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerW 000007fefebca51c 5 bytes JMP 000007fffeae2c1c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerA 000007fefebca530 5 bytes JMP 000007fffeb1b2d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExW 000007fefebca5b0 5 bytes JMP 000007fffeae8e60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExA 000007fefebca5c4 5 bytes JMP 000007fffeb1b2c4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChange 000007fefebcbb28 5 bytes JMP 000007fffeaeda10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChangeA 000007fefebcbb3c 5 bytes JMP 000007fffeb07440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!CreateWindowStationW 00000000771614c0 5 bytes JMP 0000000174c745b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!DdeInitializeW 0000000077164b74 5 bytes JMP 0000000174c72f40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077165350 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!OpenInputDesktop 0000000077166f00 5 bytes JMP 0000000174c75e00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!RegisterDeviceNotificationA 0000000077166fe4 5 bytes JMP 0000000174c6dd50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!UnregisterDeviceNotification 00000000771673b8 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetClassInfoA 0000000077167490 5 bytes JMP 0000000174c717c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetClassInfoExA 00000000771674c8 5 bytes JMP 0000000174c71680 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!EnumDesktopWindows 0000000077167d9c 5 bytes JMP 0000000174c74560 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!ActivateKeyboardLayout 00000000771683c0 5 bytes JMP 0000000174c6dad0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SetParent 0000000077168530 5 bytes JMP 0000000174c75990 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077169bcc 5 bytes JMP 0000000174c78b20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!UnregisterClassA 0000000077169e70 5 bytes JMP 0000000174c71560 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!RegisterClassA 0000000077169f68 5 bytes JMP 0000000174c713e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!CreateWindowExA 000000007716a2e0 5 bytes JMP 0000000174c6d510 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!PostMessageA 000000007716a404 5 bytes JMP 0000000174c77de0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!MoveWindow 000000007716aad0 5 bytes JMP 0000000174c6db40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007716b500 5 bytes JMP 0000000174c78f10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!UpdateLayeredWindowIndirect + 368 000000007716b830 5 bytes JMP 0000000174c6da30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SetCursor 000000007716c930 5 bytes JMP 0000000174c75b10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!ScreenToClient 000000007716ca58 5 bytes JMP 0000000174c6e9d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!EnumThreadWindows 000000007716ce5c 5 bytes JMP 0000000174c74500 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!IsWindowEnabled 000000007716d15c 5 bytes JMP 0000000174c6e820 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!AttachThreadInput 000000007716d240 5 bytes JMP 0000000174c6ecc0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!FindWindowW 000000007716d264 5 bytes JMP 0000000174c749b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007716d2b0 5 bytes JMP 0000000174c779e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SendMessageA 000000007716d338 5 bytes JMP 0000000174c77aa0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000000007716d440 5 bytes JMP 0000000174c75440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!UnregisterClassW 000000007716d464 5 bytes JMP 0000000174c714e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SetForegroundWindow 000000007716d540 5 bytes JMP 0000000174c75c50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SetThreadDesktop 000000007716d6d0 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetWindowTextW 000000007716d7a4 5 bytes JMP 0000000174c79bd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!OpenDesktopW 000000007716d870 5 bytes JMP 0000000174c74590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!EnumDesktopsW 000000007716d964 5 bytes JMP 0000000174c74570 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007716dc40 5 bytes JMP 0000000174c77db0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007716f874 5 bytes JMP 0000000174c757f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetUserObjectInformationW 000000007716f9c0 5 bytes JMP 0000000174c75e30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007716fac0 5 bytes JMP 0000000174c77ca0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000077170810 5 bytes JMP 0000000174c6d2c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!RegisterClassW 00000000771708c0 5 bytes JMP 0000000174c712e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077170b74 5 bytes JMP 0000000174c77a40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!RegisterClassExW 0000000077170e9c 5 bytes JMP 0000000174c710e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetClassInfoExW 0000000077171550 5 bytes JMP 0000000174c715e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetClassInfoW 00000000771716d0 5 bytes JMP 0000000174c71720 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!ClientToScreen 00000000771732b8 5 bytes JMP 0000000174c6e940 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SetWindowLongW 00000000771733b0 5 bytes JMP 0000000174c78ad0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetWindowLongPtrA 00000000771737c0 5 bytes JMP 0000000174c78c40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SetWindowPos 0000000077173c50 5 bytes JMP 0000000174c6e4a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetWindow 0000000077174bf4 5 bytes JMP 0000000174c75930 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!EnumChildWindows 0000000077174ce0 5 bytes JMP 0000000174c74490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetIconInfo 0000000077174eec 5 bytes JMP 0000000174c75b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetClassNameW 0000000077174f28 5 bytes JMP 0000000174c71860 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetClassLongPtrW 00000000771752a4 5 bytes JMP 0000000174c78cf0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!IsWindowUnicode 0000000077175360 5 bytes JMP 0000000174c6e840 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetWindowLongA 0000000077175408 5 bytes JMP 0000000174c78a90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetShellWindow 00000000771754a0 5 bytes JMP 0000000174c74df0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!EnumWindows 0000000077175e28 5 bytes JMP 0000000174c74480 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!MonitorFromWindow 0000000077175f08 5 bytes JMP 0000000174c75ce0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!DispatchMessageA 0000000077176274 5 bytes JMP 0000000174c77170 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetClassLongW 0000000077176458 5 bytes JMP 0000000174c78b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SendMessageW 0000000077176b50 5 bytes JMP 0000000174c77b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetClientRect 0000000077176bc8 5 bytes JMP 0000000174c6ea60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetWindowRect 0000000077176c0c 5 bytes JMP 0000000174c6eb30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!MapWindowPoints 0000000077176cd4 5 bytes JMP 0000000174c6e870 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SetPropW 0000000077176f50 5 bytes JMP 0000000174c78670 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!RemovePropW 0000000077176fd0 5 bytes JMP 0000000174c78750 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771776c0 5 bytes JMP 0000000174c78e40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!PostMessageW 00000000771776e4 5 bytes JMP 0000000174c77e80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!IsWindow 0000000077177928 5 bytes JMP 0000000174c6e810 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SetScrollInfo + 380 0000000077177ec0 5 bytes JMP 0000000174c74310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetWindowLongW 0000000077177f20 5 bytes JMP 0000000174c78a50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetPropW 0000000077178878 5 bytes JMP 0000000174c784d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetParent 00000000771789e4 5 bytes JMP 0000000174c75950 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetWindowInfo 0000000077178b08 5 bytes JMP 0000000174c6ec00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!IsIconic 0000000077178c5c 5 bytes JMP 0000000174c6e850 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!IsZoomed 0000000077178c8c 5 bytes JMP 0000000174c6e860 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!IsWindowVisible 0000000077178d24 5 bytes JMP 0000000174c6e830 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetWindowLongPtrW 00000000771796c0 5 bytes JMP 0000000174c78b90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!DispatchMessageW 000000007717991c 5 bytes JMP 0000000174c771a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!AnimateWindow 000000007717bff0 5 bytes JMP 0000000174c6dda0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamW 000000007717ce40 5 bytes JMP 0000000174c73f50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!DialogBoxParamW 000000007717d410 5 bytes JMP 0000000174c74090 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetClipboardData 000000007717e874 5 bytes JMP 0000000174c766c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetPropA 000000007717f4cc 5 bytes JMP 0000000174c785a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771828e4 5 bytes JMP 0000000174c77d80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!WaitForInputIdle 0000000077183fa0 5 bytes JMP 0000000174c6de30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW 0000000077184efc 5 bytes JMP 0000000174c73ec0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamW 0000000077184f70 5 bytes JMP 0000000174c73f90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!CloseClipboard 0000000077185a50 5 bytes JMP 0000000174c75f00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!OpenClipboard 0000000077185a70 5 bytes JMP 0000000174c75eb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW 0000000077187468 5 bytes JMP 0000000174c73e20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!CreateDialogParamW 000000007718751c 5 bytes JMP 0000000174c73fd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!FindWindowA 0000000077188270 5 bytes JMP 0000000174c74ab0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077188be0 5 bytes JMP 0000000174c77c60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077188c20 5 bytes JMP 0000000174c75770 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SendInput 0000000077188cd0 5 bytes JMP 0000000174c75d80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!FindWindowExW 0000000077188d20 5 bytes JMP 0000000174c74bb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!BlockInput 000000007718ad60 5 bytes JMP 0000000174c75d70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!ClipCursor 000000007718adb0 5 bytes JMP 0000000174c75a00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!UserHandleGrantAccess 000000007718b400 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!EnumDesktopsA 000000007719ffa0 5 bytes JMP 0000000174c74580 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!CreateWindowStationA 00000000771a14c4 5 bytes JMP 0000000174c745d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!OpenDesktopA 00000000771a1724 5 bytes JMP 0000000174c74590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SetCursorPos 00000000771a1f58 5 bytes JMP 0000000174c75be0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SetDoubleClickTime 00000000771a1f70 5 bytes JMP 0000000174c9e700 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SwapMouseButton 00000000771a1fa4 5 bytes JMP 0000000174c9e700 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamA 00000000771a2be4 5 bytes JMP 0000000174c73fb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamA 00000000771a2c0c 5 bytes JMP 0000000174c73f70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!DialogBoxParamA 00000000771a2c34 5 bytes JMP 0000000174c740f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!CreateDialogParamA 00000000771a2cf8 5 bytes JMP 0000000174c74030 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!ExitWindowsEx 00000000771b14e0 5 bytes JMP 0000000174c6db00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!EndTask 00000000771b1604 5 bytes JMP 0000000174c6dca0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!DdeInitializeA 00000000771b24a8 5 bytes JMP 0000000174c72f80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!MessageBoxW 00000000771d1314 5 bytes JMP 0000000174c6dbb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!MessageBoxExW 00000000771d1394 5 bytes JMP 0000000174c6dc20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetClassNameA 00000000771db394 5 bytes JMP 0000000174c719b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetClassLongPtrA 00000000771dcb6c 5 bytes JMP 0000000174c78d00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetClassLongA 00000000771dcbac 5 bytes JMP 0000000174c78b80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!GetWindowTextA 00000000771dccd0 5 bytes JMP 0000000174c79c00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!RegisterClassExA 00000000771dd670 5 bytes JMP 0000000174c711e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!FindWindowExA 00000000771ddae0 5 bytes JMP 0000000174c74cd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!RemovePropA 00000000771dde90 5 bytes JMP 0000000174c787b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\USER32.dll!SetPropA 00000000771ddf94 5 bytes JMP 0000000174c786e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\GDI32.dll!EnumFontFamiliesExW 000007fefea28724 6 bytes {JMP QWORD [RIP-0x2190854a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\GDI32.dll!GdiAddFontResourceW 000007fefea2a074 6 bytes {JMP QWORD [RIP-0x21909ec2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\GDI32.dll!GdiDllInitialize 000007fefea2ae78 6 bytes {JMP QWORD [RIP-0x2190acce]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\GDI32.dll!RemoveFontResourceExW 000007fefea34784 6 bytes {JMP QWORD [RIP-0x219145ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\GDI32.dll!GetFontResourceInfoW + 1 000007fefea34845 5 bytes {JMP QWORD [RIP-0x21914682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\GDI32.dll!EnumFontFamiliesExA 000007fefea491f0 6 bytes {JMP QWORD [RIP-0x2192901e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\GDI32.dll!CreateScalableFontResourceW + 1 000007fefea49f4d 5 bytes {JMP QWORD [RIP-0x21929d82]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\WTSAPI32.dll!WTSEnumerateSessionsW 000007fefaed1430 6 bytes {JMP QWORD [RIP-0x1ddb1246]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\WTSAPI32.dll!WTSQueryUserToken 000007fefaed18f0 6 bytes {JMP QWORD [RIP-0x1ddb170e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\WTSAPI32.dll!WTSRegisterSessionNotification 000007fefaed1d00 6 bytes {JMP QWORD [RIP-0x1ddb1b06]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\WTSAPI32.dll!WTSUnRegisterSessionNotification + 1 000007fefaed1e31 5 bytes {JMP QWORD [RIP-0x1ddb1c26]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\WTSAPI32.dll!WTSRegisterSessionNotificationEx 000007fefaed5030 6 bytes {JMP QWORD [RIP-0x1ddb4e2e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\WTSAPI32.dll!WTSUnRegisterSessionNotificationEx 000007fefaed50b4 6 bytes {JMP QWORD [RIP-0x1ddb4ea2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\WTSAPI32.dll!WTSEnumerateProcessesW 000007fefaed54b0 6 bytes {JMP QWORD [RIP-0x1ddb52be]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\IMM32.DLL!ImmAssociateContext 000007fefeab1750 6 bytes {JMP QWORD [RIP-0x21991536]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1660] C:\Windows\system32\IMM32.DLL!ImmAssociateContextEx 000007fefeab8240 6 bytes {JMP QWORD [RIP-0x2199801e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772822f0 5 bytes JMP 0000000174c883b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077286290 5 bytes JMP 0000000174c882f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk 000000007728a430 5 bytes JMP 0000000100030880 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx 0000000077295140 5 bytes JMP 0000000174c8d350 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentDirectory_U 00000000772a5d20 5 bytes JMP 0000000174c66cc0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentDirectory_U 00000000772a6050 5 bytes JMP 0000000174c66f30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!LdrQueryImageFileExecutionOptions 00000000772a66e0 5 bytes JMP 0000000174c88470 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter 00000000772abe60 6 bytes [51, 48, B8, 00, 12, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter + 8 00000000772abe68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForSingleObject + 8 00000000772abe78 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 00000000772abe90 6 bytes JMP 0000000174c5d910 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile + 8 00000000772abe98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ba1e8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 8 00000000772abea8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b1b88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000772abeb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletion + 8 00000000772abec8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseSemaphore + 8 00000000772abed8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 8 00000000772abee8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyPort + 8 00000000772abef8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772abf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetEvent 00000000772abf10 6 bytes [51, 48, B8, B0, 12, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetEvent + 8 00000000772abf18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf418} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000772abf28 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9dea08} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 8 00000000772abf38 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bee18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationFile + 8 00000000772abf48 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9db028} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000772abf58 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9daba8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey + 8 00000000772abf68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtFindAtom + 8 00000000772abf78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultLocale + 8 00000000772abf88 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9db448} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryKey + 8 00000000772abf98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da868} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey + 8 00000000772abfa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 8 00000000772abfb8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9e1fc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess + 8 00000000772abfc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects32 + 8 00000000772abfd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFileGather + 8 00000000772abfe8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9e1f78} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000772abff8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9ee8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000772ac008 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 8 00000000772ac018 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf6f8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 8 00000000772ac028 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseMutant + 8 00000000772ac038 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec0c8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 00000000772ac048 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cfcd8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 8 00000000772ac058 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9deb38} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVirtualMemory + 8 00000000772ac068 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000772ac078 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000772ac080 6 bytes [51, 48, B8, 20, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 8 00000000772ac088 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000772ac098 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000772ac0a0 7 bytes [48, B8, C4, BF, 01, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000772ac0a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772ac0b0 7 bytes [48, B8, D0, BD, 01, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000772ac0b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm 00000000772ac0c0 6 bytes [51, 48, B8, 60, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm + 8 00000000772ac0c8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772ac0d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772ac0e0 6 bytes [51, 48, B8, 80, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 8 00000000772ac0e8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority 00000000772ac100 6 bytes [51, 48, B8, A0, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority + 8 00000000772ac108 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtReadFileScatter + 8 00000000772ac118 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000772ac128 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000772ac130 7 bytes [48, B8, 00, BF, 01, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000772ac138 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPerformanceCounter 00000000772ac140 6 bytes [51, 48, B8, E0, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPerformanceCounter + 8 00000000772ac148 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da228} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey + 8 00000000772ac158 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000772ac168 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDelayExecution 00000000772ac170 6 bytes [51, 48, B8, 10, 15, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDelayExecution + 8 00000000772ac178 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ba0d8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 8 00000000772ac188 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2868} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformation + 8 00000000772ac198 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d25b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000772ac1a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimer + 8 00000000772ac1b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bc838} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 8 00000000772ac1c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000772ac1d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCloseObjectAuditAlarm + 8 00000000772ac1e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec8b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000772ac1f8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772ac208 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtClearEvent 00000000772ac210 6 bytes [51, 48, B8, B0, 15, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtClearEvent + 8 00000000772ac218 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 8 00000000772ac228 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1b08} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000772ac238 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ebfb8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 00000000772ac248 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateToken + 8 00000000772ac258 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage 00000000772ac270 6 bytes [51, 48, B8, 10, 16, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage + 8 00000000772ac278 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000772ac288 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom 00000000772ac2a0 6 bytes [51, 48, B8, 40, 16, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom + 8 00000000772ac2a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d18b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000772ac2b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bcbc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVolumeInformationFile + 8 00000000772ac2c8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d2238} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000772ac2d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtFlushBuffersFile + 8 00000000772ac2e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtApphelpCacheControl + 8 00000000772ac2f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000772ac308 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000772ac318 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtIsProcessInJob + 8 00000000772ac328 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 00000000772ac338 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySection + 8 00000000772ac348 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread + 8 00000000772ac358 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData 00000000772ac370 6 bytes [51, 48, B8, 10, 17, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData + 8 00000000772ac378 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772ac388 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEvent 00000000772ac390 6 bytes [51, 48, B8, 30, 17, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEvent + 8 00000000772ac398 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteRequestData + 8 00000000772ac3a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000772ac3b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeAndAuditAlarm + 8 00000000772ac3c8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects 00000000772ac3e0 6 bytes [51, 48, B8, 80, 17, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects + 8 00000000772ac3e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationObject + 8 00000000772ac3f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFile + 8 00000000772ac408 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2318} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtTraceEvent + 8 00000000772ac418 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtPowerInformation + 8 00000000772ac428 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d88e8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000772ac438 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCancelTimer + 8 00000000772ac448 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimer + 8 00000000772ac458 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAcceptConnectPort + 8 00000000772ac468 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheck + 8 00000000772ac478 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType + 8 00000000772ac488 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultList + 8 00000000772ac498 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarm + 8 00000000772ac4a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarmByHandle + 8 00000000772ac4b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 8 00000000772ac4c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAddDriverEntry + 8 00000000772ac4d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustGroupsToken + 8 00000000772ac4e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlertResumeThread + 8 00000000772ac4f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlertThread + 8 00000000772ac508 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateLocallyUniqueId + 8 00000000772ac518 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateReserveObject + 8 00000000772ac528 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateUserPhysicalPages + 8 00000000772ac538 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateUuids + 8 00000000772ac548 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 00000000772ac558 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCancelMessage + 8 00000000772ac568 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0de8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 00000000772ac578 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0c68} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 00000000772ac588 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePortSection + 8 00000000772ac598 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateResourceReserve + 8 00000000772ac5a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateSectionView + 8 00000000772ac5b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateSecurityContext + 8 00000000772ac5c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeletePortSection + 8 00000000772ac5d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteResourceReserve + 8 00000000772ac5e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteSectionView + 8 00000000772ac5f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteSecurityContext + 8 00000000772ac608 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDisconnectPort + 8 00000000772ac618 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf118} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort + 8 00000000772ac628 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcOpenSenderProcess + 8 00000000772ac638 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcOpenSenderThread + 8 00000000772ac648 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cedb8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcQueryInformation + 8 00000000772ac658 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cedd8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcQueryInformationMessage + 8 00000000772ac668 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcRevokeSecurityContext + 8 00000000772ac678 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf878} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 00000000772ac688 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSetInformation + 8 00000000772ac698 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAreMappedFilesTheSame + 8 00000000772ac6a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2448} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 8 00000000772ac6b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFileEx + 8 00000000772ac6c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCancelSynchronousIoFile + 8 00000000772ac6d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCommitComplete + 8 00000000772ac6e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCommitEnlistment + 8 00000000772ac6f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCommitTransaction + 8 00000000772ac708 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCompactKeys + 8 00000000772ac718 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCompareTokens + 8 00000000772ac728 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCompleteConnectPort + 8 00000000772ac738 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCompressKey + 8 00000000772ac748 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0538} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 00000000772ac758 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateDebugObject + 8 00000000772ac768 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateDirectoryObject + 8 00000000772ac778 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEnlistment + 8 00000000772ac788 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 8 00000000772ac798 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000772ac7a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2078} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateJobObject + 8 00000000772ac7b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateJobSet + 8 00000000772ac7c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyTransacted + 8 00000000772ac7d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000772ac7e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b9388} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMailslotFile + 8 00000000772ac7f8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d16a8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000772ac808 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b9528} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000772ac818 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePagingFile + 8 00000000772ac828 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000772ac832 4 bytes {JMP 0xfffffffffd9d0290} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 8 00000000772ac838 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePrivateNamespace + 8 00000000772ac848 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000772ac858 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProfile + 8 00000000772ac868 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProfileEx + 8 00000000772ac878 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateResourceManager + 8 00000000772ac888 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1938} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000772ac898 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 8 00000000772ac8a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000772ac8b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000772ac8c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateToken + 8 00000000772ac8d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTransaction + 8 00000000772ac8e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTransactionManager + 8 00000000772ac8f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 8 00000000772ac908 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWaitablePort + 8 00000000772ac918 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWorkerFactory + 8 00000000772ac928 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 8 00000000772ac938 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDebugContinue + 8 00000000772ac948 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteAtom + 8 00000000772ac958 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 8 00000000772ac968 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteDriverEntry + 8 00000000772ac978 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bef58} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000772ac988 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9daa68} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey + 8 00000000772ac998 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteObjectAuditAlarm + 8 00000000772ac9a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDeletePrivateNamespace + 8 00000000772ac9b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da8b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey + 8 00000000772ac9c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDisableLastKnownGood + 8 00000000772ac9d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDisplayString + 8 00000000772ac9e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDrawText + 8 00000000772ac9f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtEnableLastKnownGood + 8 00000000772aca08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateBootEntries + 8 00000000772aca18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateDriverEntries + 8 00000000772aca28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateSystemEnvironmentValuesEx + 8 00000000772aca38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateTransactionObject + 8 00000000772aca48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtExtendSection + 8 00000000772aca58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtFilterToken + 8 00000000772aca68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtFlushInstallUILanguage + 8 00000000772aca78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtFlushInstructionCache + 8 00000000772aca88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtFlushKey + 8 00000000772aca98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtFlushProcessWriteBuffers + 8 00000000772acaa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtFlushVirtualMemory + 8 00000000772acab8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtFlushWriteBuffer + 8 00000000772acac8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtFreeUserPhysicalPages + 8 00000000772acad8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtFreezeRegistry + 8 00000000772acae8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtFreezeTransactions + 8 00000000772acaf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 8 00000000772acb08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtGetCurrentProcessorNumber + 8 00000000772acb18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtGetDevicePowerState + 8 00000000772acb28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtGetMUIRegistryInfo + 8 00000000772acb38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 8 00000000772acb48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 8 00000000772acb58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtGetNlsSectionPtr + 8 00000000772acb68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtGetNotificationResourceManager + 8 00000000772acb78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtGetPlugPlayEvent + 8 00000000772acb88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtGetWriteWatch + 8 00000000772acb98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cebc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateAnonymousToken + 8 00000000772acba8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cebf8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateThread + 8 00000000772acbb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtInitializeNlsFiles + 8 00000000772acbc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtInitializeRegistry + 8 00000000772acbd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtInitiatePowerAction + 8 00000000772acbe8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtIsSystemResumeAutomatic + 8 00000000772acbf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtIsUILanguageComitted + 8 00000000772acc08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtListenPort + 8 00000000772acc18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9dbc78} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000772acc28 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d76a8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKey + 8 00000000772acc38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKey2 + 8 00000000772acc48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKeyEx + 8 00000000772acc58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtLockFile + 8 00000000772acc68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtLockProductActivationKeys + 8 00000000772acc78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtLockRegistryKey + 8 00000000772acc88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtLockVirtualMemory + 8 00000000772acc98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtMakePermanentObject + 8 00000000772acca8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject + 8 00000000772accb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtMapCMFModule + 8 00000000772accc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPages + 8 00000000772accd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 8 00000000772acce8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtModifyDriverEntry + 8 00000000772accf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeDirectoryFile + 8 00000000772acd08 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d81b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 8 00000000772acd18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d7088} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 8 00000000772acd28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeSession + 8 00000000772acd38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEnlistment + 8 00000000772acd48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair + 8 00000000772acd58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000772acd68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenJobObject + 8 00000000772acd78 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9138} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000772acd88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyTransacted + 8 00000000772acd98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyTransactedEx + 8 00000000772acda8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000772acdb8 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 2 00000000772acdc2 4 bytes {JMP 0xfffffffffd9d1290} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000772acdc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenObjectAuditAlarm + 8 00000000772acdd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenPrivateNamespace + 8 00000000772acde8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772acdf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenResourceManager 00000000772ace00 6 bytes [51, 48, B8, A0, 21, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenResourceManager + 8 00000000772ace08 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1588} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000772ace18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSession + 8 00000000772ace28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000772ace38 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000772ace48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ace50 6 bytes [51, 48, B8, F0, 21, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000772ace58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTransaction + 8 00000000772ace68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTransactionManager + 8 00000000772ace78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtPlugPlayControl + 8 00000000772ace88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtPrePrepareComplete + 8 00000000772ace98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtPrePrepareEnlistment + 8 00000000772acea8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtPrepareComplete + 8 00000000772aceb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtPrepareEnlistment + 8 00000000772acec8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegeCheck + 8 00000000772aced8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegeObjectAuditAlarm + 8 00000000772acee8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegedServiceAuditAlarm + 8 00000000772acef8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtPropagationComplete + 8 00000000772acf08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtPropagationFailed + 8 00000000772acf18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtPulseEvent + 8 00000000772acf28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryBootEntryOrder + 8 00000000772acf38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryBootOptions + 8 00000000772acf48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDebugFilterState + 8 00000000772acf58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryObject + 8 00000000772acf68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDriverEntryOrder + 8 00000000772acf78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEaFile + 8 00000000772acf88 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000772acf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationAtom 00000000772acfa0 6 bytes [51, 48, B8, 40, 23, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationAtom + 8 00000000772acfa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationEnlistment + 8 00000000772acfb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationJobObject + 8 00000000772acfc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationPort + 8 00000000772acfd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationResourceManager + 8 00000000772acfe8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationTransaction + 8 00000000772acff8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationTransactionManager + 8 00000000772ad008 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationWorkerFactory + 8 00000000772ad018 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInstallUILanguage + 8 00000000772ad028 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryIntervalProfile + 8 00000000772ad038 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryIoCompletion + 8 00000000772ad048 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryLicenseValue + 8 00000000772ad058 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9c88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey + 8 00000000772ad068 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMutant + 8 00000000772ad078 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryOpenSubKeys + 8 00000000772ad088 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryOpenSubKeysEx + 8 00000000772ad098 12 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPortInformationProcess + 5 00000000772ad0a5 1 byte [03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPortInformationProcess + 8 00000000772ad0a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryQuotaInformationFile + 8 00000000772ad0b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityAttributesToken + 8 00000000772ad0c8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eae18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityObject + 8 00000000772ad0d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySemaphore + 8 00000000772ad0e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySymbolicLinkObject + 8 00000000772ad0f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemEnvironmentValue + 8 00000000772ad108 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemEnvironmentValueEx + 8 00000000772ad118 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformationEx + 8 00000000772ad128 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimerResolution + 8 00000000772ad138 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 8 00000000772ad148 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000772ad160 6 bytes [51, 48, B8, 00, 25, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000772ad168 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtReadOnlyEnlistment + 8 00000000772ad178 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverEnlistment + 8 00000000772ad188 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverResourceManager + 8 00000000772ad198 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverTransactionManager + 8 00000000772ad1a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtRegisterProtocolAddressInformation + 8 00000000772ad1b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtRegisterThreadTerminatePort + 8 00000000772ad1c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseKeyedEvent + 8 00000000772ad1d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseWorkerFactoryWorker + 8 00000000772ad1e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletionEx + 8 00000000772ad1f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveProcessDebug + 8 00000000772ad208 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d7088} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey + 8 00000000772ad218 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtRenameTransactionManager + 8 00000000772ad228 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtReplaceKey + 8 00000000772ad238 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtReplacePartitionUnit + 8 00000000772ad248 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReplyPort + 8 00000000772ad258 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtRequestPort + 8 00000000772ad268 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtResetEvent + 8 00000000772ad278 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtResetWriteWatch + 8 00000000772ad288 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtRestoreKey + 8 00000000772ad298 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess + 8 00000000772ad2a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackComplete + 8 00000000772ad2b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackEnlistment + 8 00000000772ad2c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackTransaction + 8 00000000772ad2d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtRollforwardTransactionManager + 8 00000000772ad2e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f0068} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSaveKey + 8 00000000772ad2f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSaveKeyEx + 8 00000000772ad308 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSaveMergedKeys + 8 00000000772ad318 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cfba8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 00000000772ad328 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSerializeBoot + 8 00000000772ad338 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 8 00000000772ad348 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 8 00000000772ad358 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000772ad368 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetDebugFilterState + 8 00000000772ad378 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultHardErrorPort + 8 00000000772ad388 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultLocale + 8 00000000772ad398 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultUILanguage + 8 00000000772ad3a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetDriverEntryOrder + 8 00000000772ad3b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetEaFile + 8 00000000772ad3c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetHighEventPair + 8 00000000772ad3d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetHighWaitLowEventPair + 8 00000000772ad3e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationDebugObject + 8 00000000772ad3f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationEnlistment + 8 00000000772ad408 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f1728} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationJobObject + 8 00000000772ad418 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationKey + 8 00000000772ad428 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationResourceManager + 8 00000000772ad438 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ead88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationToken + 8 00000000772ad448 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationTransaction + 8 00000000772ad458 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationTransactionManager + 8 00000000772ad468 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationWorkerFactory + 8 00000000772ad478 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetIntervalProfile + 8 00000000772ad488 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetIoCompletion + 8 00000000772ad498 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetIoCompletionEx + 8 00000000772ad4a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetLdtEntries + 8 00000000772ad4b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetLowEventPair + 8 00000000772ad4c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetLowWaitHighEventPair + 8 00000000772ad4d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetQuotaInformationFile + 8 00000000772ad4e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eab18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 8 00000000772ad4f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemEnvironmentValue + 8 00000000772ad508 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemEnvironmentValueEx + 8 00000000772ad518 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000772ad528 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 8 00000000772ad538 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemTime + 8 00000000772ad548 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetThreadExecutionState + 8 00000000772ad558 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimerEx + 8 00000000772ad568 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimerResolution + 8 00000000772ad578 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetUuidSeed + 8 00000000772ad588 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetVolumeInformationFile + 8 00000000772ad598 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem + 8 00000000772ad5a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownWorkerFactory + 8 00000000772ad5b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSignalAndWaitForSingleObject + 8 00000000772ad5c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSinglePhaseReject + 8 00000000772ad5d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtStartProfile + 8 00000000772ad5e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtStopProfile + 8 00000000772ad5f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 00000000772ad608 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 00000000772ad618 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000772ad628 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtTestAlert 00000000772ad640 6 bytes [51, 48, B8, E0, 29, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtTestAlert + 8 00000000772ad648 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtThawRegistry + 8 00000000772ad658 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtThawTransactions + 8 00000000772ad668 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtTraceControl + 8 00000000772ad678 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtTranslateFilePath + 8 00000000772ad688 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtUmsThreadYield + 8 00000000772ad698 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadDriver + 8 00000000772ad6a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey + 8 00000000772ad6b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey2 + 8 00000000772ad6c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKeyEx + 8 00000000772ad6d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtUnlockFile + 8 00000000772ad6e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtUnlockVirtualMemory + 8 00000000772ad6f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000772ad708 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForDebugEvent + 8 00000000772ad718 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForKeyedEvent + 8 00000000772ad728 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForWorkViaWorkerFactory + 8 00000000772ad738 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtWaitHighEventPair + 8 00000000772ad748 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 8 00000000772ad758 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtWorkerFactoryWorkerReady + 8 00000000772ad768 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlGetFullPathName_UEx 00000000772b0cd0 5 bytes JMP 0000000174c671d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\kernel32.dll!CreateActCtxW 000000007705a180 5 bytes JMP 0000000174c9da80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007705dae0 5 bytes JMP 0000000174c8e480 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\kernel32.dll!SetLocaleInfoA 00000000770af430 5 bytes JMP 0000000174c9e700 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\kernel32.dll!AllocConsole 00000000770c5c60 5 bytes JMP 0000000174c72120 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000770cf690 5 bytes JMP 0000000174c5e7e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\kernel32.dll!ReplaceFile 00000000770d4390 5 bytes JMP 0000000174c6b4e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\kernel32.dll!WinExec 00000000770db4b0 5 bytes JMP 0000000174c8d4e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\KERNELBASE.dll!GetVolumeInformationW 000007fefd184f30 6 bytes {JMP QWORD [RIP-0x20064f26]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\KERNELBASE.dll!GetFinalPathNameByHandleW 000007fefd189100 6 bytes {JMP QWORD [RIP-0x200690fe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd1b0250 6 bytes {JMP QWORD [RIP-0x20090256]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesW 000007fefeae1460 6 bytes {JMP QWORD [RIP-0x219c13ae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!CloseEventLog + 1 000007fefeae9271 5 bytes {JMP QWORD [RIP-0x219c9236]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!QueryServiceStatusEx 000007fefeae9474 6 bytes {JMP QWORD [RIP-0x219c9432]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!RegConnectRegistryW 000007fefeaeab20 6 bytes {JMP QWORD [RIP-0x219ca9ae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!SetSecurityInfo 000007fefeaeb210 6 bytes {JMP QWORD [RIP-0x219cb08e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!GetSecurityInfo 000007fefeaedad0 6 bytes {JMP QWORD [RIP-0x219cd946]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExW 000007fefeaeeb20 6 bytes {JMP QWORD [RIP-0x219ceaae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!ReportEventW 000007fefeaf0050 6 bytes {JMP QWORD [RIP-0x219d001e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!LookupAccountNameW 000007fefeaf0b24 6 bytes {JMP QWORD [RIP-0x219d09c2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!RegisterEventSourceW + 1 000007fefeaf6031 5 bytes {JMP QWORD [RIP-0x219d6016]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!DeregisterEventSource 000007fefeafa5a0 6 bytes {JMP QWORD [RIP-0x219da57e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb05548 6 bytes {JMP QWORD [RIP-0x219e546e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameW 000007fefeb056a0 6 bytes {JMP QWORD [RIP-0x219e560e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameW 000007fefeb05770 6 bytes {JMP QWORD [RIP-0x219e56ce]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!RegisterEventSourceA + 1 000007fefeb07461 5 bytes {JMP QWORD [RIP-0x219e744e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!QueryServiceObjectSecurity 000007fefeb1b2dc 6 bytes {JMP QWORD [RIP-0x219fb222]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!QueryServiceConfig2W 000007fefeb1b310 6 bytes {JMP QWORD [RIP-0x219fb2be]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!QueryServiceConfig2A 000007fefeb1b330 6 bytes {JMP QWORD [RIP-0x219fb2e6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefeb1b77c 6 bytes {JMP QWORD [RIP-0x219fb6aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!CreateRestrictedToken 000007fefeb1b7fc 6 bytes {JMP QWORD [RIP-0x219fb682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefeb1b8f0 6 bytes {JMP QWORD [RIP-0x219fb806]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefeb1b95c 6 bytes {JMP QWORD [RIP-0x219fb87a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!CredRenameA 000007fefeb22d50 6 bytes {JMP QWORD [RIP-0x21a02c16]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!GetEffectiveRightsFromAclW 000007fefeb25b00 6 bytes {JMP QWORD [RIP-0x21a0596e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesA 000007fefeb2d170 6 bytes {JMP QWORD [RIP-0x21a0d0c6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExA 000007fefeb2d2e0 6 bytes {JMP QWORD [RIP-0x21a0d276]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusA 000007fefeb2d4e0 6 bytes {JMP QWORD [RIP-0x21a0d486]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusW 000007fefeb2d8e0 6 bytes {JMP QWORD [RIP-0x21a0d87e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!UnlockServiceDatabase 000007fefeb2d930 6 bytes {JMP QWORD [RIP-0x21a0d866]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!QueryServiceLockStatusW 000007fefeb2d9a0 6 bytes {JMP QWORD [RIP-0x21a0d91e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!QueryServiceLockStatusA 000007fefeb2dab0 6 bytes {JMP QWORD [RIP-0x21a0da36]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!LockServiceDatabase 000007fefeb2dbc0 6 bytes {JMP QWORD [RIP-0x21a0dafe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameA 000007fefeb2dc40 6 bytes {JMP QWORD [RIP-0x21a0dbb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameA 000007fefeb2dcd0 6 bytes {JMP QWORD [RIP-0x21a0dc36]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!CredDeleteW 000007fefeb40910 6 bytes {JMP QWORD [RIP-0x21a207c6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!CredDeleteA 000007fefeb409d0 6 bytes {JMP QWORD [RIP-0x21a2088e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!ReportEventA 000007fefeb41cc0 6 bytes {JMP QWORD [RIP-0x21a21c96]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!RegConnectRegistryA 000007fefeb4c860 6 bytes {JMP QWORD [RIP-0x21a2c6f6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!CredReadDomainCredentialsW 000007fefeb4d820 6 bytes {JMP QWORD [RIP-0x21a2d6ee]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!CredReadDomainCredentialsA 000007fefeb4d950 6 bytes {JMP QWORD [RIP-0x21a2d826]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!CredWriteDomainCredentialsW 000007fefeb4da80 6 bytes {JMP QWORD [RIP-0x21a2d95e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!CredWriteDomainCredentialsA 000007fefeb4db60 6 bytes {JMP QWORD [RIP-0x21a2da46]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!CredEnumerateW 000007fefeb4dc60 6 bytes {JMP QWORD [RIP-0x21a2db06]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!CredEnumerateA 000007fefeb4dd90 6 bytes {JMP QWORD [RIP-0x21a2dc3e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!CredReadW 000007fefeb4dec0 6 bytes {JMP QWORD [RIP-0x21a2ddae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!CredReadA 000007fefeb4dfd0 6 bytes {JMP QWORD [RIP-0x21a2dec6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!CredWriteW 000007fefeb4e0e0 6 bytes {JMP QWORD [RIP-0x21a2dfde]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!CredWriteA 000007fefeb4e190 6 bytes {JMP QWORD [RIP-0x21a2e096]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithTokenW 000007fefeb50c80 6 bytes {JMP QWORD [RIP-0x21a30b8e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefebc642c 5 bytes JMP 000007fffeb055e8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefebc6484 5 bytes JMP 000007fffeaee870 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefebc6518 5 bytes JMP 000007fffeafae24 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerW 000007fefebc659c 5 bytes JMP 000007fffeaee858 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatus 000007fefebc6730 5 bytes JMP 000007fffeaf61ac .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatusEx 000007fefebc6784 5 bytes JMP 000007fffeae9474 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!StartServiceW 000007fefebc6824 5 bytes JMP 000007fffeae9460 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!SetServiceStatus 000007fefebc687c 5 bytes JMP 000007fffeae8e94 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerA 000007fefebc6aa4 5 bytes JMP 000007fffeafa380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefebc6c34 5 bytes JMP 000007fffeafa36c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!StartServiceA 000007fefebc6d00 5 bytes JMP 000007fffeb1b240 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!QueryServiceObjectSecurity 000007fefebc6d58 5 bytes JMP 000007fffeb1b2dc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefebc6e00 5 bytes JMP 000007fffeb1b24c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefebc6f2c 5 bytes JMP 000007fffeb1b95c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefebc7220 5 bytes JMP 000007fffeb1b8f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefebc739c 5 bytes JMP 000007fffeb1b9d4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefebc7538 5 bytes JMP 000007fffeb1b9c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefebc75e8 5 bytes JMP 000007fffeb1b77c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefebc790c 5 bytes JMP 000007fffeb05548 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefebc7ab4 5 bytes JMP 000007fffeb055d4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigA 000007fefebc7b04 5 bytes JMP 000007fffeb1b2fc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigW 000007fefebc7c34 5 bytes JMP 000007fffeaeecac .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2A 000007fefebc7d78 5 bytes JMP 000007fffeb1b330 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2W 000007fefebc8244 5 bytes JMP 000007fffeb1b310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherA 000007fefebc99e4 5 bytes JMP 000007fffeb1b234 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherW 000007fefebc9ac8 5 bytes JMP 000007fffeae6e4c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerW 000007fefebca51c 5 bytes JMP 000007fffeae2c1c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerA 000007fefebca530 5 bytes JMP 000007fffeb1b2d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExW 000007fefebca5b0 5 bytes JMP 000007fffeae8e60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExA 000007fefebca5c4 5 bytes JMP 000007fffeb1b2c4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChange 000007fefebcbb28 5 bytes JMP 000007fffeaeda10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChangeA 000007fefebcbb3c 5 bytes JMP 000007fffeb07440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!CreateWindowStationW 00000000771614c0 5 bytes JMP 0000000174c745b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!DdeInitializeW 0000000077164b74 5 bytes JMP 0000000174c72f40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077165350 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!OpenInputDesktop 0000000077166f00 5 bytes JMP 0000000174c75e00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!RegisterDeviceNotificationA 0000000077166fe4 5 bytes JMP 0000000174c6dd50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!UnregisterDeviceNotification 00000000771673b8 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetClassInfoA 0000000077167490 5 bytes JMP 0000000174c717c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetClassInfoExA 00000000771674c8 5 bytes JMP 0000000174c71680 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!EnumDesktopWindows 0000000077167d9c 5 bytes JMP 0000000174c74560 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!ActivateKeyboardLayout 00000000771683c0 5 bytes JMP 0000000174c6dad0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SetParent 0000000077168530 5 bytes JMP 0000000174c75990 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077169bcc 5 bytes JMP 0000000174c78b20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!UnregisterClassA 0000000077169e70 5 bytes JMP 0000000174c71560 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!RegisterClassA 0000000077169f68 5 bytes JMP 0000000174c713e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!CreateWindowExA 000000007716a2e0 5 bytes JMP 0000000174c6d510 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!PostMessageA 000000007716a404 5 bytes JMP 0000000174c77de0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!MoveWindow 000000007716aad0 5 bytes JMP 0000000174c6db40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007716b500 5 bytes JMP 0000000174c78f10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!UpdateLayeredWindowIndirect + 368 000000007716b830 5 bytes JMP 0000000174c6da30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SetCursor 000000007716c930 5 bytes JMP 0000000174c75b10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!ScreenToClient 000000007716ca58 5 bytes JMP 0000000174c6e9d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!EnumThreadWindows 000000007716ce5c 5 bytes JMP 0000000174c74500 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!IsWindowEnabled 000000007716d15c 5 bytes JMP 0000000174c6e820 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!AttachThreadInput 000000007716d240 5 bytes JMP 0000000174c6ecc0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!FindWindowW 000000007716d264 5 bytes JMP 0000000174c749b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007716d2b0 5 bytes JMP 0000000174c779e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SendMessageA 000000007716d338 5 bytes JMP 0000000174c77aa0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000000007716d440 5 bytes JMP 0000000174c75440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!UnregisterClassW 000000007716d464 5 bytes JMP 0000000174c714e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SetForegroundWindow 000000007716d540 5 bytes JMP 0000000174c75c50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SetThreadDesktop 000000007716d6d0 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetWindowTextW 000000007716d7a4 5 bytes JMP 0000000174c79bd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!OpenDesktopW 000000007716d870 5 bytes JMP 0000000174c74590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!EnumDesktopsW 000000007716d964 5 bytes JMP 0000000174c74570 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007716dc40 5 bytes JMP 0000000174c77db0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007716f874 5 bytes JMP 0000000174c757f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetUserObjectInformationW 000000007716f9c0 5 bytes JMP 0000000174c75e30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007716fac0 5 bytes JMP 0000000174c77ca0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000077170810 5 bytes JMP 0000000174c6d2c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!RegisterClassW 00000000771708c0 5 bytes JMP 0000000174c712e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077170b74 5 bytes JMP 0000000174c77a40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!RegisterClassExW 0000000077170e9c 5 bytes JMP 0000000174c710e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetClassInfoExW 0000000077171550 5 bytes JMP 0000000174c715e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetClassInfoW 00000000771716d0 5 bytes JMP 0000000174c71720 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!ClientToScreen 00000000771732b8 5 bytes JMP 0000000174c6e940 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SetWindowLongW 00000000771733b0 5 bytes JMP 0000000174c78ad0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetWindowLongPtrA 00000000771737c0 5 bytes JMP 0000000174c78c40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SetWindowPos 0000000077173c50 5 bytes JMP 0000000174c6e4a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetWindow 0000000077174bf4 5 bytes JMP 0000000174c75930 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!EnumChildWindows 0000000077174ce0 5 bytes JMP 0000000174c74490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetIconInfo 0000000077174eec 5 bytes JMP 0000000174c75b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetClassNameW 0000000077174f28 5 bytes JMP 0000000174c71860 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetClassLongPtrW 00000000771752a4 5 bytes JMP 0000000174c78cf0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!IsWindowUnicode 0000000077175360 5 bytes JMP 0000000174c6e840 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetWindowLongA 0000000077175408 5 bytes JMP 0000000174c78a90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetShellWindow 00000000771754a0 5 bytes JMP 0000000174c74df0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!EnumWindows 0000000077175e28 5 bytes JMP 0000000174c74480 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!MonitorFromWindow 0000000077175f08 5 bytes JMP 0000000174c75ce0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!DispatchMessageA 0000000077176274 5 bytes JMP 0000000174c77170 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetClassLongW 0000000077176458 5 bytes JMP 0000000174c78b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SendMessageW 0000000077176b50 5 bytes JMP 0000000174c77b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetClientRect 0000000077176bc8 5 bytes JMP 0000000174c6ea60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetWindowRect 0000000077176c0c 5 bytes JMP 0000000174c6eb30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!MapWindowPoints 0000000077176cd4 5 bytes JMP 0000000174c6e870 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SetPropW 0000000077176f50 5 bytes JMP 0000000174c78670 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!RemovePropW 0000000077176fd0 5 bytes JMP 0000000174c78750 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771776c0 5 bytes JMP 0000000174c78e40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!PostMessageW 00000000771776e4 5 bytes JMP 0000000174c77e80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!IsWindow 0000000077177928 5 bytes JMP 0000000174c6e810 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SetScrollInfo + 380 0000000077177ec0 5 bytes JMP 0000000174c74310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetWindowLongW 0000000077177f20 5 bytes JMP 0000000174c78a50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetPropW 0000000077178878 5 bytes JMP 0000000174c784d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetParent 00000000771789e4 5 bytes JMP 0000000174c75950 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetWindowInfo 0000000077178b08 5 bytes JMP 0000000174c6ec00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!IsIconic 0000000077178c5c 5 bytes JMP 0000000174c6e850 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!IsZoomed 0000000077178c8c 5 bytes JMP 0000000174c6e860 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!IsWindowVisible 0000000077178d24 5 bytes JMP 0000000174c6e830 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetWindowLongPtrW 00000000771796c0 5 bytes JMP 0000000174c78b90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!DispatchMessageW 000000007717991c 5 bytes JMP 0000000174c771a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!AnimateWindow 000000007717bff0 5 bytes JMP 0000000174c6dda0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamW 000000007717ce40 5 bytes JMP 0000000174c73f50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!DialogBoxParamW 000000007717d410 5 bytes JMP 0000000174c74090 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetClipboardData 000000007717e874 5 bytes JMP 0000000174c766c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetPropA 000000007717f4cc 5 bytes JMP 0000000174c785a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771828e4 5 bytes JMP 0000000174c77d80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!WaitForInputIdle 0000000077183fa0 5 bytes JMP 0000000174c6de30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW 0000000077184efc 5 bytes JMP 0000000174c73ec0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamW 0000000077184f70 5 bytes JMP 0000000174c73f90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!CloseClipboard 0000000077185a50 5 bytes JMP 0000000174c75f00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!OpenClipboard 0000000077185a70 5 bytes JMP 0000000174c75eb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW 0000000077187468 5 bytes JMP 0000000174c73e20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!CreateDialogParamW 000000007718751c 5 bytes JMP 0000000174c73fd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!FindWindowA 0000000077188270 5 bytes JMP 0000000174c74ab0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077188be0 5 bytes JMP 0000000174c77c60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077188c20 5 bytes JMP 0000000174c75770 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SendInput 0000000077188cd0 5 bytes JMP 0000000174c75d80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!FindWindowExW 0000000077188d20 5 bytes JMP 0000000174c74bb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!BlockInput 000000007718ad60 5 bytes JMP 0000000174c75d70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!ClipCursor 000000007718adb0 5 bytes JMP 0000000174c75a00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!UserHandleGrantAccess 000000007718b400 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!EnumDesktopsA 000000007719ffa0 5 bytes JMP 0000000174c74580 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!CreateWindowStationA 00000000771a14c4 5 bytes JMP 0000000174c745d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!OpenDesktopA 00000000771a1724 5 bytes JMP 0000000174c74590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SetCursorPos 00000000771a1f58 5 bytes JMP 0000000174c75be0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SetDoubleClickTime 00000000771a1f70 5 bytes JMP 0000000174c9e700 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SwapMouseButton 00000000771a1fa4 5 bytes JMP 0000000174c9e700 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamA 00000000771a2be4 5 bytes JMP 0000000174c73fb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamA 00000000771a2c0c 5 bytes JMP 0000000174c73f70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!DialogBoxParamA 00000000771a2c34 5 bytes JMP 0000000174c740f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!CreateDialogParamA 00000000771a2cf8 5 bytes JMP 0000000174c74030 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!ExitWindowsEx 00000000771b14e0 5 bytes JMP 0000000174c6db00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!EndTask 00000000771b1604 5 bytes JMP 0000000174c6dca0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!DdeInitializeA 00000000771b24a8 5 bytes JMP 0000000174c72f80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!MessageBoxW 00000000771d1314 5 bytes JMP 0000000174c6dbb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!MessageBoxExW 00000000771d1394 5 bytes JMP 0000000174c6dc20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetClassNameA 00000000771db394 5 bytes JMP 0000000174c719b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetClassLongPtrA 00000000771dcb6c 5 bytes JMP 0000000174c78d00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetClassLongA 00000000771dcbac 5 bytes JMP 0000000174c78b80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!GetWindowTextA 00000000771dccd0 5 bytes JMP 0000000174c79c00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!RegisterClassExA 00000000771dd670 5 bytes JMP 0000000174c711e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!FindWindowExA 00000000771ddae0 5 bytes JMP 0000000174c74cd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!RemovePropA 00000000771dde90 5 bytes JMP 0000000174c787b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\USER32.dll!SetPropA 00000000771ddf94 5 bytes JMP 0000000174c786e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\GDI32.dll!EnumFontFamiliesExW 000007fefea28724 6 bytes {JMP QWORD [RIP-0x21908542]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\GDI32.dll!GdiAddFontResourceW 000007fefea2a074 6 bytes {JMP QWORD [RIP-0x21909eba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\GDI32.dll!GdiDllInitialize 000007fefea2ae78 6 bytes {JMP QWORD [RIP-0x2190acc6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\GDI32.dll!RemoveFontResourceExW 000007fefea34784 6 bytes {JMP QWORD [RIP-0x219145c2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\GDI32.dll!GetFontResourceInfoW + 1 000007fefea34845 5 bytes {JMP QWORD [RIP-0x2191467a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\GDI32.dll!EnumFontFamiliesExA 000007fefea491f0 6 bytes {JMP QWORD [RIP-0x21929016]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\GDI32.dll!CreateScalableFontResourceW + 1 000007fefea49f4d 5 bytes {JMP QWORD [RIP-0x21929d7a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\WTSAPI32.dll!WTSEnumerateSessionsW 000007fefaed1430 6 bytes {JMP QWORD [RIP-0x1ddb123e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\WTSAPI32.dll!WTSQueryUserToken 000007fefaed18f0 6 bytes {JMP QWORD [RIP-0x1ddb1706]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\WTSAPI32.dll!WTSRegisterSessionNotification 000007fefaed1d00 6 bytes {JMP QWORD [RIP-0x1ddb1afe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\WTSAPI32.dll!WTSUnRegisterSessionNotification + 1 000007fefaed1e31 5 bytes {JMP QWORD [RIP-0x1ddb1c1e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\WTSAPI32.dll!WTSRegisterSessionNotificationEx 000007fefaed5030 6 bytes {JMP QWORD [RIP-0x1ddb4e26]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\WTSAPI32.dll!WTSUnRegisterSessionNotificationEx 000007fefaed50b4 6 bytes {JMP QWORD [RIP-0x1ddb4e9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\WTSAPI32.dll!WTSEnumerateProcessesW 000007fefaed54b0 6 bytes {JMP QWORD [RIP-0x1ddb52b6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\IMM32.DLL!ImmAssociateContext 000007fefeab1750 6 bytes {JMP QWORD [RIP-0x2199152e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\IMM32.DLL!ImmAssociateContextEx 000007fefeab8240 6 bytes {JMP QWORD [RIP-0x21998016]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\WINNSI.DLL!NsiRpcRegisterChangeNotification 000007fefad21910 6 bytes {JMP QWORD [RIP-0x1dc0162e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd8845c1 5 bytes {JMP QWORD [RIP-0x207642ce]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\WS2_32.dll!WSANSPIoctl 000007fefd8a44c0 6 bytes {JMP QWORD [RIP-0x207841d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd8ae0f0 6 bytes {JMP QWORD [RIP-0x2078ddf6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\CRYPT32.dll!CertGetCertificateChain 000007fefd260ba0 6 bytes {JMP QWORD [RIP-0x2014088e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\CRYPT32.dll!CryptUnprotectData + 1 000007fefd2791b9 5 bytes {JMP QWORD [RIP-0x20158eae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\CRYPT32.dll!CryptProtectData 000007fefd2796d4 6 bytes {JMP QWORD [RIP-0x201593d2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\SSPICLI.DLL!LsaRegisterLogonProcess + 1 000007fefcdc9211 5 bytes {JMP QWORD [RIP-0x1fca8ef6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\SETUPAPI.dll!VerifyCatalogFile + 1 000007fefef36799 5 bytes {JMP QWORD [RIP-0x21e16476]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\CFGMGR32.dll!CM_Add_Driver_PackageW 000007fefd0275f8 6 bytes {JMP QWORD [RIP-0x1ff072ce]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\system32\CFGMGR32.dll!CM_Add_Driver_Package_ExW 000007fefd027650 6 bytes {JMP QWORD [RIP-0x1ff0731e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772822f0 5 bytes JMP 0000000174c883b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077286290 5 bytes JMP 0000000174c882f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk 000000007728a430 5 bytes JMP 0000000100030880 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx 0000000077295140 5 bytes JMP 0000000174c8d350 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentDirectory_U 00000000772a5d20 5 bytes JMP 0000000174c66cc0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentDirectory_U 00000000772a6050 5 bytes JMP 0000000174c66f30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!LdrQueryImageFileExecutionOptions 00000000772a66e0 5 bytes JMP 0000000174c88470 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter 00000000772abe60 6 bytes [51, 48, B8, 00, 12, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter + 8 00000000772abe68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForSingleObject + 8 00000000772abe78 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 00000000772abe90 6 bytes JMP 0000000174c5d910 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile + 8 00000000772abe98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ba1e8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 8 00000000772abea8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b1b88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000772abeb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletion + 8 00000000772abec8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseSemaphore + 8 00000000772abed8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 8 00000000772abee8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyPort + 8 00000000772abef8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772abf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetEvent 00000000772abf10 6 bytes [51, 48, B8, B0, 12, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetEvent + 8 00000000772abf18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf418} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000772abf28 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9dea08} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 8 00000000772abf38 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bee18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationFile + 8 00000000772abf48 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9db028} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000772abf58 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9daba8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey + 8 00000000772abf68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtFindAtom + 8 00000000772abf78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultLocale + 8 00000000772abf88 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9db448} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryKey + 8 00000000772abf98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da868} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey + 8 00000000772abfa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 8 00000000772abfb8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9e1fc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess + 8 00000000772abfc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects32 + 8 00000000772abfd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFileGather + 8 00000000772abfe8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9e1f78} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000772abff8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9ee8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000772ac008 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 8 00000000772ac018 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf6f8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 8 00000000772ac028 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseMutant + 8 00000000772ac038 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec0c8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 00000000772ac048 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cfcd8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 8 00000000772ac058 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9deb38} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVirtualMemory + 8 00000000772ac068 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000772ac078 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000772ac080 6 bytes [51, 48, B8, 20, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 8 00000000772ac088 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000772ac098 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000772ac0a0 7 bytes [48, B8, C4, BF, 01, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000772ac0a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772ac0b0 7 bytes [48, B8, D0, BD, 01, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000772ac0b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm 00000000772ac0c0 6 bytes [51, 48, B8, 60, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm + 8 00000000772ac0c8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772ac0d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772ac0e0 6 bytes [51, 48, B8, 80, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 8 00000000772ac0e8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority 00000000772ac100 6 bytes [51, 48, B8, A0, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority + 8 00000000772ac108 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtReadFileScatter + 8 00000000772ac118 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000772ac128 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000772ac130 7 bytes [48, B8, 00, BF, 01, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000772ac138 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPerformanceCounter 00000000772ac140 6 bytes [51, 48, B8, E0, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPerformanceCounter + 8 00000000772ac148 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da228} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey + 8 00000000772ac158 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000772ac168 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDelayExecution 00000000772ac170 6 bytes [51, 48, B8, 10, 15, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDelayExecution + 8 00000000772ac178 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ba0d8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 8 00000000772ac188 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2868} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformation + 8 00000000772ac198 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d25b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000772ac1a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimer + 8 00000000772ac1b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bc838} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 8 00000000772ac1c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000772ac1d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCloseObjectAuditAlarm + 8 00000000772ac1e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec8b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000772ac1f8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772ac208 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtClearEvent 00000000772ac210 6 bytes [51, 48, B8, B0, 15, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtClearEvent + 8 00000000772ac218 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 8 00000000772ac228 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1b08} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000772ac238 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ebfb8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 00000000772ac248 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateToken + 8 00000000772ac258 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage 00000000772ac270 6 bytes [51, 48, B8, 10, 16, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage + 8 00000000772ac278 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000772ac288 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom 00000000772ac2a0 6 bytes [51, 48, B8, 40, 16, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom + 8 00000000772ac2a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d18b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000772ac2b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bcbc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVolumeInformationFile + 8 00000000772ac2c8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d2238} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000772ac2d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtFlushBuffersFile + 8 00000000772ac2e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtApphelpCacheControl + 8 00000000772ac2f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000772ac308 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000772ac318 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtIsProcessInJob + 8 00000000772ac328 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 00000000772ac338 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySection + 8 00000000772ac348 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread + 8 00000000772ac358 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData 00000000772ac370 6 bytes [51, 48, B8, 10, 17, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData + 8 00000000772ac378 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772ac388 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEvent 00000000772ac390 6 bytes [51, 48, B8, 30, 17, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEvent + 8 00000000772ac398 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteRequestData + 8 00000000772ac3a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000772ac3b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeAndAuditAlarm + 8 00000000772ac3c8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects 00000000772ac3e0 6 bytes [51, 48, B8, 80, 17, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects + 8 00000000772ac3e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationObject + 8 00000000772ac3f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFile + 8 00000000772ac408 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2318} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtTraceEvent + 8 00000000772ac418 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtPowerInformation + 8 00000000772ac428 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d88e8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000772ac438 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCancelTimer + 8 00000000772ac448 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimer + 8 00000000772ac458 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAcceptConnectPort + 8 00000000772ac468 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheck + 8 00000000772ac478 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType + 8 00000000772ac488 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultList + 8 00000000772ac498 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarm + 8 00000000772ac4a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarmByHandle + 8 00000000772ac4b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 8 00000000772ac4c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAddDriverEntry + 8 00000000772ac4d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustGroupsToken + 8 00000000772ac4e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlertResumeThread + 8 00000000772ac4f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlertThread + 8 00000000772ac508 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateLocallyUniqueId + 8 00000000772ac518 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateReserveObject + 8 00000000772ac528 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateUserPhysicalPages + 8 00000000772ac538 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateUuids + 8 00000000772ac548 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 00000000772ac558 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCancelMessage + 8 00000000772ac568 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0de8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 00000000772ac578 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0c68} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 00000000772ac588 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePortSection + 8 00000000772ac598 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateResourceReserve + 8 00000000772ac5a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateSectionView + 8 00000000772ac5b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateSecurityContext + 8 00000000772ac5c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeletePortSection + 8 00000000772ac5d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteResourceReserve + 8 00000000772ac5e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteSectionView + 8 00000000772ac5f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteSecurityContext + 8 00000000772ac608 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDisconnectPort + 8 00000000772ac618 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf118} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort + 8 00000000772ac628 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcOpenSenderProcess + 8 00000000772ac638 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcOpenSenderThread + 8 00000000772ac648 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cedb8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcQueryInformation + 8 00000000772ac658 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cedd8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcQueryInformationMessage + 8 00000000772ac668 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcRevokeSecurityContext + 8 00000000772ac678 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf878} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 00000000772ac688 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSetInformation + 8 00000000772ac698 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAreMappedFilesTheSame + 8 00000000772ac6a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2448} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 8 00000000772ac6b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFileEx + 8 00000000772ac6c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCancelSynchronousIoFile + 8 00000000772ac6d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCommitComplete + 8 00000000772ac6e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCommitEnlistment + 8 00000000772ac6f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCommitTransaction + 8 00000000772ac708 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCompactKeys + 8 00000000772ac718 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCompareTokens + 8 00000000772ac728 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCompleteConnectPort + 8 00000000772ac738 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCompressKey + 8 00000000772ac748 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0538} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 00000000772ac758 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateDebugObject + 8 00000000772ac768 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateDirectoryObject + 8 00000000772ac778 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEnlistment + 8 00000000772ac788 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 8 00000000772ac798 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000772ac7a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2078} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateJobObject + 8 00000000772ac7b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateJobSet + 8 00000000772ac7c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyTransacted + 8 00000000772ac7d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000772ac7e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b9388} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMailslotFile + 8 00000000772ac7f8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d16a8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000772ac808 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b9528} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000772ac818 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePagingFile + 8 00000000772ac828 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000772ac832 4 bytes {JMP 0xfffffffffd9d0290} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 8 00000000772ac838 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePrivateNamespace + 8 00000000772ac848 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000772ac858 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProfile + 8 00000000772ac868 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProfileEx + 8 00000000772ac878 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateResourceManager + 8 00000000772ac888 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1938} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000772ac898 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 8 00000000772ac8a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000772ac8b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000772ac8c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateToken + 8 00000000772ac8d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTransaction + 8 00000000772ac8e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTransactionManager + 8 00000000772ac8f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 8 00000000772ac908 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWaitablePort + 8 00000000772ac918 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWorkerFactory + 8 00000000772ac928 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 8 00000000772ac938 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDebugContinue + 8 00000000772ac948 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteAtom + 8 00000000772ac958 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 8 00000000772ac968 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteDriverEntry + 8 00000000772ac978 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bef58} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000772ac988 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9daa68} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey + 8 00000000772ac998 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteObjectAuditAlarm + 8 00000000772ac9a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDeletePrivateNamespace + 8 00000000772ac9b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da8b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey + 8 00000000772ac9c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDisableLastKnownGood + 8 00000000772ac9d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDisplayString + 8 00000000772ac9e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDrawText + 8 00000000772ac9f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtEnableLastKnownGood + 8 00000000772aca08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateBootEntries + 8 00000000772aca18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateDriverEntries + 8 00000000772aca28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateSystemEnvironmentValuesEx + 8 00000000772aca38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateTransactionObject + 8 00000000772aca48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtExtendSection + 8 00000000772aca58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtFilterToken + 8 00000000772aca68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtFlushInstallUILanguage + 8 00000000772aca78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtFlushInstructionCache + 8 00000000772aca88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtFlushKey + 8 00000000772aca98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtFlushProcessWriteBuffers + 8 00000000772acaa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtFlushVirtualMemory + 8 00000000772acab8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtFlushWriteBuffer + 8 00000000772acac8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtFreeUserPhysicalPages + 8 00000000772acad8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtFreezeRegistry + 8 00000000772acae8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtFreezeTransactions + 8 00000000772acaf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 8 00000000772acb08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtGetCurrentProcessorNumber + 8 00000000772acb18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtGetDevicePowerState + 8 00000000772acb28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtGetMUIRegistryInfo + 8 00000000772acb38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 8 00000000772acb48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 8 00000000772acb58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtGetNlsSectionPtr + 8 00000000772acb68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtGetNotificationResourceManager + 8 00000000772acb78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtGetPlugPlayEvent + 8 00000000772acb88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtGetWriteWatch + 8 00000000772acb98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cebc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateAnonymousToken + 8 00000000772acba8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cebf8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateThread + 8 00000000772acbb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtInitializeNlsFiles + 8 00000000772acbc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtInitializeRegistry + 8 00000000772acbd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtInitiatePowerAction + 8 00000000772acbe8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtIsSystemResumeAutomatic + 8 00000000772acbf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtIsUILanguageComitted + 8 00000000772acc08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtListenPort + 8 00000000772acc18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9dbc78} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000772acc28 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d76a8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKey + 8 00000000772acc38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKey2 + 8 00000000772acc48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKeyEx + 8 00000000772acc58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtLockFile + 8 00000000772acc68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtLockProductActivationKeys + 8 00000000772acc78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtLockRegistryKey + 8 00000000772acc88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtLockVirtualMemory + 8 00000000772acc98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtMakePermanentObject + 8 00000000772acca8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject + 8 00000000772accb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtMapCMFModule + 8 00000000772accc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPages + 8 00000000772accd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 8 00000000772acce8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtModifyDriverEntry + 8 00000000772accf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeDirectoryFile + 8 00000000772acd08 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d81b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 8 00000000772acd18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d7088} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 8 00000000772acd28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeSession + 8 00000000772acd38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEnlistment + 8 00000000772acd48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair + 8 00000000772acd58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000772acd68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenJobObject + 8 00000000772acd78 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9138} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000772acd88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyTransacted + 8 00000000772acd98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyTransactedEx + 8 00000000772acda8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000772acdb8 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 2 00000000772acdc2 4 bytes {JMP 0xfffffffffd9d1290} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000772acdc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenObjectAuditAlarm + 8 00000000772acdd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenPrivateNamespace + 8 00000000772acde8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772acdf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenResourceManager 00000000772ace00 6 bytes [51, 48, B8, A0, 21, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenResourceManager + 8 00000000772ace08 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1588} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000772ace18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSession + 8 00000000772ace28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000772ace38 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000772ace48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ace50 6 bytes [51, 48, B8, F0, 21, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000772ace58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTransaction + 8 00000000772ace68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTransactionManager + 8 00000000772ace78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtPlugPlayControl + 8 00000000772ace88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtPrePrepareComplete + 8 00000000772ace98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtPrePrepareEnlistment + 8 00000000772acea8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtPrepareComplete + 8 00000000772aceb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtPrepareEnlistment + 8 00000000772acec8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegeCheck + 8 00000000772aced8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegeObjectAuditAlarm + 8 00000000772acee8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegedServiceAuditAlarm + 8 00000000772acef8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtPropagationComplete + 8 00000000772acf08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtPropagationFailed + 8 00000000772acf18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtPulseEvent + 8 00000000772acf28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryBootEntryOrder + 8 00000000772acf38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryBootOptions + 8 00000000772acf48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDebugFilterState + 8 00000000772acf58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryObject + 8 00000000772acf68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDriverEntryOrder + 8 00000000772acf78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEaFile + 8 00000000772acf88 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000772acf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationAtom 00000000772acfa0 6 bytes [51, 48, B8, 40, 23, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationAtom + 8 00000000772acfa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationEnlistment + 8 00000000772acfb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationJobObject + 8 00000000772acfc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationPort + 8 00000000772acfd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationResourceManager + 8 00000000772acfe8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationTransaction + 8 00000000772acff8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationTransactionManager + 8 00000000772ad008 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationWorkerFactory + 8 00000000772ad018 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInstallUILanguage + 8 00000000772ad028 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryIntervalProfile + 8 00000000772ad038 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryIoCompletion + 8 00000000772ad048 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryLicenseValue + 8 00000000772ad058 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9c88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey + 8 00000000772ad068 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMutant + 8 00000000772ad078 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryOpenSubKeys + 8 00000000772ad088 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryOpenSubKeysEx + 8 00000000772ad098 12 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPortInformationProcess + 5 00000000772ad0a5 1 byte [03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPortInformationProcess + 8 00000000772ad0a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryQuotaInformationFile + 8 00000000772ad0b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityAttributesToken + 8 00000000772ad0c8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eae18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityObject + 8 00000000772ad0d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySemaphore + 8 00000000772ad0e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySymbolicLinkObject + 8 00000000772ad0f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemEnvironmentValue + 8 00000000772ad108 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemEnvironmentValueEx + 8 00000000772ad118 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformationEx + 8 00000000772ad128 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimerResolution + 8 00000000772ad138 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 8 00000000772ad148 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000772ad160 6 bytes [51, 48, B8, 00, 25, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000772ad168 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtReadOnlyEnlistment + 8 00000000772ad178 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverEnlistment + 8 00000000772ad188 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverResourceManager + 8 00000000772ad198 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverTransactionManager + 8 00000000772ad1a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtRegisterProtocolAddressInformation + 8 00000000772ad1b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtRegisterThreadTerminatePort + 8 00000000772ad1c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseKeyedEvent + 8 00000000772ad1d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseWorkerFactoryWorker + 8 00000000772ad1e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletionEx + 8 00000000772ad1f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveProcessDebug + 8 00000000772ad208 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d7088} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey + 8 00000000772ad218 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtRenameTransactionManager + 8 00000000772ad228 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtReplaceKey + 8 00000000772ad238 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtReplacePartitionUnit + 8 00000000772ad248 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReplyPort + 8 00000000772ad258 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtRequestPort + 8 00000000772ad268 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtResetEvent + 8 00000000772ad278 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtResetWriteWatch + 8 00000000772ad288 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtRestoreKey + 8 00000000772ad298 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess + 8 00000000772ad2a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackComplete + 8 00000000772ad2b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackEnlistment + 8 00000000772ad2c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackTransaction + 8 00000000772ad2d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtRollforwardTransactionManager + 8 00000000772ad2e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f0068} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSaveKey + 8 00000000772ad2f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSaveKeyEx + 8 00000000772ad308 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSaveMergedKeys + 8 00000000772ad318 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cfba8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 00000000772ad328 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSerializeBoot + 8 00000000772ad338 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 8 00000000772ad348 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 8 00000000772ad358 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000772ad368 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetDebugFilterState + 8 00000000772ad378 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultHardErrorPort + 8 00000000772ad388 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultLocale + 8 00000000772ad398 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultUILanguage + 8 00000000772ad3a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetDriverEntryOrder + 8 00000000772ad3b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetEaFile + 8 00000000772ad3c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetHighEventPair + 8 00000000772ad3d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetHighWaitLowEventPair + 8 00000000772ad3e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationDebugObject + 8 00000000772ad3f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationEnlistment + 8 00000000772ad408 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f1728} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationJobObject + 8 00000000772ad418 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationKey + 8 00000000772ad428 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationResourceManager + 8 00000000772ad438 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ead88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationToken + 8 00000000772ad448 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationTransaction + 8 00000000772ad458 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationTransactionManager + 8 00000000772ad468 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationWorkerFactory + 8 00000000772ad478 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetIntervalProfile + 8 00000000772ad488 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetIoCompletion + 8 00000000772ad498 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetIoCompletionEx + 8 00000000772ad4a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetLdtEntries + 8 00000000772ad4b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetLowEventPair + 8 00000000772ad4c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetLowWaitHighEventPair + 8 00000000772ad4d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetQuotaInformationFile + 8 00000000772ad4e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eab18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 8 00000000772ad4f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemEnvironmentValue + 8 00000000772ad508 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemEnvironmentValueEx + 8 00000000772ad518 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000772ad528 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 8 00000000772ad538 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemTime + 8 00000000772ad548 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetThreadExecutionState + 8 00000000772ad558 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimerEx + 8 00000000772ad568 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimerResolution + 8 00000000772ad578 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetUuidSeed + 8 00000000772ad588 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetVolumeInformationFile + 8 00000000772ad598 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem + 8 00000000772ad5a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownWorkerFactory + 8 00000000772ad5b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSignalAndWaitForSingleObject + 8 00000000772ad5c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSinglePhaseReject + 8 00000000772ad5d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtStartProfile + 8 00000000772ad5e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtStopProfile + 8 00000000772ad5f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 00000000772ad608 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 00000000772ad618 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000772ad628 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtTestAlert 00000000772ad640 6 bytes [51, 48, B8, E0, 29, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtTestAlert + 8 00000000772ad648 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtThawRegistry + 8 00000000772ad658 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtThawTransactions + 8 00000000772ad668 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtTraceControl + 8 00000000772ad678 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtTranslateFilePath + 8 00000000772ad688 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtUmsThreadYield + 8 00000000772ad698 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadDriver + 8 00000000772ad6a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey + 8 00000000772ad6b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey2 + 8 00000000772ad6c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKeyEx + 8 00000000772ad6d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtUnlockFile + 8 00000000772ad6e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtUnlockVirtualMemory + 8 00000000772ad6f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000772ad708 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForDebugEvent + 8 00000000772ad718 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForKeyedEvent + 8 00000000772ad728 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForWorkViaWorkerFactory + 8 00000000772ad738 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtWaitHighEventPair + 8 00000000772ad748 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 8 00000000772ad758 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtWorkerFactoryWorkerReady + 8 00000000772ad768 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!RtlGetFullPathName_UEx 00000000772b0cd0 5 bytes JMP 0000000174c671d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\KERNELBASE.dll!GetVolumeInformationW 000007fefd184f30 6 bytes {JMP QWORD [RIP-0x20064f26]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\KERNELBASE.dll!GetFinalPathNameByHandleW 000007fefd189100 6 bytes {JMP QWORD [RIP-0x200690fe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd1b0250 6 bytes {JMP QWORD [RIP-0x20090256]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesW 000007fefeae1460 6 bytes {JMP QWORD [RIP-0x219c13ae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!CloseEventLog + 1 000007fefeae9271 5 bytes {JMP QWORD [RIP-0x219c9236]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!QueryServiceStatusEx 000007fefeae9474 6 bytes {JMP QWORD [RIP-0x219c9432]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!RegConnectRegistryW 000007fefeaeab20 6 bytes {JMP QWORD [RIP-0x219ca9ae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!SetSecurityInfo 000007fefeaeb210 6 bytes {JMP QWORD [RIP-0x219cb08e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!GetSecurityInfo 000007fefeaedad0 6 bytes {JMP QWORD [RIP-0x219cd946]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExW 000007fefeaeeb20 6 bytes {JMP QWORD [RIP-0x219ceaae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!ReportEventW 000007fefeaf0050 6 bytes {JMP QWORD [RIP-0x219d001e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!LookupAccountNameW 000007fefeaf0b24 6 bytes {JMP QWORD [RIP-0x219d09c2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!RegisterEventSourceW + 1 000007fefeaf6031 5 bytes {JMP QWORD [RIP-0x219d6016]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!DeregisterEventSource 000007fefeafa5a0 6 bytes {JMP QWORD [RIP-0x219da57e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb05548 6 bytes {JMP QWORD [RIP-0x219e546e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameW 000007fefeb056a0 6 bytes {JMP QWORD [RIP-0x219e560e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameW 000007fefeb05770 6 bytes {JMP QWORD [RIP-0x219e56ce]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!RegisterEventSourceA + 1 000007fefeb07461 5 bytes {JMP QWORD [RIP-0x219e744e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!QueryServiceObjectSecurity 000007fefeb1b2dc 6 bytes {JMP QWORD [RIP-0x219fb222]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!QueryServiceConfig2W 000007fefeb1b310 6 bytes {JMP QWORD [RIP-0x219fb2be]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!QueryServiceConfig2A 000007fefeb1b330 6 bytes {JMP QWORD [RIP-0x219fb2e6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefeb1b77c 6 bytes {JMP QWORD [RIP-0x219fb6aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!CreateRestrictedToken 000007fefeb1b7fc 6 bytes {JMP QWORD [RIP-0x219fb682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefeb1b8f0 6 bytes {JMP QWORD [RIP-0x219fb806]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefeb1b95c 6 bytes {JMP QWORD [RIP-0x219fb87a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!CredRenameA 000007fefeb22d50 6 bytes {JMP QWORD [RIP-0x21a02c16]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!GetEffectiveRightsFromAclW 000007fefeb25b00 6 bytes {JMP QWORD [RIP-0x21a0596e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesA 000007fefeb2d170 6 bytes {JMP QWORD [RIP-0x21a0d0c6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExA 000007fefeb2d2e0 6 bytes {JMP QWORD [RIP-0x21a0d276]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusA 000007fefeb2d4e0 6 bytes {JMP QWORD [RIP-0x21a0d486]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusW 000007fefeb2d8e0 6 bytes {JMP QWORD [RIP-0x21a0d87e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!UnlockServiceDatabase 000007fefeb2d930 6 bytes {JMP QWORD [RIP-0x21a0d866]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!QueryServiceLockStatusW 000007fefeb2d9a0 6 bytes {JMP QWORD [RIP-0x21a0d91e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!QueryServiceLockStatusA 000007fefeb2dab0 6 bytes {JMP QWORD [RIP-0x21a0da36]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!LockServiceDatabase 000007fefeb2dbc0 6 bytes {JMP QWORD [RIP-0x21a0dafe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameA 000007fefeb2dc40 6 bytes {JMP QWORD [RIP-0x21a0dbb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameA 000007fefeb2dcd0 6 bytes {JMP QWORD [RIP-0x21a0dc36]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!CredDeleteW 000007fefeb40910 6 bytes {JMP QWORD [RIP-0x21a207c6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!CredDeleteA 000007fefeb409d0 6 bytes {JMP QWORD [RIP-0x21a2088e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!ReportEventA 000007fefeb41cc0 6 bytes {JMP QWORD [RIP-0x21a21c96]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!RegConnectRegistryA 000007fefeb4c860 6 bytes {JMP QWORD [RIP-0x21a2c6f6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!CredReadDomainCredentialsW 000007fefeb4d820 6 bytes {JMP QWORD [RIP-0x21a2d6ee]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!CredReadDomainCredentialsA 000007fefeb4d950 6 bytes {JMP QWORD [RIP-0x21a2d826]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!CredWriteDomainCredentialsW 000007fefeb4da80 6 bytes {JMP QWORD [RIP-0x21a2d95e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!CredWriteDomainCredentialsA 000007fefeb4db60 6 bytes {JMP QWORD [RIP-0x21a2da46]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!CredEnumerateW 000007fefeb4dc60 6 bytes {JMP QWORD [RIP-0x21a2db06]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!CredEnumerateA 000007fefeb4dd90 6 bytes {JMP QWORD [RIP-0x21a2dc3e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!CredReadW 000007fefeb4dec0 6 bytes {JMP QWORD [RIP-0x21a2ddae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!CredReadA 000007fefeb4dfd0 6 bytes {JMP QWORD [RIP-0x21a2dec6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!CredWriteW 000007fefeb4e0e0 6 bytes {JMP QWORD [RIP-0x21a2dfde]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!CredWriteA 000007fefeb4e190 6 bytes {JMP QWORD [RIP-0x21a2e096]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithTokenW 000007fefeb50c80 6 bytes {JMP QWORD [RIP-0x21a30b8e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefebc642c 5 bytes JMP 000007fffeb055e8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefebc6484 5 bytes JMP 000007fffeaee870 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefebc6518 5 bytes JMP 000007fffeafae24 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerW 000007fefebc659c 5 bytes JMP 000007fffeaee858 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatus 000007fefebc6730 5 bytes JMP 000007fffeaf61ac .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatusEx 000007fefebc6784 5 bytes JMP 000007fffeae9474 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!StartServiceW 000007fefebc6824 5 bytes JMP 000007fffeae9460 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!SetServiceStatus 000007fefebc687c 5 bytes JMP 000007fffeae8e94 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerA 000007fefebc6aa4 5 bytes JMP 000007fffeafa380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefebc6c34 5 bytes JMP 000007fffeafa36c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!StartServiceA 000007fefebc6d00 5 bytes JMP 000007fffeb1b240 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!QueryServiceObjectSecurity 000007fefebc6d58 5 bytes JMP 000007fffeb1b2dc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefebc6e00 5 bytes JMP 000007fffeb1b24c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefebc6f2c 5 bytes JMP 000007fffeb1b95c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefebc7220 5 bytes JMP 000007fffeb1b8f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefebc739c 5 bytes JMP 000007fffeb1b9d4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefebc7538 5 bytes JMP 000007fffeb1b9c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefebc75e8 5 bytes JMP 000007fffeb1b77c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefebc790c 5 bytes JMP 000007fffeb05548 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefebc7ab4 5 bytes JMP 000007fffeb055d4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigA 000007fefebc7b04 5 bytes JMP 000007fffeb1b2fc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigW 000007fefebc7c34 5 bytes JMP 000007fffeaeecac .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2A 000007fefebc7d78 5 bytes JMP 000007fffeb1b330 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2W 000007fefebc8244 5 bytes JMP 000007fffeb1b310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherA 000007fefebc99e4 5 bytes JMP 000007fffeb1b234 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherW 000007fefebc9ac8 5 bytes JMP 000007fffeae6e4c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerW 000007fefebca51c 5 bytes JMP 000007fffeae2c1c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerA 000007fefebca530 5 bytes JMP 000007fffeb1b2d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExW 000007fefebca5b0 5 bytes JMP 000007fffeae8e60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExA 000007fefebca5c4 5 bytes JMP 000007fffeb1b2c4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChange 000007fefebcbb28 5 bytes JMP 000007fffeaeda10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChangeA 000007fefebcbb3c 5 bytes JMP 000007fffeb07440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!CreateWindowStationW 00000000771614c0 5 bytes JMP 0000000174c745b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!DdeInitializeW 0000000077164b74 5 bytes JMP 0000000174c72f40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077165350 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!OpenInputDesktop 0000000077166f00 5 bytes JMP 0000000174c75e00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!RegisterDeviceNotificationA 0000000077166fe4 5 bytes JMP 0000000174c6dd50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!UnregisterDeviceNotification 00000000771673b8 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetClassInfoA 0000000077167490 5 bytes JMP 0000000174c717c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetClassInfoExA 00000000771674c8 5 bytes JMP 0000000174c71680 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!EnumDesktopWindows 0000000077167d9c 5 bytes JMP 0000000174c74560 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!ActivateKeyboardLayout 00000000771683c0 5 bytes JMP 0000000174c6dad0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SetParent 0000000077168530 5 bytes JMP 0000000174c75990 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077169bcc 5 bytes JMP 0000000174c78b20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!UnregisterClassA 0000000077169e70 5 bytes JMP 0000000174c71560 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!RegisterClassA 0000000077169f68 5 bytes JMP 0000000174c713e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!CreateWindowExA 000000007716a2e0 5 bytes JMP 0000000174c6d510 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!PostMessageA 000000007716a404 5 bytes JMP 0000000174c77de0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!MoveWindow 000000007716aad0 5 bytes JMP 0000000174c6db40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007716b500 5 bytes JMP 0000000174c78f10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!UpdateLayeredWindowIndirect + 368 000000007716b830 5 bytes JMP 0000000174c6da30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SetCursor 000000007716c930 5 bytes JMP 0000000174c75b10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!ScreenToClient 000000007716ca58 5 bytes JMP 0000000174c6e9d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!EnumThreadWindows 000000007716ce5c 5 bytes JMP 0000000174c74500 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!IsWindowEnabled 000000007716d15c 5 bytes JMP 0000000174c6e820 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!AttachThreadInput 000000007716d240 5 bytes JMP 0000000174c6ecc0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!FindWindowW 000000007716d264 5 bytes JMP 0000000174c749b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007716d2b0 5 bytes JMP 0000000174c779e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SendMessageA 000000007716d338 5 bytes JMP 0000000174c77aa0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000000007716d440 5 bytes JMP 0000000174c75440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!UnregisterClassW 000000007716d464 5 bytes JMP 0000000174c714e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SetForegroundWindow 000000007716d540 5 bytes JMP 0000000174c75c50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SetThreadDesktop 000000007716d6d0 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetWindowTextW 000000007716d7a4 5 bytes JMP 0000000174c79bd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!OpenDesktopW 000000007716d870 5 bytes JMP 0000000174c74590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!EnumDesktopsW 000000007716d964 5 bytes JMP 0000000174c74570 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007716dc40 5 bytes JMP 0000000174c77db0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007716f874 5 bytes JMP 0000000174c757f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetUserObjectInformationW 000000007716f9c0 5 bytes JMP 0000000174c75e30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007716fac0 5 bytes JMP 0000000174c77ca0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000077170810 5 bytes JMP 0000000174c6d2c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!RegisterClassW 00000000771708c0 5 bytes JMP 0000000174c712e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077170b74 5 bytes JMP 0000000174c77a40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!RegisterClassExW 0000000077170e9c 5 bytes JMP 0000000174c710e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetClassInfoExW 0000000077171550 5 bytes JMP 0000000174c715e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetClassInfoW 00000000771716d0 5 bytes JMP 0000000174c71720 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!ClientToScreen 00000000771732b8 5 bytes JMP 0000000174c6e940 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SetWindowLongW 00000000771733b0 5 bytes JMP 0000000174c78ad0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetWindowLongPtrA 00000000771737c0 5 bytes JMP 0000000174c78c40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SetWindowPos 0000000077173c50 5 bytes JMP 0000000174c6e4a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetWindow 0000000077174bf4 5 bytes JMP 0000000174c75930 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!EnumChildWindows 0000000077174ce0 5 bytes JMP 0000000174c74490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetIconInfo 0000000077174eec 5 bytes JMP 0000000174c75b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetClassNameW 0000000077174f28 5 bytes JMP 0000000174c71860 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetClassLongPtrW 00000000771752a4 5 bytes JMP 0000000174c78cf0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!IsWindowUnicode 0000000077175360 5 bytes JMP 0000000174c6e840 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetWindowLongA 0000000077175408 5 bytes JMP 0000000174c78a90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetShellWindow 00000000771754a0 5 bytes JMP 0000000174c74df0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!EnumWindows 0000000077175e28 5 bytes JMP 0000000174c74480 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!MonitorFromWindow 0000000077175f08 5 bytes JMP 0000000174c75ce0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!DispatchMessageA 0000000077176274 5 bytes JMP 0000000174c77170 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetClassLongW 0000000077176458 5 bytes JMP 0000000174c78b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SendMessageW 0000000077176b50 5 bytes JMP 0000000174c77b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetClientRect 0000000077176bc8 5 bytes JMP 0000000174c6ea60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetWindowRect 0000000077176c0c 5 bytes JMP 0000000174c6eb30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!MapWindowPoints 0000000077176cd4 5 bytes JMP 0000000174c6e870 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SetPropW 0000000077176f50 5 bytes JMP 0000000174c78670 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!RemovePropW 0000000077176fd0 5 bytes JMP 0000000174c78750 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771776c0 5 bytes JMP 0000000174c78e40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!PostMessageW 00000000771776e4 5 bytes JMP 0000000174c77e80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!IsWindow 0000000077177928 5 bytes JMP 0000000174c6e810 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SetScrollInfo + 380 0000000077177ec0 5 bytes JMP 0000000174c74310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetWindowLongW 0000000077177f20 5 bytes JMP 0000000174c78a50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetPropW 0000000077178878 5 bytes JMP 0000000174c784d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetParent 00000000771789e4 5 bytes JMP 0000000174c75950 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetWindowInfo 0000000077178b08 5 bytes JMP 0000000174c6ec00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!IsIconic 0000000077178c5c 5 bytes JMP 0000000174c6e850 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!IsZoomed 0000000077178c8c 5 bytes JMP 0000000174c6e860 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!IsWindowVisible 0000000077178d24 5 bytes JMP 0000000174c6e830 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetWindowLongPtrW 00000000771796c0 5 bytes JMP 0000000174c78b90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!DispatchMessageW 000000007717991c 5 bytes JMP 0000000174c771a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!AnimateWindow 000000007717bff0 5 bytes JMP 0000000174c6dda0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamW 000000007717ce40 5 bytes JMP 0000000174c73f50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!DialogBoxParamW 000000007717d410 5 bytes JMP 0000000174c74090 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetClipboardData 000000007717e874 5 bytes JMP 0000000174c766c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetPropA 000000007717f4cc 5 bytes JMP 0000000174c785a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771828e4 5 bytes JMP 0000000174c77d80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!WaitForInputIdle 0000000077183fa0 5 bytes JMP 0000000174c6de30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW 0000000077184efc 5 bytes JMP 0000000174c73ec0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamW 0000000077184f70 5 bytes JMP 0000000174c73f90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!CloseClipboard 0000000077185a50 5 bytes JMP 0000000174c75f00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!OpenClipboard 0000000077185a70 5 bytes JMP 0000000174c75eb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW 0000000077187468 5 bytes JMP 0000000174c73e20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!CreateDialogParamW 000000007718751c 5 bytes JMP 0000000174c73fd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!FindWindowA 0000000077188270 5 bytes JMP 0000000174c74ab0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077188be0 5 bytes JMP 0000000174c77c60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077188c20 5 bytes JMP 0000000174c75770 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SendInput 0000000077188cd0 5 bytes JMP 0000000174c75d80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!FindWindowExW 0000000077188d20 5 bytes JMP 0000000174c74bb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!BlockInput 000000007718ad60 5 bytes JMP 0000000174c75d70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!ClipCursor 000000007718adb0 5 bytes JMP 0000000174c75a00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!UserHandleGrantAccess 000000007718b400 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!EnumDesktopsA 000000007719ffa0 5 bytes JMP 0000000174c74580 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!CreateWindowStationA 00000000771a14c4 5 bytes JMP 0000000174c745d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!OpenDesktopA 00000000771a1724 5 bytes JMP 0000000174c74590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SetCursorPos 00000000771a1f58 5 bytes JMP 0000000174c75be0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SetDoubleClickTime 00000000771a1f70 5 bytes JMP 0000000174c9e700 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SwapMouseButton 00000000771a1fa4 5 bytes JMP 0000000174c9e700 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamA 00000000771a2be4 5 bytes JMP 0000000174c73fb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamA 00000000771a2c0c 5 bytes JMP 0000000174c73f70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!DialogBoxParamA 00000000771a2c34 5 bytes JMP 0000000174c740f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!CreateDialogParamA 00000000771a2cf8 5 bytes JMP 0000000174c74030 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!ExitWindowsEx 00000000771b14e0 5 bytes JMP 0000000174c6db00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!EndTask 00000000771b1604 5 bytes JMP 0000000174c6dca0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!DdeInitializeA 00000000771b24a8 5 bytes JMP 0000000174c72f80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!MessageBoxW 00000000771d1314 5 bytes JMP 0000000174c6dbb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!MessageBoxExW 00000000771d1394 5 bytes JMP 0000000174c6dc20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetClassNameA 00000000771db394 5 bytes JMP 0000000174c719b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetClassLongPtrA 00000000771dcb6c 5 bytes JMP 0000000174c78d00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetClassLongA 00000000771dcbac 5 bytes JMP 0000000174c78b80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!GetWindowTextA 00000000771dccd0 5 bytes JMP 0000000174c79c00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!RegisterClassExA 00000000771dd670 5 bytes JMP 0000000174c711e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!FindWindowExA 00000000771ddae0 5 bytes JMP 0000000174c74cd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!RemovePropA 00000000771dde90 5 bytes JMP 0000000174c787b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\USER32.dll!SetPropA 00000000771ddf94 5 bytes JMP 0000000174c786e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\GDI32.dll!EnumFontFamiliesExW 000007fefea28724 6 bytes {JMP QWORD [RIP-0x21908542]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\GDI32.dll!GdiAddFontResourceW 000007fefea2a074 6 bytes {JMP QWORD [RIP-0x21909eba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\GDI32.dll!GdiDllInitialize 000007fefea2ae78 6 bytes {JMP QWORD [RIP-0x2190acc6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\GDI32.dll!RemoveFontResourceExW 000007fefea34784 6 bytes {JMP QWORD [RIP-0x219145c2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\GDI32.dll!GetFontResourceInfoW + 1 000007fefea34845 5 bytes {JMP QWORD [RIP-0x2191467a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\GDI32.dll!EnumFontFamiliesExA 000007fefea491f0 6 bytes {JMP QWORD [RIP-0x21929016]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\GDI32.dll!CreateScalableFontResourceW + 1 000007fefea49f4d 5 bytes {JMP QWORD [RIP-0x21929d7a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\WTSAPI32.dll!WTSEnumerateSessionsW 000007fefaed1430 6 bytes {JMP QWORD [RIP-0x1ddb123e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\WTSAPI32.dll!WTSQueryUserToken 000007fefaed18f0 6 bytes {JMP QWORD [RIP-0x1ddb1706]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\WTSAPI32.dll!WTSRegisterSessionNotification 000007fefaed1d00 6 bytes {JMP QWORD [RIP-0x1ddb1afe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\WTSAPI32.dll!WTSUnRegisterSessionNotification + 1 000007fefaed1e31 5 bytes {JMP QWORD [RIP-0x1ddb1c1e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\WTSAPI32.dll!WTSRegisterSessionNotificationEx 000007fefaed5030 6 bytes {JMP QWORD [RIP-0x1ddb4e26]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\WTSAPI32.dll!WTSUnRegisterSessionNotificationEx 000007fefaed50b4 6 bytes {JMP QWORD [RIP-0x1ddb4e9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\WTSAPI32.dll!WTSEnumerateProcessesW 000007fefaed54b0 6 bytes {JMP QWORD [RIP-0x1ddb52b6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\IMM32.DLL!ImmAssociateContext 000007fefeab1750 6 bytes {JMP QWORD [RIP-0x2199152e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\IMM32.DLL!ImmAssociateContextEx 000007fefeab8240 6 bytes {JMP QWORD [RIP-0x21998016]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\WINNSI.DLL!NsiRpcRegisterChangeNotification 000007fefad21910 6 bytes {JMP QWORD [RIP-0x1dc0162e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd8845c1 5 bytes {JMP QWORD [RIP-0x207642ce]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\WS2_32.dll!WSANSPIoctl 000007fefd8a44c0 6 bytes {JMP QWORD [RIP-0x207841d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd8ae0f0 6 bytes {JMP QWORD [RIP-0x2078ddf6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\CRYPT32.dll!CertGetCertificateChain 000007fefd260ba0 6 bytes {JMP QWORD [RIP-0x2014088e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\CRYPT32.dll!CryptUnprotectData + 1 000007fefd2791b9 5 bytes {JMP QWORD [RIP-0x20158eae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] C:\Windows\system32\CRYPT32.dll!CryptProtectData 000007fefd2796d4 6 bytes {JMP QWORD [RIP-0x201593d2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772822f0 5 bytes JMP 0000000174c883b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077286290 5 bytes JMP 0000000174c882f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk 000000007728a430 5 bytes JMP 0000000100030880 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx 0000000077295140 5 bytes JMP 0000000174c8d350 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentDirectory_U 00000000772a5d20 5 bytes JMP 0000000174c66cc0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentDirectory_U 00000000772a6050 5 bytes JMP 0000000174c66f30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!LdrQueryImageFileExecutionOptions 00000000772a66e0 5 bytes JMP 0000000174c88470 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter 00000000772abe60 6 bytes [51, 48, B8, 00, 12, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter + 8 00000000772abe68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForSingleObject + 8 00000000772abe78 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 00000000772abe90 6 bytes JMP 0000000174c5d910 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile + 8 00000000772abe98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ba1e8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 8 00000000772abea8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b1b88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000772abeb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletion + 8 00000000772abec8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseSemaphore + 8 00000000772abed8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 8 00000000772abee8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyPort + 8 00000000772abef8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772abf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetEvent 00000000772abf10 6 bytes [51, 48, B8, B0, 12, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetEvent + 8 00000000772abf18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf418} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000772abf28 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9dea08} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 8 00000000772abf38 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bee18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationFile + 8 00000000772abf48 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9db028} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000772abf58 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9daba8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey + 8 00000000772abf68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtFindAtom + 8 00000000772abf78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultLocale + 8 00000000772abf88 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9db448} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryKey + 8 00000000772abf98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da868} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey + 8 00000000772abfa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 8 00000000772abfb8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9e1fc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess + 8 00000000772abfc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects32 + 8 00000000772abfd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFileGather + 8 00000000772abfe8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9e1f78} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000772abff8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9ee8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000772ac008 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 8 00000000772ac018 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf6f8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 8 00000000772ac028 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseMutant + 8 00000000772ac038 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec0c8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 00000000772ac048 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cfcd8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 8 00000000772ac058 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9deb38} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVirtualMemory + 8 00000000772ac068 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000772ac078 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000772ac080 6 bytes [51, 48, B8, 20, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 8 00000000772ac088 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000772ac098 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000772ac0a0 7 bytes [48, B8, C4, BF, 01, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000772ac0a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772ac0b0 7 bytes [48, B8, D0, BD, 01, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000772ac0b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm 00000000772ac0c0 6 bytes [51, 48, B8, 60, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm + 8 00000000772ac0c8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772ac0d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772ac0e0 6 bytes [51, 48, B8, 80, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 8 00000000772ac0e8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority 00000000772ac100 6 bytes [51, 48, B8, A0, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority + 8 00000000772ac108 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReadFileScatter + 8 00000000772ac118 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000772ac128 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000772ac130 7 bytes [48, B8, 00, BF, 01, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000772ac138 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPerformanceCounter 00000000772ac140 6 bytes [51, 48, B8, E0, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPerformanceCounter + 8 00000000772ac148 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da228} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey + 8 00000000772ac158 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000772ac168 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDelayExecution 00000000772ac170 6 bytes [51, 48, B8, 10, 15, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDelayExecution + 8 00000000772ac178 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ba0d8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 8 00000000772ac188 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2868} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformation + 8 00000000772ac198 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d25b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000772ac1a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimer + 8 00000000772ac1b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bc838} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 8 00000000772ac1c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000772ac1d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCloseObjectAuditAlarm + 8 00000000772ac1e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec8b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000772ac1f8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772ac208 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtClearEvent 00000000772ac210 6 bytes [51, 48, B8, B0, 15, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtClearEvent + 8 00000000772ac218 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 8 00000000772ac228 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1b08} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000772ac238 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ebfb8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 00000000772ac248 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateToken + 8 00000000772ac258 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage 00000000772ac270 6 bytes [51, 48, B8, 10, 16, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage + 8 00000000772ac278 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000772ac288 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom 00000000772ac2a0 6 bytes [51, 48, B8, 40, 16, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom + 8 00000000772ac2a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d18b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000772ac2b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bcbc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVolumeInformationFile + 8 00000000772ac2c8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d2238} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000772ac2d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtFlushBuffersFile + 8 00000000772ac2e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtApphelpCacheControl + 8 00000000772ac2f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000772ac308 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000772ac318 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtIsProcessInJob + 8 00000000772ac328 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 00000000772ac338 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySection + 8 00000000772ac348 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread + 8 00000000772ac358 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData 00000000772ac370 6 bytes [51, 48, B8, 10, 17, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData + 8 00000000772ac378 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772ac388 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEvent 00000000772ac390 6 bytes [51, 48, B8, 30, 17, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEvent + 8 00000000772ac398 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteRequestData + 8 00000000772ac3a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000772ac3b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeAndAuditAlarm + 8 00000000772ac3c8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects 00000000772ac3e0 6 bytes [51, 48, B8, 80, 17, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects + 8 00000000772ac3e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationObject + 8 00000000772ac3f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFile + 8 00000000772ac408 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2318} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTraceEvent + 8 00000000772ac418 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtPowerInformation + 8 00000000772ac428 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d88e8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000772ac438 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCancelTimer + 8 00000000772ac448 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimer + 8 00000000772ac458 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAcceptConnectPort + 8 00000000772ac468 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheck + 8 00000000772ac478 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType + 8 00000000772ac488 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultList + 8 00000000772ac498 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarm + 8 00000000772ac4a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarmByHandle + 8 00000000772ac4b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 8 00000000772ac4c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddDriverEntry + 8 00000000772ac4d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustGroupsToken + 8 00000000772ac4e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlertResumeThread + 8 00000000772ac4f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlertThread + 8 00000000772ac508 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateLocallyUniqueId + 8 00000000772ac518 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateReserveObject + 8 00000000772ac528 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateUserPhysicalPages + 8 00000000772ac538 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateUuids + 8 00000000772ac548 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 00000000772ac558 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCancelMessage + 8 00000000772ac568 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0de8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 00000000772ac578 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0c68} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 00000000772ac588 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePortSection + 8 00000000772ac598 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateResourceReserve + 8 00000000772ac5a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateSectionView + 8 00000000772ac5b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateSecurityContext + 8 00000000772ac5c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeletePortSection + 8 00000000772ac5d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteResourceReserve + 8 00000000772ac5e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteSectionView + 8 00000000772ac5f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteSecurityContext + 8 00000000772ac608 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDisconnectPort + 8 00000000772ac618 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf118} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort + 8 00000000772ac628 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcOpenSenderProcess + 8 00000000772ac638 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcOpenSenderThread + 8 00000000772ac648 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cedb8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcQueryInformation + 8 00000000772ac658 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cedd8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcQueryInformationMessage + 8 00000000772ac668 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcRevokeSecurityContext + 8 00000000772ac678 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf878} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 00000000772ac688 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSetInformation + 8 00000000772ac698 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAreMappedFilesTheSame + 8 00000000772ac6a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2448} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 8 00000000772ac6b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFileEx + 8 00000000772ac6c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCancelSynchronousIoFile + 8 00000000772ac6d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCommitComplete + 8 00000000772ac6e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCommitEnlistment + 8 00000000772ac6f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCommitTransaction + 8 00000000772ac708 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCompactKeys + 8 00000000772ac718 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCompareTokens + 8 00000000772ac728 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCompleteConnectPort + 8 00000000772ac738 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCompressKey + 8 00000000772ac748 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0538} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 00000000772ac758 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateDebugObject + 8 00000000772ac768 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateDirectoryObject + 8 00000000772ac778 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEnlistment + 8 00000000772ac788 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 8 00000000772ac798 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000772ac7a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2078} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateJobObject + 8 00000000772ac7b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateJobSet + 8 00000000772ac7c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyTransacted + 8 00000000772ac7d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000772ac7e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b9388} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMailslotFile + 8 00000000772ac7f8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d16a8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000772ac808 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b9528} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000772ac818 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePagingFile + 8 00000000772ac828 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000772ac832 4 bytes {JMP 0xfffffffffd9d0290} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 8 00000000772ac838 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePrivateNamespace + 8 00000000772ac848 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000772ac858 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProfile + 8 00000000772ac868 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProfileEx + 8 00000000772ac878 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateResourceManager + 8 00000000772ac888 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1938} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000772ac898 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 8 00000000772ac8a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000772ac8b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000772ac8c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateToken + 8 00000000772ac8d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTransaction + 8 00000000772ac8e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTransactionManager + 8 00000000772ac8f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 8 00000000772ac908 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWaitablePort + 8 00000000772ac918 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWorkerFactory + 8 00000000772ac928 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 8 00000000772ac938 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugContinue + 8 00000000772ac948 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteAtom + 8 00000000772ac958 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 8 00000000772ac968 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteDriverEntry + 8 00000000772ac978 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bef58} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000772ac988 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9daa68} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey + 8 00000000772ac998 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteObjectAuditAlarm + 8 00000000772ac9a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeletePrivateNamespace + 8 00000000772ac9b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da8b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey + 8 00000000772ac9c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDisableLastKnownGood + 8 00000000772ac9d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDisplayString + 8 00000000772ac9e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDrawText + 8 00000000772ac9f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtEnableLastKnownGood + 8 00000000772aca08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateBootEntries + 8 00000000772aca18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateDriverEntries + 8 00000000772aca28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateSystemEnvironmentValuesEx + 8 00000000772aca38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateTransactionObject + 8 00000000772aca48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtExtendSection + 8 00000000772aca58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtFilterToken + 8 00000000772aca68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtFlushInstallUILanguage + 8 00000000772aca78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtFlushInstructionCache + 8 00000000772aca88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtFlushKey + 8 00000000772aca98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtFlushProcessWriteBuffers + 8 00000000772acaa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtFlushVirtualMemory + 8 00000000772acab8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtFlushWriteBuffer + 8 00000000772acac8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtFreeUserPhysicalPages + 8 00000000772acad8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtFreezeRegistry + 8 00000000772acae8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtFreezeTransactions + 8 00000000772acaf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 8 00000000772acb08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtGetCurrentProcessorNumber + 8 00000000772acb18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtGetDevicePowerState + 8 00000000772acb28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtGetMUIRegistryInfo + 8 00000000772acb38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 8 00000000772acb48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 8 00000000772acb58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtGetNlsSectionPtr + 8 00000000772acb68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtGetNotificationResourceManager + 8 00000000772acb78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtGetPlugPlayEvent + 8 00000000772acb88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtGetWriteWatch + 8 00000000772acb98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cebc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateAnonymousToken + 8 00000000772acba8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cebf8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateThread + 8 00000000772acbb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtInitializeNlsFiles + 8 00000000772acbc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtInitializeRegistry + 8 00000000772acbd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtInitiatePowerAction + 8 00000000772acbe8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtIsSystemResumeAutomatic + 8 00000000772acbf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtIsUILanguageComitted + 8 00000000772acc08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtListenPort + 8 00000000772acc18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9dbc78} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000772acc28 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d76a8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKey + 8 00000000772acc38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKey2 + 8 00000000772acc48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKeyEx + 8 00000000772acc58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLockFile + 8 00000000772acc68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLockProductActivationKeys + 8 00000000772acc78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLockRegistryKey + 8 00000000772acc88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLockVirtualMemory + 8 00000000772acc98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtMakePermanentObject + 8 00000000772acca8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject + 8 00000000772accb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtMapCMFModule + 8 00000000772accc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPages + 8 00000000772accd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 8 00000000772acce8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyDriverEntry + 8 00000000772accf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeDirectoryFile + 8 00000000772acd08 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d81b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 8 00000000772acd18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d7088} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 8 00000000772acd28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeSession + 8 00000000772acd38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEnlistment + 8 00000000772acd48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair + 8 00000000772acd58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000772acd68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenJobObject + 8 00000000772acd78 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9138} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000772acd88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyTransacted + 8 00000000772acd98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyTransactedEx + 8 00000000772acda8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000772acdb8 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 2 00000000772acdc2 4 bytes {JMP 0xfffffffffd9d1290} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000772acdc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenObjectAuditAlarm + 8 00000000772acdd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenPrivateNamespace + 8 00000000772acde8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772acdf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenResourceManager 00000000772ace00 6 bytes [51, 48, B8, A0, 21, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenResourceManager + 8 00000000772ace08 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1588} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000772ace18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSession + 8 00000000772ace28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000772ace38 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000772ace48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ace50 6 bytes [51, 48, B8, F0, 21, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000772ace58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTransaction + 8 00000000772ace68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTransactionManager + 8 00000000772ace78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtPlugPlayControl + 8 00000000772ace88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtPrePrepareComplete + 8 00000000772ace98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtPrePrepareEnlistment + 8 00000000772acea8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtPrepareComplete + 8 00000000772aceb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtPrepareEnlistment + 8 00000000772acec8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegeCheck + 8 00000000772aced8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegeObjectAuditAlarm + 8 00000000772acee8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegedServiceAuditAlarm + 8 00000000772acef8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtPropagationComplete + 8 00000000772acf08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtPropagationFailed + 8 00000000772acf18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtPulseEvent + 8 00000000772acf28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryBootEntryOrder + 8 00000000772acf38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryBootOptions + 8 00000000772acf48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDebugFilterState + 8 00000000772acf58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryObject + 8 00000000772acf68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDriverEntryOrder + 8 00000000772acf78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEaFile + 8 00000000772acf88 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000772acf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationAtom 00000000772acfa0 6 bytes [51, 48, B8, 40, 23, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationAtom + 8 00000000772acfa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationEnlistment + 8 00000000772acfb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationJobObject + 8 00000000772acfc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationPort + 8 00000000772acfd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationResourceManager + 8 00000000772acfe8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationTransaction + 8 00000000772acff8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationTransactionManager + 8 00000000772ad008 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationWorkerFactory + 8 00000000772ad018 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInstallUILanguage + 8 00000000772ad028 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryIntervalProfile + 8 00000000772ad038 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryIoCompletion + 8 00000000772ad048 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryLicenseValue + 8 00000000772ad058 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9c88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey + 8 00000000772ad068 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMutant + 8 00000000772ad078 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryOpenSubKeys + 8 00000000772ad088 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryOpenSubKeysEx + 8 00000000772ad098 12 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPortInformationProcess + 5 00000000772ad0a5 1 byte [03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPortInformationProcess + 8 00000000772ad0a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryQuotaInformationFile + 8 00000000772ad0b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityAttributesToken + 8 00000000772ad0c8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eae18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityObject + 8 00000000772ad0d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySemaphore + 8 00000000772ad0e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySymbolicLinkObject + 8 00000000772ad0f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemEnvironmentValue + 8 00000000772ad108 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemEnvironmentValueEx + 8 00000000772ad118 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformationEx + 8 00000000772ad128 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimerResolution + 8 00000000772ad138 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 8 00000000772ad148 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000772ad160 6 bytes [51, 48, B8, 00, 25, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000772ad168 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReadOnlyEnlistment + 8 00000000772ad178 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverEnlistment + 8 00000000772ad188 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverResourceManager + 8 00000000772ad198 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverTransactionManager + 8 00000000772ad1a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtRegisterProtocolAddressInformation + 8 00000000772ad1b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtRegisterThreadTerminatePort + 8 00000000772ad1c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseKeyedEvent + 8 00000000772ad1d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseWorkerFactoryWorker + 8 00000000772ad1e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletionEx + 8 00000000772ad1f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveProcessDebug + 8 00000000772ad208 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d7088} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey + 8 00000000772ad218 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtRenameTransactionManager + 8 00000000772ad228 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplaceKey + 8 00000000772ad238 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplacePartitionUnit + 8 00000000772ad248 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReplyPort + 8 00000000772ad258 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtRequestPort + 8 00000000772ad268 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtResetEvent + 8 00000000772ad278 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtResetWriteWatch + 8 00000000772ad288 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtRestoreKey + 8 00000000772ad298 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess + 8 00000000772ad2a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackComplete + 8 00000000772ad2b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackEnlistment + 8 00000000772ad2c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackTransaction + 8 00000000772ad2d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtRollforwardTransactionManager + 8 00000000772ad2e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f0068} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSaveKey + 8 00000000772ad2f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSaveKeyEx + 8 00000000772ad308 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSaveMergedKeys + 8 00000000772ad318 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cfba8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 00000000772ad328 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSerializeBoot + 8 00000000772ad338 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 8 00000000772ad348 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 8 00000000772ad358 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000772ad368 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetDebugFilterState + 8 00000000772ad378 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultHardErrorPort + 8 00000000772ad388 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultLocale + 8 00000000772ad398 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultUILanguage + 8 00000000772ad3a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetDriverEntryOrder + 8 00000000772ad3b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetEaFile + 8 00000000772ad3c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetHighEventPair + 8 00000000772ad3d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetHighWaitLowEventPair + 8 00000000772ad3e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationDebugObject + 8 00000000772ad3f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationEnlistment + 8 00000000772ad408 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f1728} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationJobObject + 8 00000000772ad418 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationKey + 8 00000000772ad428 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationResourceManager + 8 00000000772ad438 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ead88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationToken + 8 00000000772ad448 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationTransaction + 8 00000000772ad458 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationTransactionManager + 8 00000000772ad468 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationWorkerFactory + 8 00000000772ad478 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetIntervalProfile + 8 00000000772ad488 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetIoCompletion + 8 00000000772ad498 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetIoCompletionEx + 8 00000000772ad4a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetLdtEntries + 8 00000000772ad4b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetLowEventPair + 8 00000000772ad4c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetLowWaitHighEventPair + 8 00000000772ad4d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetQuotaInformationFile + 8 00000000772ad4e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eab18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 8 00000000772ad4f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemEnvironmentValue + 8 00000000772ad508 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemEnvironmentValueEx + 8 00000000772ad518 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000772ad528 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 8 00000000772ad538 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemTime + 8 00000000772ad548 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetThreadExecutionState + 8 00000000772ad558 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimerEx + 8 00000000772ad568 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimerResolution + 8 00000000772ad578 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetUuidSeed + 8 00000000772ad588 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetVolumeInformationFile + 8 00000000772ad598 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem + 8 00000000772ad5a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownWorkerFactory + 8 00000000772ad5b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSignalAndWaitForSingleObject + 8 00000000772ad5c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSinglePhaseReject + 8 00000000772ad5d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtStartProfile + 8 00000000772ad5e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtStopProfile + 8 00000000772ad5f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 00000000772ad608 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 00000000772ad618 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000772ad628 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTestAlert 00000000772ad640 6 bytes [51, 48, B8, E0, 29, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTestAlert + 8 00000000772ad648 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtThawRegistry + 8 00000000772ad658 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtThawTransactions + 8 00000000772ad668 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTraceControl + 8 00000000772ad678 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTranslateFilePath + 8 00000000772ad688 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtUmsThreadYield + 8 00000000772ad698 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadDriver + 8 00000000772ad6a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey + 8 00000000772ad6b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey2 + 8 00000000772ad6c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKeyEx + 8 00000000772ad6d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtUnlockFile + 8 00000000772ad6e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtUnlockVirtualMemory + 8 00000000772ad6f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000772ad708 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForDebugEvent + 8 00000000772ad718 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForKeyedEvent + 8 00000000772ad728 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForWorkViaWorkerFactory + 8 00000000772ad738 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWaitHighEventPair + 8 00000000772ad748 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 8 00000000772ad758 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWorkerFactoryWorkerReady + 8 00000000772ad768 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlGetFullPathName_UEx 00000000772b0cd0 5 bytes JMP 0000000174c671d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\KERNELBASE.dll!GetVolumeInformationW 000007fefd184f30 6 bytes {JMP QWORD [RIP-0x20064f26]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\KERNELBASE.dll!GetFinalPathNameByHandleW 000007fefd189100 6 bytes {JMP QWORD [RIP-0x200690fe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd1b0250 6 bytes {JMP QWORD [RIP-0x20090256]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesW 000007fefeae1460 6 bytes {JMP QWORD [RIP-0x219c13ae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!CloseEventLog + 1 000007fefeae9271 5 bytes {JMP QWORD [RIP-0x219c9236]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!QueryServiceStatusEx 000007fefeae9474 6 bytes {JMP QWORD [RIP-0x219c9432]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!RegConnectRegistryW 000007fefeaeab20 6 bytes {JMP QWORD [RIP-0x219ca9ae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!SetSecurityInfo 000007fefeaeb210 6 bytes {JMP QWORD [RIP-0x219cb08e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!GetSecurityInfo 000007fefeaedad0 6 bytes {JMP QWORD [RIP-0x219cd946]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExW 000007fefeaeeb20 6 bytes {JMP QWORD [RIP-0x219ceaae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!ReportEventW 000007fefeaf0050 6 bytes {JMP QWORD [RIP-0x219d001e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!LookupAccountNameW 000007fefeaf0b24 6 bytes {JMP QWORD [RIP-0x219d09c2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!RegisterEventSourceW + 1 000007fefeaf6031 5 bytes {JMP QWORD [RIP-0x219d6016]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!DeregisterEventSource 000007fefeafa5a0 6 bytes {JMP QWORD [RIP-0x219da57e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb05548 6 bytes {JMP QWORD [RIP-0x219e546e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameW 000007fefeb056a0 6 bytes {JMP QWORD [RIP-0x219e560e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameW 000007fefeb05770 6 bytes {JMP QWORD [RIP-0x219e56ce]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!RegisterEventSourceA + 1 000007fefeb07461 5 bytes {JMP QWORD [RIP-0x219e744e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!QueryServiceObjectSecurity 000007fefeb1b2dc 6 bytes {JMP QWORD [RIP-0x219fb222]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!QueryServiceConfig2W 000007fefeb1b310 6 bytes {JMP QWORD [RIP-0x219fb2be]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!QueryServiceConfig2A 000007fefeb1b330 6 bytes {JMP QWORD [RIP-0x219fb2e6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefeb1b77c 6 bytes {JMP QWORD [RIP-0x219fb6aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!CreateRestrictedToken 000007fefeb1b7fc 6 bytes {JMP QWORD [RIP-0x219fb682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefeb1b8f0 6 bytes {JMP QWORD [RIP-0x219fb806]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefeb1b95c 6 bytes {JMP QWORD [RIP-0x219fb87a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!CredRenameA 000007fefeb22d50 6 bytes {JMP QWORD [RIP-0x21a02c16]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!GetEffectiveRightsFromAclW 000007fefeb25b00 6 bytes {JMP QWORD [RIP-0x21a0596e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesA 000007fefeb2d170 6 bytes {JMP QWORD [RIP-0x21a0d0c6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExA 000007fefeb2d2e0 6 bytes {JMP QWORD [RIP-0x21a0d276]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusA 000007fefeb2d4e0 6 bytes {JMP QWORD [RIP-0x21a0d486]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusW 000007fefeb2d8e0 6 bytes {JMP QWORD [RIP-0x21a0d87e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!UnlockServiceDatabase 000007fefeb2d930 6 bytes {JMP QWORD [RIP-0x21a0d866]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!QueryServiceLockStatusW 000007fefeb2d9a0 6 bytes {JMP QWORD [RIP-0x21a0d91e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!QueryServiceLockStatusA 000007fefeb2dab0 6 bytes {JMP QWORD [RIP-0x21a0da36]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!LockServiceDatabase 000007fefeb2dbc0 6 bytes {JMP QWORD [RIP-0x21a0dafe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameA 000007fefeb2dc40 6 bytes {JMP QWORD [RIP-0x21a0dbb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameA 000007fefeb2dcd0 6 bytes {JMP QWORD [RIP-0x21a0dc36]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!CredDeleteW 000007fefeb40910 6 bytes {JMP QWORD [RIP-0x21a207c6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!CredDeleteA 000007fefeb409d0 6 bytes {JMP QWORD [RIP-0x21a2088e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!ReportEventA 000007fefeb41cc0 6 bytes {JMP QWORD [RIP-0x21a21c96]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!RegConnectRegistryA 000007fefeb4c860 6 bytes {JMP QWORD [RIP-0x21a2c6f6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!CredReadDomainCredentialsW 000007fefeb4d820 6 bytes {JMP QWORD [RIP-0x21a2d6ee]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!CredReadDomainCredentialsA 000007fefeb4d950 6 bytes {JMP QWORD [RIP-0x21a2d826]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!CredWriteDomainCredentialsW 000007fefeb4da80 6 bytes {JMP QWORD [RIP-0x21a2d95e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!CredWriteDomainCredentialsA 000007fefeb4db60 6 bytes {JMP QWORD [RIP-0x21a2da46]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!CredEnumerateW 000007fefeb4dc60 6 bytes {JMP QWORD [RIP-0x21a2db06]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!CredEnumerateA 000007fefeb4dd90 6 bytes {JMP QWORD [RIP-0x21a2dc3e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!CredReadW 000007fefeb4dec0 6 bytes {JMP QWORD [RIP-0x21a2ddae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!CredReadA 000007fefeb4dfd0 6 bytes {JMP QWORD [RIP-0x21a2dec6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!CredWriteW 000007fefeb4e0e0 6 bytes {JMP QWORD [RIP-0x21a2dfde]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!CredWriteA 000007fefeb4e190 6 bytes {JMP QWORD [RIP-0x21a2e096]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithTokenW 000007fefeb50c80 6 bytes {JMP QWORD [RIP-0x21a30b8e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefebc642c 5 bytes JMP 000007fffeb055e8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefebc6484 5 bytes JMP 000007fffeaee870 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefebc6518 5 bytes JMP 000007fffeafae24 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerW 000007fefebc659c 5 bytes JMP 000007fffeaee858 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatus 000007fefebc6730 5 bytes JMP 000007fffeaf61ac .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatusEx 000007fefebc6784 5 bytes JMP 000007fffeae9474 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!StartServiceW 000007fefebc6824 5 bytes JMP 000007fffeae9460 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!SetServiceStatus 000007fefebc687c 5 bytes JMP 000007fffeae8e94 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerA 000007fefebc6aa4 5 bytes JMP 000007fffeafa380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefebc6c34 5 bytes JMP 000007fffeafa36c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!StartServiceA 000007fefebc6d00 5 bytes JMP 000007fffeb1b240 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!QueryServiceObjectSecurity 000007fefebc6d58 5 bytes JMP 000007fffeb1b2dc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefebc6e00 5 bytes JMP 000007fffeb1b24c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefebc6f2c 5 bytes JMP 000007fffeb1b95c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefebc7220 5 bytes JMP 000007fffeb1b8f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefebc739c 5 bytes JMP 000007fffeb1b9d4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefebc7538 5 bytes JMP 000007fffeb1b9c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefebc75e8 5 bytes JMP 000007fffeb1b77c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefebc790c 5 bytes JMP 000007fffeb05548 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefebc7ab4 5 bytes JMP 000007fffeb055d4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigA 000007fefebc7b04 5 bytes JMP 000007fffeb1b2fc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigW 000007fefebc7c34 5 bytes JMP 000007fffeaeecac .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2A 000007fefebc7d78 5 bytes JMP 000007fffeb1b330 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2W 000007fefebc8244 5 bytes JMP 000007fffeb1b310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherA 000007fefebc99e4 5 bytes JMP 000007fffeb1b234 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherW 000007fefebc9ac8 5 bytes JMP 000007fffeae6e4c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerW 000007fefebca51c 5 bytes JMP 000007fffeae2c1c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerA 000007fefebca530 5 bytes JMP 000007fffeb1b2d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExW 000007fefebca5b0 5 bytes JMP 000007fffeae8e60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExA 000007fefebca5c4 5 bytes JMP 000007fffeb1b2c4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChange 000007fefebcbb28 5 bytes JMP 000007fffeaeda10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChangeA 000007fefebcbb3c 5 bytes JMP 000007fffeb07440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!CreateWindowStationW 00000000771614c0 5 bytes JMP 0000000174c745b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!DdeInitializeW 0000000077164b74 5 bytes JMP 0000000174c72f40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077165350 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!OpenInputDesktop 0000000077166f00 5 bytes JMP 0000000174c75e00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!RegisterDeviceNotificationA 0000000077166fe4 5 bytes JMP 0000000174c6dd50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!UnregisterDeviceNotification 00000000771673b8 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetClassInfoA 0000000077167490 5 bytes JMP 0000000174c717c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetClassInfoExA 00000000771674c8 5 bytes JMP 0000000174c71680 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!EnumDesktopWindows 0000000077167d9c 5 bytes JMP 0000000174c74560 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!ActivateKeyboardLayout 00000000771683c0 5 bytes JMP 0000000174c6dad0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SetParent 0000000077168530 5 bytes JMP 0000000174c75990 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077169bcc 5 bytes JMP 0000000174c78b20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!UnregisterClassA 0000000077169e70 5 bytes JMP 0000000174c71560 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!RegisterClassA 0000000077169f68 5 bytes JMP 0000000174c713e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!CreateWindowExA 000000007716a2e0 5 bytes JMP 0000000174c6d510 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!PostMessageA 000000007716a404 5 bytes JMP 0000000174c77de0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!MoveWindow 000000007716aad0 5 bytes JMP 0000000174c6db40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007716b500 5 bytes JMP 0000000174c78f10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!UpdateLayeredWindowIndirect + 368 000000007716b830 5 bytes JMP 0000000174c6da30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SetCursor 000000007716c930 5 bytes JMP 0000000174c75b10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!ScreenToClient 000000007716ca58 5 bytes JMP 0000000174c6e9d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!EnumThreadWindows 000000007716ce5c 5 bytes JMP 0000000174c74500 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!IsWindowEnabled 000000007716d15c 5 bytes JMP 0000000174c6e820 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!AttachThreadInput 000000007716d240 5 bytes JMP 0000000174c6ecc0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!FindWindowW 000000007716d264 5 bytes JMP 0000000174c749b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007716d2b0 5 bytes JMP 0000000174c779e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SendMessageA 000000007716d338 5 bytes JMP 0000000174c77aa0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000000007716d440 5 bytes JMP 0000000174c75440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!UnregisterClassW 000000007716d464 5 bytes JMP 0000000174c714e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SetForegroundWindow 000000007716d540 5 bytes JMP 0000000174c75c50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SetThreadDesktop 000000007716d6d0 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetWindowTextW 000000007716d7a4 5 bytes JMP 0000000174c79bd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!OpenDesktopW 000000007716d870 5 bytes JMP 0000000174c74590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!EnumDesktopsW 000000007716d964 5 bytes JMP 0000000174c74570 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007716dc40 5 bytes JMP 0000000174c77db0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007716f874 5 bytes JMP 0000000174c757f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetUserObjectInformationW 000000007716f9c0 5 bytes JMP 0000000174c75e30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007716fac0 5 bytes JMP 0000000174c77ca0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000077170810 5 bytes JMP 0000000174c6d2c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!RegisterClassW 00000000771708c0 5 bytes JMP 0000000174c712e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077170b74 5 bytes JMP 0000000174c77a40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!RegisterClassExW 0000000077170e9c 5 bytes JMP 0000000174c710e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetClassInfoExW 0000000077171550 5 bytes JMP 0000000174c715e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetClassInfoW 00000000771716d0 5 bytes JMP 0000000174c71720 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!ClientToScreen 00000000771732b8 5 bytes JMP 0000000174c6e940 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SetWindowLongW 00000000771733b0 5 bytes JMP 0000000174c78ad0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetWindowLongPtrA 00000000771737c0 5 bytes JMP 0000000174c78c40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SetWindowPos 0000000077173c50 5 bytes JMP 0000000174c6e4a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetWindow 0000000077174bf4 5 bytes JMP 0000000174c75930 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!EnumChildWindows 0000000077174ce0 5 bytes JMP 0000000174c74490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetIconInfo 0000000077174eec 5 bytes JMP 0000000174c75b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetClassNameW 0000000077174f28 5 bytes JMP 0000000174c71860 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetClassLongPtrW 00000000771752a4 5 bytes JMP 0000000174c78cf0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!IsWindowUnicode 0000000077175360 5 bytes JMP 0000000174c6e840 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetWindowLongA 0000000077175408 5 bytes JMP 0000000174c78a90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetShellWindow 00000000771754a0 5 bytes JMP 0000000174c74df0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!EnumWindows 0000000077175e28 5 bytes JMP 0000000174c74480 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!MonitorFromWindow 0000000077175f08 5 bytes JMP 0000000174c75ce0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!DispatchMessageA 0000000077176274 5 bytes JMP 0000000174c77170 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetClassLongW 0000000077176458 5 bytes JMP 0000000174c78b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SendMessageW 0000000077176b50 5 bytes JMP 0000000174c77b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetClientRect 0000000077176bc8 5 bytes JMP 0000000174c6ea60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetWindowRect 0000000077176c0c 5 bytes JMP 0000000174c6eb30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!MapWindowPoints 0000000077176cd4 5 bytes JMP 0000000174c6e870 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SetPropW 0000000077176f50 5 bytes JMP 0000000174c78670 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!RemovePropW 0000000077176fd0 5 bytes JMP 0000000174c78750 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771776c0 5 bytes JMP 0000000174c78e40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!PostMessageW 00000000771776e4 5 bytes JMP 0000000174c77e80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!IsWindow 0000000077177928 5 bytes JMP 0000000174c6e810 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SetScrollInfo + 380 0000000077177ec0 5 bytes JMP 0000000174c74310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetWindowLongW 0000000077177f20 5 bytes JMP 0000000174c78a50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetPropW 0000000077178878 5 bytes JMP 0000000174c784d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetParent 00000000771789e4 5 bytes JMP 0000000174c75950 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetWindowInfo 0000000077178b08 5 bytes JMP 0000000174c6ec00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!IsIconic 0000000077178c5c 5 bytes JMP 0000000174c6e850 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!IsZoomed 0000000077178c8c 5 bytes JMP 0000000174c6e860 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!IsWindowVisible 0000000077178d24 5 bytes JMP 0000000174c6e830 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetWindowLongPtrW 00000000771796c0 5 bytes JMP 0000000174c78b90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!DispatchMessageW 000000007717991c 5 bytes JMP 0000000174c771a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!AnimateWindow 000000007717bff0 5 bytes JMP 0000000174c6dda0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamW 000000007717ce40 5 bytes JMP 0000000174c73f50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!DialogBoxParamW 000000007717d410 5 bytes JMP 0000000174c74090 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetClipboardData 000000007717e874 5 bytes JMP 0000000174c766c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetPropA 000000007717f4cc 5 bytes JMP 0000000174c785a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771828e4 5 bytes JMP 0000000174c77d80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!WaitForInputIdle 0000000077183fa0 5 bytes JMP 0000000174c6de30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW 0000000077184efc 5 bytes JMP 0000000174c73ec0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamW 0000000077184f70 5 bytes JMP 0000000174c73f90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!CloseClipboard 0000000077185a50 5 bytes JMP 0000000174c75f00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!OpenClipboard 0000000077185a70 5 bytes JMP 0000000174c75eb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW 0000000077187468 5 bytes JMP 0000000174c73e20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!CreateDialogParamW 000000007718751c 5 bytes JMP 0000000174c73fd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!FindWindowA 0000000077188270 5 bytes JMP 0000000174c74ab0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077188be0 5 bytes JMP 0000000174c77c60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077188c20 5 bytes JMP 0000000174c75770 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SendInput 0000000077188cd0 5 bytes JMP 0000000174c75d80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!FindWindowExW 0000000077188d20 5 bytes JMP 0000000174c74bb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!BlockInput 000000007718ad60 5 bytes JMP 0000000174c75d70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!ClipCursor 000000007718adb0 5 bytes JMP 0000000174c75a00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!UserHandleGrantAccess 000000007718b400 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!EnumDesktopsA 000000007719ffa0 5 bytes JMP 0000000174c74580 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!CreateWindowStationA 00000000771a14c4 5 bytes JMP 0000000174c745d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!OpenDesktopA 00000000771a1724 5 bytes JMP 0000000174c74590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SetCursorPos 00000000771a1f58 5 bytes JMP 0000000174c75be0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SetDoubleClickTime 00000000771a1f70 5 bytes JMP 0000000174c9e700 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SwapMouseButton 00000000771a1fa4 5 bytes JMP 0000000174c9e700 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamA 00000000771a2be4 5 bytes JMP 0000000174c73fb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamA 00000000771a2c0c 5 bytes JMP 0000000174c73f70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!DialogBoxParamA 00000000771a2c34 5 bytes JMP 0000000174c740f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!CreateDialogParamA 00000000771a2cf8 5 bytes JMP 0000000174c74030 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!ExitWindowsEx 00000000771b14e0 5 bytes JMP 0000000174c6db00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!EndTask 00000000771b1604 5 bytes JMP 0000000174c6dca0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!DdeInitializeA 00000000771b24a8 5 bytes JMP 0000000174c72f80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!MessageBoxW 00000000771d1314 5 bytes JMP 0000000174c6dbb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!MessageBoxExW 00000000771d1394 5 bytes JMP 0000000174c6dc20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetClassNameA 00000000771db394 5 bytes JMP 0000000174c719b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetClassLongPtrA 00000000771dcb6c 5 bytes JMP 0000000174c78d00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetClassLongA 00000000771dcbac 5 bytes JMP 0000000174c78b80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!GetWindowTextA 00000000771dccd0 5 bytes JMP 0000000174c79c00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!RegisterClassExA 00000000771dd670 5 bytes JMP 0000000174c711e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!FindWindowExA 00000000771ddae0 5 bytes JMP 0000000174c74cd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!RemovePropA 00000000771dde90 5 bytes JMP 0000000174c787b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\USER32.dll!SetPropA 00000000771ddf94 5 bytes JMP 0000000174c786e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\GDI32.dll!EnumFontFamiliesExW 000007fefea28724 6 bytes {JMP QWORD [RIP-0x21908542]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\GDI32.dll!GdiAddFontResourceW 000007fefea2a074 6 bytes {JMP QWORD [RIP-0x21909eba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\GDI32.dll!GdiDllInitialize 000007fefea2ae78 6 bytes {JMP QWORD [RIP-0x2190acc6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\GDI32.dll!RemoveFontResourceExW 000007fefea34784 6 bytes {JMP QWORD [RIP-0x219145c2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\GDI32.dll!GetFontResourceInfoW + 1 000007fefea34845 5 bytes {JMP QWORD [RIP-0x2191467a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\GDI32.dll!EnumFontFamiliesExA 000007fefea491f0 6 bytes {JMP QWORD [RIP-0x21929016]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\GDI32.dll!CreateScalableFontResourceW + 1 000007fefea49f4d 5 bytes {JMP QWORD [RIP-0x21929d7a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\WTSAPI32.dll!WTSEnumerateSessionsW 000007fefaed1430 6 bytes {JMP QWORD [RIP-0x1ddb123e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\WTSAPI32.dll!WTSQueryUserToken 000007fefaed18f0 6 bytes {JMP QWORD [RIP-0x1ddb1706]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\WTSAPI32.dll!WTSRegisterSessionNotification 000007fefaed1d00 6 bytes {JMP QWORD [RIP-0x1ddb1afe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\WTSAPI32.dll!WTSUnRegisterSessionNotification + 1 000007fefaed1e31 5 bytes {JMP QWORD [RIP-0x1ddb1c1e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\WTSAPI32.dll!WTSRegisterSessionNotificationEx 000007fefaed5030 6 bytes {JMP QWORD [RIP-0x1ddb4e26]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\WTSAPI32.dll!WTSUnRegisterSessionNotificationEx 000007fefaed50b4 6 bytes {JMP QWORD [RIP-0x1ddb4e9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\WTSAPI32.dll!WTSEnumerateProcessesW 000007fefaed54b0 6 bytes {JMP QWORD [RIP-0x1ddb52b6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\IMM32.DLL!ImmAssociateContext 000007fefeab1750 6 bytes {JMP QWORD [RIP-0x2199152e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\IMM32.DLL!ImmAssociateContextEx 000007fefeab8240 6 bytes {JMP QWORD [RIP-0x21998016]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\WINNSI.DLL!NsiRpcRegisterChangeNotification 000007fefad21910 6 bytes {JMP QWORD [RIP-0x1dc0162e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd8845c1 5 bytes {JMP QWORD [RIP-0x207642ce]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\WS2_32.dll!WSANSPIoctl 000007fefd8a44c0 6 bytes {JMP QWORD [RIP-0x207841d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd8ae0f0 6 bytes {JMP QWORD [RIP-0x2078ddf6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\CRYPT32.dll!CertGetCertificateChain 000007fefd260ba0 6 bytes {JMP QWORD [RIP-0x2014088e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\CRYPT32.dll!CryptUnprotectData + 1 000007fefd2791b9 5 bytes {JMP QWORD [RIP-0x20158eae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] C:\Windows\system32\CRYPT32.dll!CryptProtectData 000007fefd2796d4 6 bytes {JMP QWORD [RIP-0x201593d2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772822f0 5 bytes JMP 0000000174c883b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077286290 5 bytes JMP 0000000174c882f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk 000000007728a430 5 bytes JMP 0000000100030880 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx 0000000077295140 5 bytes JMP 0000000174c8d350 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentDirectory_U 00000000772a5d20 5 bytes JMP 0000000174c66cc0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentDirectory_U 00000000772a6050 5 bytes JMP 0000000174c66f30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!LdrQueryImageFileExecutionOptions 00000000772a66e0 5 bytes JMP 0000000174c88470 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter 00000000772abe60 6 bytes [51, 48, B8, 00, 12, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter + 8 00000000772abe68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForSingleObject + 8 00000000772abe78 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 00000000772abe90 6 bytes JMP 0000000174c5d910 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile + 8 00000000772abe98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ba1e8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 8 00000000772abea8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b1b88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000772abeb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletion + 8 00000000772abec8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseSemaphore + 8 00000000772abed8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 8 00000000772abee8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyPort + 8 00000000772abef8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772abf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetEvent 00000000772abf10 6 bytes [51, 48, B8, B0, 12, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetEvent + 8 00000000772abf18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf418} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000772abf28 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9dea08} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 8 00000000772abf38 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bee18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationFile + 8 00000000772abf48 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9db028} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000772abf58 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9daba8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey + 8 00000000772abf68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtFindAtom + 8 00000000772abf78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultLocale + 8 00000000772abf88 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9db448} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryKey + 8 00000000772abf98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da868} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey + 8 00000000772abfa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 8 00000000772abfb8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9e1fc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess + 8 00000000772abfc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects32 + 8 00000000772abfd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFileGather + 8 00000000772abfe8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9e1f78} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000772abff8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9ee8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000772ac008 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 8 00000000772ac018 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf6f8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 8 00000000772ac028 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseMutant + 8 00000000772ac038 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec0c8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 00000000772ac048 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cfcd8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 8 00000000772ac058 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9deb38} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVirtualMemory + 8 00000000772ac068 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000772ac078 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000772ac080 6 bytes [51, 48, B8, 20, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 8 00000000772ac088 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000772ac098 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000772ac0a0 7 bytes [48, B8, C4, BF, 01, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000772ac0a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772ac0b0 7 bytes [48, B8, D0, BD, 01, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000772ac0b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm 00000000772ac0c0 6 bytes [51, 48, B8, 60, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm + 8 00000000772ac0c8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772ac0d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772ac0e0 6 bytes [51, 48, B8, 80, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 8 00000000772ac0e8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority 00000000772ac100 6 bytes [51, 48, B8, A0, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority + 8 00000000772ac108 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtReadFileScatter + 8 00000000772ac118 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000772ac128 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000772ac130 7 bytes [48, B8, 00, BF, 01, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000772ac138 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPerformanceCounter 00000000772ac140 6 bytes [51, 48, B8, E0, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPerformanceCounter + 8 00000000772ac148 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da228} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey + 8 00000000772ac158 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000772ac168 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDelayExecution 00000000772ac170 6 bytes [51, 48, B8, 10, 15, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDelayExecution + 8 00000000772ac178 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ba0d8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 8 00000000772ac188 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2868} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformation + 8 00000000772ac198 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d25b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000772ac1a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimer + 8 00000000772ac1b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bc838} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 8 00000000772ac1c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000772ac1d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCloseObjectAuditAlarm + 8 00000000772ac1e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec8b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000772ac1f8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772ac208 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtClearEvent 00000000772ac210 6 bytes [51, 48, B8, B0, 15, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtClearEvent + 8 00000000772ac218 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 8 00000000772ac228 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1b08} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000772ac238 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ebfb8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 00000000772ac248 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateToken + 8 00000000772ac258 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage 00000000772ac270 6 bytes [51, 48, B8, 10, 16, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage + 8 00000000772ac278 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000772ac288 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom 00000000772ac2a0 6 bytes [51, 48, B8, 40, 16, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom + 8 00000000772ac2a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d18b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000772ac2b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bcbc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVolumeInformationFile + 8 00000000772ac2c8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d2238} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000772ac2d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtFlushBuffersFile + 8 00000000772ac2e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtApphelpCacheControl + 8 00000000772ac2f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000772ac308 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000772ac318 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtIsProcessInJob + 8 00000000772ac328 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 00000000772ac338 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySection + 8 00000000772ac348 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread + 8 00000000772ac358 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData 00000000772ac370 6 bytes [51, 48, B8, 10, 17, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData + 8 00000000772ac378 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772ac388 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEvent 00000000772ac390 6 bytes [51, 48, B8, 30, 17, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEvent + 8 00000000772ac398 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteRequestData + 8 00000000772ac3a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000772ac3b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeAndAuditAlarm + 8 00000000772ac3c8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects 00000000772ac3e0 6 bytes [51, 48, B8, 80, 17, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects + 8 00000000772ac3e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationObject + 8 00000000772ac3f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFile + 8 00000000772ac408 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2318} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtTraceEvent + 8 00000000772ac418 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtPowerInformation + 8 00000000772ac428 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d88e8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000772ac438 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCancelTimer + 8 00000000772ac448 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimer + 8 00000000772ac458 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAcceptConnectPort + 8 00000000772ac468 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheck + 8 00000000772ac478 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType + 8 00000000772ac488 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultList + 8 00000000772ac498 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarm + 8 00000000772ac4a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarmByHandle + 8 00000000772ac4b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 8 00000000772ac4c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAddDriverEntry + 8 00000000772ac4d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustGroupsToken + 8 00000000772ac4e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlertResumeThread + 8 00000000772ac4f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlertThread + 8 00000000772ac508 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateLocallyUniqueId + 8 00000000772ac518 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateReserveObject + 8 00000000772ac528 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateUserPhysicalPages + 8 00000000772ac538 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateUuids + 8 00000000772ac548 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 00000000772ac558 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCancelMessage + 8 00000000772ac568 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0de8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 00000000772ac578 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0c68} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 00000000772ac588 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePortSection + 8 00000000772ac598 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateResourceReserve + 8 00000000772ac5a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateSectionView + 8 00000000772ac5b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateSecurityContext + 8 00000000772ac5c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeletePortSection + 8 00000000772ac5d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteResourceReserve + 8 00000000772ac5e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteSectionView + 8 00000000772ac5f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteSecurityContext + 8 00000000772ac608 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDisconnectPort + 8 00000000772ac618 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf118} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort + 8 00000000772ac628 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcOpenSenderProcess + 8 00000000772ac638 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcOpenSenderThread + 8 00000000772ac648 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cedb8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcQueryInformation + 8 00000000772ac658 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cedd8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcQueryInformationMessage + 8 00000000772ac668 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcRevokeSecurityContext + 8 00000000772ac678 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf878} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 00000000772ac688 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSetInformation + 8 00000000772ac698 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAreMappedFilesTheSame + 8 00000000772ac6a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2448} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 8 00000000772ac6b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFileEx + 8 00000000772ac6c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCancelSynchronousIoFile + 8 00000000772ac6d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCommitComplete + 8 00000000772ac6e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCommitEnlistment + 8 00000000772ac6f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCommitTransaction + 8 00000000772ac708 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCompactKeys + 8 00000000772ac718 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCompareTokens + 8 00000000772ac728 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCompleteConnectPort + 8 00000000772ac738 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCompressKey + 8 00000000772ac748 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0538} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 00000000772ac758 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateDebugObject + 8 00000000772ac768 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateDirectoryObject + 8 00000000772ac778 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEnlistment + 8 00000000772ac788 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 8 00000000772ac798 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000772ac7a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2078} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateJobObject + 8 00000000772ac7b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateJobSet + 8 00000000772ac7c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyTransacted + 8 00000000772ac7d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000772ac7e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b9388} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMailslotFile + 8 00000000772ac7f8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d16a8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000772ac808 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b9528} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000772ac818 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePagingFile + 8 00000000772ac828 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000772ac832 4 bytes {JMP 0xfffffffffd9d0290} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 8 00000000772ac838 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePrivateNamespace + 8 00000000772ac848 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000772ac858 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProfile + 8 00000000772ac868 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProfileEx + 8 00000000772ac878 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateResourceManager + 8 00000000772ac888 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1938} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000772ac898 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 8 00000000772ac8a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000772ac8b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000772ac8c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateToken + 8 00000000772ac8d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTransaction + 8 00000000772ac8e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTransactionManager + 8 00000000772ac8f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 8 00000000772ac908 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWaitablePort + 8 00000000772ac918 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWorkerFactory + 8 00000000772ac928 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 8 00000000772ac938 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugContinue + 8 00000000772ac948 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteAtom + 8 00000000772ac958 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 8 00000000772ac968 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteDriverEntry + 8 00000000772ac978 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bef58} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000772ac988 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9daa68} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey + 8 00000000772ac998 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteObjectAuditAlarm + 8 00000000772ac9a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDeletePrivateNamespace + 8 00000000772ac9b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da8b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey + 8 00000000772ac9c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDisableLastKnownGood + 8 00000000772ac9d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDisplayString + 8 00000000772ac9e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDrawText + 8 00000000772ac9f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtEnableLastKnownGood + 8 00000000772aca08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateBootEntries + 8 00000000772aca18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateDriverEntries + 8 00000000772aca28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateSystemEnvironmentValuesEx + 8 00000000772aca38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateTransactionObject + 8 00000000772aca48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtExtendSection + 8 00000000772aca58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtFilterToken + 8 00000000772aca68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtFlushInstallUILanguage + 8 00000000772aca78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtFlushInstructionCache + 8 00000000772aca88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtFlushKey + 8 00000000772aca98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtFlushProcessWriteBuffers + 8 00000000772acaa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtFlushVirtualMemory + 8 00000000772acab8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtFlushWriteBuffer + 8 00000000772acac8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtFreeUserPhysicalPages + 8 00000000772acad8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtFreezeRegistry + 8 00000000772acae8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtFreezeTransactions + 8 00000000772acaf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 8 00000000772acb08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtGetCurrentProcessorNumber + 8 00000000772acb18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtGetDevicePowerState + 8 00000000772acb28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtGetMUIRegistryInfo + 8 00000000772acb38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 8 00000000772acb48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 8 00000000772acb58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtGetNlsSectionPtr + 8 00000000772acb68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtGetNotificationResourceManager + 8 00000000772acb78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtGetPlugPlayEvent + 8 00000000772acb88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtGetWriteWatch + 8 00000000772acb98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cebc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateAnonymousToken + 8 00000000772acba8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cebf8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateThread + 8 00000000772acbb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtInitializeNlsFiles + 8 00000000772acbc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtInitializeRegistry + 8 00000000772acbd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtInitiatePowerAction + 8 00000000772acbe8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtIsSystemResumeAutomatic + 8 00000000772acbf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtIsUILanguageComitted + 8 00000000772acc08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtListenPort + 8 00000000772acc18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9dbc78} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000772acc28 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d76a8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKey + 8 00000000772acc38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKey2 + 8 00000000772acc48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKeyEx + 8 00000000772acc58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtLockFile + 8 00000000772acc68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtLockProductActivationKeys + 8 00000000772acc78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtLockRegistryKey + 8 00000000772acc88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtLockVirtualMemory + 8 00000000772acc98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtMakePermanentObject + 8 00000000772acca8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject + 8 00000000772accb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtMapCMFModule + 8 00000000772accc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPages + 8 00000000772accd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 8 00000000772acce8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyDriverEntry + 8 00000000772accf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeDirectoryFile + 8 00000000772acd08 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d81b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 8 00000000772acd18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d7088} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 8 00000000772acd28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeSession + 8 00000000772acd38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEnlistment + 8 00000000772acd48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair + 8 00000000772acd58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000772acd68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenJobObject + 8 00000000772acd78 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9138} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000772acd88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyTransacted + 8 00000000772acd98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyTransactedEx + 8 00000000772acda8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000772acdb8 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 2 00000000772acdc2 4 bytes {JMP 0xfffffffffd9d1290} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000772acdc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenObjectAuditAlarm + 8 00000000772acdd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenPrivateNamespace + 8 00000000772acde8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772acdf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenResourceManager 00000000772ace00 6 bytes [51, 48, B8, A0, 21, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenResourceManager + 8 00000000772ace08 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1588} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000772ace18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSession + 8 00000000772ace28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000772ace38 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000772ace48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ace50 6 bytes [51, 48, B8, F0, 21, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000772ace58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTransaction + 8 00000000772ace68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTransactionManager + 8 00000000772ace78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtPlugPlayControl + 8 00000000772ace88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtPrePrepareComplete + 8 00000000772ace98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtPrePrepareEnlistment + 8 00000000772acea8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtPrepareComplete + 8 00000000772aceb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtPrepareEnlistment + 8 00000000772acec8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegeCheck + 8 00000000772aced8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegeObjectAuditAlarm + 8 00000000772acee8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegedServiceAuditAlarm + 8 00000000772acef8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtPropagationComplete + 8 00000000772acf08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtPropagationFailed + 8 00000000772acf18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtPulseEvent + 8 00000000772acf28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryBootEntryOrder + 8 00000000772acf38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryBootOptions + 8 00000000772acf48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDebugFilterState + 8 00000000772acf58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryObject + 8 00000000772acf68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDriverEntryOrder + 8 00000000772acf78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEaFile + 8 00000000772acf88 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000772acf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationAtom 00000000772acfa0 6 bytes [51, 48, B8, 40, 23, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationAtom + 8 00000000772acfa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationEnlistment + 8 00000000772acfb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationJobObject + 8 00000000772acfc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationPort + 8 00000000772acfd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationResourceManager + 8 00000000772acfe8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationTransaction + 8 00000000772acff8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationTransactionManager + 8 00000000772ad008 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationWorkerFactory + 8 00000000772ad018 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInstallUILanguage + 8 00000000772ad028 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryIntervalProfile + 8 00000000772ad038 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryIoCompletion + 8 00000000772ad048 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryLicenseValue + 8 00000000772ad058 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9c88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey + 8 00000000772ad068 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMutant + 8 00000000772ad078 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryOpenSubKeys + 8 00000000772ad088 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryOpenSubKeysEx + 8 00000000772ad098 12 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPortInformationProcess + 5 00000000772ad0a5 1 byte [03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPortInformationProcess + 8 00000000772ad0a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryQuotaInformationFile + 8 00000000772ad0b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityAttributesToken + 8 00000000772ad0c8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eae18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityObject + 8 00000000772ad0d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySemaphore + 8 00000000772ad0e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySymbolicLinkObject + 8 00000000772ad0f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemEnvironmentValue + 8 00000000772ad108 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemEnvironmentValueEx + 8 00000000772ad118 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformationEx + 8 00000000772ad128 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimerResolution + 8 00000000772ad138 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 8 00000000772ad148 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000772ad160 6 bytes [51, 48, B8, 00, 25, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000772ad168 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtReadOnlyEnlistment + 8 00000000772ad178 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverEnlistment + 8 00000000772ad188 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverResourceManager + 8 00000000772ad198 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverTransactionManager + 8 00000000772ad1a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtRegisterProtocolAddressInformation + 8 00000000772ad1b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtRegisterThreadTerminatePort + 8 00000000772ad1c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseKeyedEvent + 8 00000000772ad1d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseWorkerFactoryWorker + 8 00000000772ad1e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletionEx + 8 00000000772ad1f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveProcessDebug + 8 00000000772ad208 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d7088} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey + 8 00000000772ad218 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtRenameTransactionManager + 8 00000000772ad228 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtReplaceKey + 8 00000000772ad238 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtReplacePartitionUnit + 8 00000000772ad248 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReplyPort + 8 00000000772ad258 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtRequestPort + 8 00000000772ad268 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtResetEvent + 8 00000000772ad278 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtResetWriteWatch + 8 00000000772ad288 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtRestoreKey + 8 00000000772ad298 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess + 8 00000000772ad2a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackComplete + 8 00000000772ad2b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackEnlistment + 8 00000000772ad2c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackTransaction + 8 00000000772ad2d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtRollforwardTransactionManager + 8 00000000772ad2e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f0068} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSaveKey + 8 00000000772ad2f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSaveKeyEx + 8 00000000772ad308 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSaveMergedKeys + 8 00000000772ad318 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cfba8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 00000000772ad328 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSerializeBoot + 8 00000000772ad338 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 8 00000000772ad348 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 8 00000000772ad358 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000772ad368 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetDebugFilterState + 8 00000000772ad378 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultHardErrorPort + 8 00000000772ad388 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultLocale + 8 00000000772ad398 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultUILanguage + 8 00000000772ad3a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetDriverEntryOrder + 8 00000000772ad3b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetEaFile + 8 00000000772ad3c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetHighEventPair + 8 00000000772ad3d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetHighWaitLowEventPair + 8 00000000772ad3e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationDebugObject + 8 00000000772ad3f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationEnlistment + 8 00000000772ad408 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f1728} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationJobObject + 8 00000000772ad418 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationKey + 8 00000000772ad428 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationResourceManager + 8 00000000772ad438 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ead88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationToken + 8 00000000772ad448 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationTransaction + 8 00000000772ad458 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationTransactionManager + 8 00000000772ad468 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationWorkerFactory + 8 00000000772ad478 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetIntervalProfile + 8 00000000772ad488 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetIoCompletion + 8 00000000772ad498 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetIoCompletionEx + 8 00000000772ad4a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetLdtEntries + 8 00000000772ad4b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetLowEventPair + 8 00000000772ad4c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetLowWaitHighEventPair + 8 00000000772ad4d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetQuotaInformationFile + 8 00000000772ad4e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eab18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 8 00000000772ad4f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemEnvironmentValue + 8 00000000772ad508 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemEnvironmentValueEx + 8 00000000772ad518 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000772ad528 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 8 00000000772ad538 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemTime + 8 00000000772ad548 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetThreadExecutionState + 8 00000000772ad558 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimerEx + 8 00000000772ad568 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimerResolution + 8 00000000772ad578 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetUuidSeed + 8 00000000772ad588 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetVolumeInformationFile + 8 00000000772ad598 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem + 8 00000000772ad5a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownWorkerFactory + 8 00000000772ad5b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSignalAndWaitForSingleObject + 8 00000000772ad5c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSinglePhaseReject + 8 00000000772ad5d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtStartProfile + 8 00000000772ad5e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtStopProfile + 8 00000000772ad5f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 00000000772ad608 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 00000000772ad618 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000772ad628 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtTestAlert 00000000772ad640 6 bytes [51, 48, B8, E0, 29, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtTestAlert + 8 00000000772ad648 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtThawRegistry + 8 00000000772ad658 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtThawTransactions + 8 00000000772ad668 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtTraceControl + 8 00000000772ad678 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtTranslateFilePath + 8 00000000772ad688 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtUmsThreadYield + 8 00000000772ad698 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadDriver + 8 00000000772ad6a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey + 8 00000000772ad6b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey2 + 8 00000000772ad6c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKeyEx + 8 00000000772ad6d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtUnlockFile + 8 00000000772ad6e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtUnlockVirtualMemory + 8 00000000772ad6f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000772ad708 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForDebugEvent + 8 00000000772ad718 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForKeyedEvent + 8 00000000772ad728 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForWorkViaWorkerFactory + 8 00000000772ad738 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtWaitHighEventPair + 8 00000000772ad748 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 8 00000000772ad758 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtWorkerFactoryWorkerReady + 8 00000000772ad768 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!RtlGetFullPathName_UEx 00000000772b0cd0 5 bytes JMP 0000000174c671d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\KERNELBASE.dll!GetVolumeInformationW 000007fefd184f30 6 bytes {JMP QWORD [RIP-0x20064f26]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\KERNELBASE.dll!GetFinalPathNameByHandleW 000007fefd189100 6 bytes {JMP QWORD [RIP-0x200690fe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd1b0250 6 bytes {JMP QWORD [RIP-0x20090256]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesW 000007fefeae1460 6 bytes {JMP QWORD [RIP-0x219c13ae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!CloseEventLog + 1 000007fefeae9271 5 bytes {JMP QWORD [RIP-0x219c9236]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!QueryServiceStatusEx 000007fefeae9474 6 bytes {JMP QWORD [RIP-0x219c9432]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!RegConnectRegistryW 000007fefeaeab20 6 bytes {JMP QWORD [RIP-0x219ca9ae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!SetSecurityInfo 000007fefeaeb210 6 bytes {JMP QWORD [RIP-0x219cb08e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!GetSecurityInfo 000007fefeaedad0 6 bytes {JMP QWORD [RIP-0x219cd946]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExW 000007fefeaeeb20 6 bytes {JMP QWORD [RIP-0x219ceaae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!ReportEventW 000007fefeaf0050 6 bytes {JMP QWORD [RIP-0x219d001e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!LookupAccountNameW 000007fefeaf0b24 6 bytes {JMP QWORD [RIP-0x219d09c2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!RegisterEventSourceW + 1 000007fefeaf6031 5 bytes {JMP QWORD [RIP-0x219d6016]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!DeregisterEventSource 000007fefeafa5a0 6 bytes {JMP QWORD [RIP-0x219da57e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb05548 6 bytes {JMP QWORD [RIP-0x219e546e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameW 000007fefeb056a0 6 bytes {JMP QWORD [RIP-0x219e560e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameW 000007fefeb05770 6 bytes {JMP QWORD [RIP-0x219e56ce]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!RegisterEventSourceA + 1 000007fefeb07461 5 bytes {JMP QWORD [RIP-0x219e744e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!QueryServiceObjectSecurity 000007fefeb1b2dc 6 bytes {JMP QWORD [RIP-0x219fb222]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!QueryServiceConfig2W 000007fefeb1b310 6 bytes {JMP QWORD [RIP-0x219fb2be]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!QueryServiceConfig2A 000007fefeb1b330 6 bytes {JMP QWORD [RIP-0x219fb2e6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefeb1b77c 6 bytes {JMP QWORD [RIP-0x219fb6aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!CreateRestrictedToken 000007fefeb1b7fc 6 bytes {JMP QWORD [RIP-0x219fb682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefeb1b8f0 6 bytes {JMP QWORD [RIP-0x219fb806]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefeb1b95c 6 bytes {JMP QWORD [RIP-0x219fb87a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!CredRenameA 000007fefeb22d50 6 bytes {JMP QWORD [RIP-0x21a02c16]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!GetEffectiveRightsFromAclW 000007fefeb25b00 6 bytes {JMP QWORD [RIP-0x21a0596e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesA 000007fefeb2d170 6 bytes {JMP QWORD [RIP-0x21a0d0c6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExA 000007fefeb2d2e0 6 bytes {JMP QWORD [RIP-0x21a0d276]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusA 000007fefeb2d4e0 6 bytes {JMP QWORD [RIP-0x21a0d486]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusW 000007fefeb2d8e0 6 bytes {JMP QWORD [RIP-0x21a0d87e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!UnlockServiceDatabase 000007fefeb2d930 6 bytes {JMP QWORD [RIP-0x21a0d866]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!QueryServiceLockStatusW 000007fefeb2d9a0 6 bytes {JMP QWORD [RIP-0x21a0d91e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!QueryServiceLockStatusA 000007fefeb2dab0 6 bytes {JMP QWORD [RIP-0x21a0da36]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!LockServiceDatabase 000007fefeb2dbc0 6 bytes {JMP QWORD [RIP-0x21a0dafe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameA 000007fefeb2dc40 6 bytes {JMP QWORD [RIP-0x21a0dbb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameA 000007fefeb2dcd0 6 bytes {JMP QWORD [RIP-0x21a0dc36]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!CredDeleteW 000007fefeb40910 6 bytes {JMP QWORD [RIP-0x21a207c6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!CredDeleteA 000007fefeb409d0 6 bytes {JMP QWORD [RIP-0x21a2088e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!ReportEventA 000007fefeb41cc0 6 bytes {JMP QWORD [RIP-0x21a21c96]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!RegConnectRegistryA 000007fefeb4c860 6 bytes {JMP QWORD [RIP-0x21a2c6f6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!CredReadDomainCredentialsW 000007fefeb4d820 6 bytes {JMP QWORD [RIP-0x21a2d6ee]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!CredReadDomainCredentialsA 000007fefeb4d950 6 bytes {JMP QWORD [RIP-0x21a2d826]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!CredWriteDomainCredentialsW 000007fefeb4da80 6 bytes {JMP QWORD [RIP-0x21a2d95e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!CredWriteDomainCredentialsA 000007fefeb4db60 6 bytes {JMP QWORD [RIP-0x21a2da46]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!CredEnumerateW 000007fefeb4dc60 6 bytes {JMP QWORD [RIP-0x21a2db06]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!CredEnumerateA 000007fefeb4dd90 6 bytes {JMP QWORD [RIP-0x21a2dc3e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!CredReadW 000007fefeb4dec0 6 bytes {JMP QWORD [RIP-0x21a2ddae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!CredReadA 000007fefeb4dfd0 6 bytes {JMP QWORD [RIP-0x21a2dec6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!CredWriteW 000007fefeb4e0e0 6 bytes {JMP QWORD [RIP-0x21a2dfde]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!CredWriteA 000007fefeb4e190 6 bytes {JMP QWORD [RIP-0x21a2e096]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithTokenW 000007fefeb50c80 6 bytes {JMP QWORD [RIP-0x21a30b8e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefebc642c 5 bytes JMP 000007fffeb055e8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefebc6484 5 bytes JMP 000007fffeaee870 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefebc6518 5 bytes JMP 000007fffeafae24 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerW 000007fefebc659c 5 bytes JMP 000007fffeaee858 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatus 000007fefebc6730 5 bytes JMP 000007fffeaf61ac .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatusEx 000007fefebc6784 5 bytes JMP 000007fffeae9474 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!StartServiceW 000007fefebc6824 5 bytes JMP 000007fffeae9460 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!SetServiceStatus 000007fefebc687c 5 bytes JMP 000007fffeae8e94 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerA 000007fefebc6aa4 5 bytes JMP 000007fffeafa380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefebc6c34 5 bytes JMP 000007fffeafa36c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!StartServiceA 000007fefebc6d00 5 bytes JMP 000007fffeb1b240 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!QueryServiceObjectSecurity 000007fefebc6d58 5 bytes JMP 000007fffeb1b2dc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefebc6e00 5 bytes JMP 000007fffeb1b24c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefebc6f2c 5 bytes JMP 000007fffeb1b95c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefebc7220 5 bytes JMP 000007fffeb1b8f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefebc739c 5 bytes JMP 000007fffeb1b9d4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefebc7538 5 bytes JMP 000007fffeb1b9c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefebc75e8 5 bytes JMP 000007fffeb1b77c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefebc790c 5 bytes JMP 000007fffeb05548 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefebc7ab4 5 bytes JMP 000007fffeb055d4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigA 000007fefebc7b04 5 bytes JMP 000007fffeb1b2fc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigW 000007fefebc7c34 5 bytes JMP 000007fffeaeecac .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2A 000007fefebc7d78 5 bytes JMP 000007fffeb1b330 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2W 000007fefebc8244 5 bytes JMP 000007fffeb1b310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherA 000007fefebc99e4 5 bytes JMP 000007fffeb1b234 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherW 000007fefebc9ac8 5 bytes JMP 000007fffeae6e4c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerW 000007fefebca51c 5 bytes JMP 000007fffeae2c1c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerA 000007fefebca530 5 bytes JMP 000007fffeb1b2d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExW 000007fefebca5b0 5 bytes JMP 000007fffeae8e60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExA 000007fefebca5c4 5 bytes JMP 000007fffeb1b2c4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChange 000007fefebcbb28 5 bytes JMP 000007fffeaeda10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChangeA 000007fefebcbb3c 5 bytes JMP 000007fffeb07440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!CreateWindowStationW 00000000771614c0 5 bytes JMP 0000000174c745b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!DdeInitializeW 0000000077164b74 5 bytes JMP 0000000174c72f40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077165350 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!OpenInputDesktop 0000000077166f00 5 bytes JMP 0000000174c75e00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!RegisterDeviceNotificationA 0000000077166fe4 5 bytes JMP 0000000174c6dd50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!UnregisterDeviceNotification 00000000771673b8 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetClassInfoA 0000000077167490 5 bytes JMP 0000000174c717c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetClassInfoExA 00000000771674c8 5 bytes JMP 0000000174c71680 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!EnumDesktopWindows 0000000077167d9c 5 bytes JMP 0000000174c74560 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!ActivateKeyboardLayout 00000000771683c0 5 bytes JMP 0000000174c6dad0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SetParent 0000000077168530 5 bytes JMP 0000000174c75990 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077169bcc 5 bytes JMP 0000000174c78b20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!UnregisterClassA 0000000077169e70 5 bytes JMP 0000000174c71560 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!RegisterClassA 0000000077169f68 5 bytes JMP 0000000174c713e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!CreateWindowExA 000000007716a2e0 5 bytes JMP 0000000174c6d510 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!PostMessageA 000000007716a404 5 bytes JMP 0000000174c77de0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!MoveWindow 000000007716aad0 5 bytes JMP 0000000174c6db40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007716b500 5 bytes JMP 0000000174c78f10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!UpdateLayeredWindowIndirect + 368 000000007716b830 5 bytes JMP 0000000174c6da30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SetCursor 000000007716c930 5 bytes JMP 0000000174c75b10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!ScreenToClient 000000007716ca58 5 bytes JMP 0000000174c6e9d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!EnumThreadWindows 000000007716ce5c 5 bytes JMP 0000000174c74500 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!IsWindowEnabled 000000007716d15c 5 bytes JMP 0000000174c6e820 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!AttachThreadInput 000000007716d240 5 bytes JMP 0000000174c6ecc0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!FindWindowW 000000007716d264 5 bytes JMP 0000000174c749b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007716d2b0 5 bytes JMP 0000000174c779e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SendMessageA 000000007716d338 5 bytes JMP 0000000174c77aa0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000000007716d440 5 bytes JMP 0000000174c75440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!UnregisterClassW 000000007716d464 5 bytes JMP 0000000174c714e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SetForegroundWindow 000000007716d540 5 bytes JMP 0000000174c75c50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SetThreadDesktop 000000007716d6d0 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetWindowTextW 000000007716d7a4 5 bytes JMP 0000000174c79bd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!OpenDesktopW 000000007716d870 5 bytes JMP 0000000174c74590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!EnumDesktopsW 000000007716d964 5 bytes JMP 0000000174c74570 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007716dc40 5 bytes JMP 0000000174c77db0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007716f874 5 bytes JMP 0000000174c757f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetUserObjectInformationW 000000007716f9c0 5 bytes JMP 0000000174c75e30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007716fac0 5 bytes JMP 0000000174c77ca0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000077170810 5 bytes JMP 0000000174c6d2c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!RegisterClassW 00000000771708c0 5 bytes JMP 0000000174c712e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077170b74 5 bytes JMP 0000000174c77a40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!RegisterClassExW 0000000077170e9c 5 bytes JMP 0000000174c710e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetClassInfoExW 0000000077171550 5 bytes JMP 0000000174c715e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetClassInfoW 00000000771716d0 5 bytes JMP 0000000174c71720 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!ClientToScreen 00000000771732b8 5 bytes JMP 0000000174c6e940 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SetWindowLongW 00000000771733b0 5 bytes JMP 0000000174c78ad0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetWindowLongPtrA 00000000771737c0 5 bytes JMP 0000000174c78c40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SetWindowPos 0000000077173c50 5 bytes JMP 0000000174c6e4a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetWindow 0000000077174bf4 5 bytes JMP 0000000174c75930 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!EnumChildWindows 0000000077174ce0 5 bytes JMP 0000000174c74490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetIconInfo 0000000077174eec 5 bytes JMP 0000000174c75b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetClassNameW 0000000077174f28 5 bytes JMP 0000000174c71860 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetClassLongPtrW 00000000771752a4 5 bytes JMP 0000000174c78cf0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!IsWindowUnicode 0000000077175360 5 bytes JMP 0000000174c6e840 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetWindowLongA 0000000077175408 5 bytes JMP 0000000174c78a90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetShellWindow 00000000771754a0 5 bytes JMP 0000000174c74df0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!EnumWindows 0000000077175e28 5 bytes JMP 0000000174c74480 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!MonitorFromWindow 0000000077175f08 5 bytes JMP 0000000174c75ce0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!DispatchMessageA 0000000077176274 5 bytes JMP 0000000174c77170 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetClassLongW 0000000077176458 5 bytes JMP 0000000174c78b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SendMessageW 0000000077176b50 5 bytes JMP 0000000174c77b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetClientRect 0000000077176bc8 5 bytes JMP 0000000174c6ea60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetWindowRect 0000000077176c0c 5 bytes JMP 0000000174c6eb30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!MapWindowPoints 0000000077176cd4 5 bytes JMP 0000000174c6e870 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SetPropW 0000000077176f50 5 bytes JMP 0000000174c78670 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!RemovePropW 0000000077176fd0 5 bytes JMP 0000000174c78750 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771776c0 5 bytes JMP 0000000174c78e40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!PostMessageW 00000000771776e4 5 bytes JMP 0000000174c77e80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!IsWindow 0000000077177928 5 bytes JMP 0000000174c6e810 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SetScrollInfo + 380 0000000077177ec0 5 bytes JMP 0000000174c74310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetWindowLongW 0000000077177f20 5 bytes JMP 0000000174c78a50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetPropW 0000000077178878 5 bytes JMP 0000000174c784d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetParent 00000000771789e4 5 bytes JMP 0000000174c75950 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetWindowInfo 0000000077178b08 5 bytes JMP 0000000174c6ec00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!IsIconic 0000000077178c5c 5 bytes JMP 0000000174c6e850 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!IsZoomed 0000000077178c8c 5 bytes JMP 0000000174c6e860 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!IsWindowVisible 0000000077178d24 5 bytes JMP 0000000174c6e830 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetWindowLongPtrW 00000000771796c0 5 bytes JMP 0000000174c78b90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!DispatchMessageW 000000007717991c 5 bytes JMP 0000000174c771a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!AnimateWindow 000000007717bff0 5 bytes JMP 0000000174c6dda0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamW 000000007717ce40 5 bytes JMP 0000000174c73f50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!DialogBoxParamW 000000007717d410 5 bytes JMP 0000000174c74090 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetClipboardData 000000007717e874 5 bytes JMP 0000000174c766c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetPropA 000000007717f4cc 5 bytes JMP 0000000174c785a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771828e4 5 bytes JMP 0000000174c77d80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!WaitForInputIdle 0000000077183fa0 5 bytes JMP 0000000174c6de30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW 0000000077184efc 5 bytes JMP 0000000174c73ec0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamW 0000000077184f70 5 bytes JMP 0000000174c73f90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!CloseClipboard 0000000077185a50 5 bytes JMP 0000000174c75f00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!OpenClipboard 0000000077185a70 5 bytes JMP 0000000174c75eb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW 0000000077187468 5 bytes JMP 0000000174c73e20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!CreateDialogParamW 000000007718751c 5 bytes JMP 0000000174c73fd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!FindWindowA 0000000077188270 5 bytes JMP 0000000174c74ab0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077188be0 5 bytes JMP 0000000174c77c60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077188c20 5 bytes JMP 0000000174c75770 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SendInput 0000000077188cd0 5 bytes JMP 0000000174c75d80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!FindWindowExW 0000000077188d20 5 bytes JMP 0000000174c74bb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!BlockInput 000000007718ad60 5 bytes JMP 0000000174c75d70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!ClipCursor 000000007718adb0 5 bytes JMP 0000000174c75a00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!UserHandleGrantAccess 000000007718b400 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!EnumDesktopsA 000000007719ffa0 5 bytes JMP 0000000174c74580 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!CreateWindowStationA 00000000771a14c4 5 bytes JMP 0000000174c745d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!OpenDesktopA 00000000771a1724 5 bytes JMP 0000000174c74590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SetCursorPos 00000000771a1f58 5 bytes JMP 0000000174c75be0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SetDoubleClickTime 00000000771a1f70 5 bytes JMP 0000000174c9e700 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SwapMouseButton 00000000771a1fa4 5 bytes JMP 0000000174c9e700 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamA 00000000771a2be4 5 bytes JMP 0000000174c73fb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamA 00000000771a2c0c 5 bytes JMP 0000000174c73f70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!DialogBoxParamA 00000000771a2c34 5 bytes JMP 0000000174c740f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!CreateDialogParamA 00000000771a2cf8 5 bytes JMP 0000000174c74030 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!ExitWindowsEx 00000000771b14e0 5 bytes JMP 0000000174c6db00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!EndTask 00000000771b1604 5 bytes JMP 0000000174c6dca0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!DdeInitializeA 00000000771b24a8 5 bytes JMP 0000000174c72f80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!MessageBoxW 00000000771d1314 5 bytes JMP 0000000174c6dbb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!MessageBoxExW 00000000771d1394 5 bytes JMP 0000000174c6dc20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetClassNameA 00000000771db394 5 bytes JMP 0000000174c719b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetClassLongPtrA 00000000771dcb6c 5 bytes JMP 0000000174c78d00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetClassLongA 00000000771dcbac 5 bytes JMP 0000000174c78b80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!GetWindowTextA 00000000771dccd0 5 bytes JMP 0000000174c79c00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!RegisterClassExA 00000000771dd670 5 bytes JMP 0000000174c711e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!FindWindowExA 00000000771ddae0 5 bytes JMP 0000000174c74cd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!RemovePropA 00000000771dde90 5 bytes JMP 0000000174c787b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\USER32.dll!SetPropA 00000000771ddf94 5 bytes JMP 0000000174c786e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\GDI32.dll!EnumFontFamiliesExW 000007fefea28724 6 bytes {JMP QWORD [RIP-0x21908542]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\GDI32.dll!GdiAddFontResourceW 000007fefea2a074 6 bytes {JMP QWORD [RIP-0x21909eba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\GDI32.dll!GdiDllInitialize 000007fefea2ae78 6 bytes {JMP QWORD [RIP-0x2190acc6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\GDI32.dll!RemoveFontResourceExW 000007fefea34784 6 bytes {JMP QWORD [RIP-0x219145c2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\GDI32.dll!GetFontResourceInfoW + 1 000007fefea34845 5 bytes {JMP QWORD [RIP-0x2191467a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\GDI32.dll!EnumFontFamiliesExA 000007fefea491f0 6 bytes {JMP QWORD [RIP-0x21929016]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\GDI32.dll!CreateScalableFontResourceW + 1 000007fefea49f4d 5 bytes {JMP QWORD [RIP-0x21929d7a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\WTSAPI32.dll!WTSEnumerateSessionsW 000007fefaed1430 6 bytes {JMP QWORD [RIP-0x1ddb123e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\WTSAPI32.dll!WTSQueryUserToken 000007fefaed18f0 6 bytes {JMP QWORD [RIP-0x1ddb1706]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\WTSAPI32.dll!WTSRegisterSessionNotification 000007fefaed1d00 6 bytes {JMP QWORD [RIP-0x1ddb1afe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\WTSAPI32.dll!WTSUnRegisterSessionNotification + 1 000007fefaed1e31 5 bytes {JMP QWORD [RIP-0x1ddb1c1e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\WTSAPI32.dll!WTSRegisterSessionNotificationEx 000007fefaed5030 6 bytes {JMP QWORD [RIP-0x1ddb4e26]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\WTSAPI32.dll!WTSUnRegisterSessionNotificationEx 000007fefaed50b4 6 bytes {JMP QWORD [RIP-0x1ddb4e9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\WTSAPI32.dll!WTSEnumerateProcessesW 000007fefaed54b0 6 bytes {JMP QWORD [RIP-0x1ddb52b6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\IMM32.DLL!ImmAssociateContext 000007fefeab1750 6 bytes {JMP QWORD [RIP-0x2199152e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\IMM32.DLL!ImmAssociateContextEx 000007fefeab8240 6 bytes {JMP QWORD [RIP-0x21998016]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\WINNSI.DLL!NsiRpcRegisterChangeNotification 000007fefad21910 6 bytes {JMP QWORD [RIP-0x1dc0162e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd8845c1 5 bytes {JMP QWORD [RIP-0x207642ce]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\WS2_32.dll!WSANSPIoctl 000007fefd8a44c0 6 bytes {JMP QWORD [RIP-0x207841d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd8ae0f0 6 bytes {JMP QWORD [RIP-0x2078ddf6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\CRYPT32.dll!CertGetCertificateChain 000007fefd260ba0 6 bytes {JMP QWORD [RIP-0x2014088e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\CRYPT32.dll!CryptUnprotectData + 1 000007fefd2791b9 5 bytes {JMP QWORD [RIP-0x20158eae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\CRYPT32.dll!CryptProtectData 000007fefd2796d4 6 bytes {JMP QWORD [RIP-0x201593d2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772822f0 5 bytes JMP 0000000174c883b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077286290 5 bytes JMP 0000000174c882f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk 000000007728a430 5 bytes JMP 0000000100030880 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx 0000000077295140 5 bytes JMP 0000000174c8d350 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentDirectory_U 00000000772a5d20 5 bytes JMP 0000000174c66cc0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentDirectory_U 00000000772a6050 5 bytes JMP 0000000174c66f30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!LdrQueryImageFileExecutionOptions 00000000772a66e0 5 bytes JMP 0000000174c88470 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter 00000000772abe60 6 bytes [51, 48, B8, 00, 12, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter + 8 00000000772abe68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForSingleObject + 8 00000000772abe78 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 00000000772abe90 6 bytes JMP 0000000174c5d910 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile + 8 00000000772abe98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ba1e8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 8 00000000772abea8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b1b88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000772abeb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletion + 8 00000000772abec8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseSemaphore + 8 00000000772abed8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 8 00000000772abee8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyPort + 8 00000000772abef8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772abf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetEvent 00000000772abf10 6 bytes [51, 48, B8, B0, 12, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetEvent + 8 00000000772abf18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf418} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000772abf28 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9dea08} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 8 00000000772abf38 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bee18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationFile + 8 00000000772abf48 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9db028} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000772abf58 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9daba8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey + 8 00000000772abf68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtFindAtom + 8 00000000772abf78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultLocale + 8 00000000772abf88 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9db448} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryKey + 8 00000000772abf98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da868} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey + 8 00000000772abfa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 8 00000000772abfb8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9e1fc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess + 8 00000000772abfc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects32 + 8 00000000772abfd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFileGather + 8 00000000772abfe8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9e1f78} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000772abff8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9ee8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000772ac008 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 8 00000000772ac018 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf6f8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 8 00000000772ac028 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseMutant + 8 00000000772ac038 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec0c8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 00000000772ac048 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cfcd8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 8 00000000772ac058 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9deb38} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVirtualMemory + 8 00000000772ac068 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000772ac078 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000772ac080 6 bytes [51, 48, B8, 20, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 8 00000000772ac088 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000772ac098 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000772ac0a0 7 bytes [48, B8, C4, BF, 01, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000772ac0a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772ac0b0 7 bytes [48, B8, D0, BD, 01, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000772ac0b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm 00000000772ac0c0 6 bytes [51, 48, B8, 60, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm + 8 00000000772ac0c8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772ac0d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772ac0e0 6 bytes [51, 48, B8, 80, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 8 00000000772ac0e8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority 00000000772ac100 6 bytes [51, 48, B8, A0, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority + 8 00000000772ac108 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReadFileScatter + 8 00000000772ac118 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000772ac128 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000772ac130 7 bytes [48, B8, 00, BF, 01, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000772ac138 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPerformanceCounter 00000000772ac140 6 bytes [51, 48, B8, E0, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPerformanceCounter + 8 00000000772ac148 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da228} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey + 8 00000000772ac158 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000772ac168 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDelayExecution 00000000772ac170 6 bytes [51, 48, B8, 10, 15, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDelayExecution + 8 00000000772ac178 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ba0d8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 8 00000000772ac188 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2868} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformation + 8 00000000772ac198 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d25b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000772ac1a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimer + 8 00000000772ac1b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bc838} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 8 00000000772ac1c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000772ac1d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCloseObjectAuditAlarm + 8 00000000772ac1e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec8b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000772ac1f8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772ac208 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtClearEvent 00000000772ac210 6 bytes [51, 48, B8, B0, 15, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtClearEvent + 8 00000000772ac218 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 8 00000000772ac228 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1b08} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000772ac238 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ebfb8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 00000000772ac248 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateToken + 8 00000000772ac258 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage 00000000772ac270 6 bytes [51, 48, B8, 10, 16, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage + 8 00000000772ac278 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000772ac288 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom 00000000772ac2a0 6 bytes [51, 48, B8, 40, 16, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom + 8 00000000772ac2a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d18b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000772ac2b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bcbc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVolumeInformationFile + 8 00000000772ac2c8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d2238} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000772ac2d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtFlushBuffersFile + 8 00000000772ac2e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtApphelpCacheControl + 8 00000000772ac2f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000772ac308 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000772ac318 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtIsProcessInJob + 8 00000000772ac328 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 00000000772ac338 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySection + 8 00000000772ac348 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread + 8 00000000772ac358 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData 00000000772ac370 6 bytes [51, 48, B8, 10, 17, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData + 8 00000000772ac378 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772ac388 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEvent 00000000772ac390 6 bytes [51, 48, B8, 30, 17, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEvent + 8 00000000772ac398 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteRequestData + 8 00000000772ac3a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000772ac3b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeAndAuditAlarm + 8 00000000772ac3c8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects 00000000772ac3e0 6 bytes [51, 48, B8, 80, 17, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects + 8 00000000772ac3e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationObject + 8 00000000772ac3f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFile + 8 00000000772ac408 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2318} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtTraceEvent + 8 00000000772ac418 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtPowerInformation + 8 00000000772ac428 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d88e8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000772ac438 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCancelTimer + 8 00000000772ac448 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimer + 8 00000000772ac458 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAcceptConnectPort + 8 00000000772ac468 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheck + 8 00000000772ac478 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType + 8 00000000772ac488 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultList + 8 00000000772ac498 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarm + 8 00000000772ac4a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarmByHandle + 8 00000000772ac4b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 8 00000000772ac4c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAddDriverEntry + 8 00000000772ac4d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustGroupsToken + 8 00000000772ac4e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlertResumeThread + 8 00000000772ac4f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlertThread + 8 00000000772ac508 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateLocallyUniqueId + 8 00000000772ac518 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateReserveObject + 8 00000000772ac528 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateUserPhysicalPages + 8 00000000772ac538 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateUuids + 8 00000000772ac548 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 00000000772ac558 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCancelMessage + 8 00000000772ac568 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0de8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 00000000772ac578 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0c68} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 00000000772ac588 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePortSection + 8 00000000772ac598 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateResourceReserve + 8 00000000772ac5a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateSectionView + 8 00000000772ac5b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateSecurityContext + 8 00000000772ac5c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeletePortSection + 8 00000000772ac5d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteResourceReserve + 8 00000000772ac5e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteSectionView + 8 00000000772ac5f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteSecurityContext + 8 00000000772ac608 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDisconnectPort + 8 00000000772ac618 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf118} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort + 8 00000000772ac628 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcOpenSenderProcess + 8 00000000772ac638 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcOpenSenderThread + 8 00000000772ac648 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cedb8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcQueryInformation + 8 00000000772ac658 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cedd8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcQueryInformationMessage + 8 00000000772ac668 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcRevokeSecurityContext + 8 00000000772ac678 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf878} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 00000000772ac688 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSetInformation + 8 00000000772ac698 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAreMappedFilesTheSame + 8 00000000772ac6a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2448} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 8 00000000772ac6b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFileEx + 8 00000000772ac6c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCancelSynchronousIoFile + 8 00000000772ac6d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCommitComplete + 8 00000000772ac6e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCommitEnlistment + 8 00000000772ac6f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCommitTransaction + 8 00000000772ac708 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCompactKeys + 8 00000000772ac718 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCompareTokens + 8 00000000772ac728 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCompleteConnectPort + 8 00000000772ac738 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCompressKey + 8 00000000772ac748 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0538} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 00000000772ac758 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateDebugObject + 8 00000000772ac768 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateDirectoryObject + 8 00000000772ac778 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEnlistment + 8 00000000772ac788 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 8 00000000772ac798 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000772ac7a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2078} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateJobObject + 8 00000000772ac7b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateJobSet + 8 00000000772ac7c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyTransacted + 8 00000000772ac7d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000772ac7e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b9388} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMailslotFile + 8 00000000772ac7f8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d16a8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000772ac808 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b9528} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000772ac818 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePagingFile + 8 00000000772ac828 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000772ac832 4 bytes {JMP 0xfffffffffd9d0290} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 8 00000000772ac838 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePrivateNamespace + 8 00000000772ac848 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000772ac858 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProfile + 8 00000000772ac868 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProfileEx + 8 00000000772ac878 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateResourceManager + 8 00000000772ac888 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1938} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000772ac898 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 8 00000000772ac8a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000772ac8b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000772ac8c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateToken + 8 00000000772ac8d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTransaction + 8 00000000772ac8e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTransactionManager + 8 00000000772ac8f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 8 00000000772ac908 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWaitablePort + 8 00000000772ac918 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWorkerFactory + 8 00000000772ac928 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 8 00000000772ac938 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugContinue + 8 00000000772ac948 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteAtom + 8 00000000772ac958 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 8 00000000772ac968 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteDriverEntry + 8 00000000772ac978 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bef58} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000772ac988 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9daa68} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey + 8 00000000772ac998 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteObjectAuditAlarm + 8 00000000772ac9a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDeletePrivateNamespace + 8 00000000772ac9b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da8b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey + 8 00000000772ac9c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDisableLastKnownGood + 8 00000000772ac9d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDisplayString + 8 00000000772ac9e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDrawText + 8 00000000772ac9f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtEnableLastKnownGood + 8 00000000772aca08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateBootEntries + 8 00000000772aca18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateDriverEntries + 8 00000000772aca28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateSystemEnvironmentValuesEx + 8 00000000772aca38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateTransactionObject + 8 00000000772aca48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtExtendSection + 8 00000000772aca58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtFilterToken + 8 00000000772aca68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtFlushInstallUILanguage + 8 00000000772aca78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtFlushInstructionCache + 8 00000000772aca88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtFlushKey + 8 00000000772aca98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtFlushProcessWriteBuffers + 8 00000000772acaa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtFlushVirtualMemory + 8 00000000772acab8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtFlushWriteBuffer + 8 00000000772acac8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtFreeUserPhysicalPages + 8 00000000772acad8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtFreezeRegistry + 8 00000000772acae8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtFreezeTransactions + 8 00000000772acaf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 8 00000000772acb08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtGetCurrentProcessorNumber + 8 00000000772acb18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtGetDevicePowerState + 8 00000000772acb28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtGetMUIRegistryInfo + 8 00000000772acb38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 8 00000000772acb48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 8 00000000772acb58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtGetNlsSectionPtr + 8 00000000772acb68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtGetNotificationResourceManager + 8 00000000772acb78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtGetPlugPlayEvent + 8 00000000772acb88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtGetWriteWatch + 8 00000000772acb98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cebc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateAnonymousToken + 8 00000000772acba8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cebf8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateThread + 8 00000000772acbb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtInitializeNlsFiles + 8 00000000772acbc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtInitializeRegistry + 8 00000000772acbd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtInitiatePowerAction + 8 00000000772acbe8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtIsSystemResumeAutomatic + 8 00000000772acbf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtIsUILanguageComitted + 8 00000000772acc08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtListenPort + 8 00000000772acc18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9dbc78} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000772acc28 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d76a8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKey + 8 00000000772acc38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKey2 + 8 00000000772acc48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKeyEx + 8 00000000772acc58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtLockFile + 8 00000000772acc68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtLockProductActivationKeys + 8 00000000772acc78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtLockRegistryKey + 8 00000000772acc88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtLockVirtualMemory + 8 00000000772acc98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtMakePermanentObject + 8 00000000772acca8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject + 8 00000000772accb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtMapCMFModule + 8 00000000772accc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPages + 8 00000000772accd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 8 00000000772acce8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyDriverEntry + 8 00000000772accf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeDirectoryFile + 8 00000000772acd08 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d81b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 8 00000000772acd18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d7088} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 8 00000000772acd28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeSession + 8 00000000772acd38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEnlistment + 8 00000000772acd48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair + 8 00000000772acd58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000772acd68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenJobObject + 8 00000000772acd78 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9138} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000772acd88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyTransacted + 8 00000000772acd98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyTransactedEx + 8 00000000772acda8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000772acdb8 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 2 00000000772acdc2 4 bytes {JMP 0xfffffffffd9d1290} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000772acdc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenObjectAuditAlarm + 8 00000000772acdd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenPrivateNamespace + 8 00000000772acde8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772acdf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenResourceManager 00000000772ace00 6 bytes [51, 48, B8, A0, 21, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenResourceManager + 8 00000000772ace08 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1588} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000772ace18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSession + 8 00000000772ace28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000772ace38 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000772ace48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ace50 6 bytes [51, 48, B8, F0, 21, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000772ace58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTransaction + 8 00000000772ace68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTransactionManager + 8 00000000772ace78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtPlugPlayControl + 8 00000000772ace88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtPrePrepareComplete + 8 00000000772ace98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtPrePrepareEnlistment + 8 00000000772acea8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtPrepareComplete + 8 00000000772aceb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtPrepareEnlistment + 8 00000000772acec8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegeCheck + 8 00000000772aced8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegeObjectAuditAlarm + 8 00000000772acee8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegedServiceAuditAlarm + 8 00000000772acef8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtPropagationComplete + 8 00000000772acf08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtPropagationFailed + 8 00000000772acf18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtPulseEvent + 8 00000000772acf28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryBootEntryOrder + 8 00000000772acf38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryBootOptions + 8 00000000772acf48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDebugFilterState + 8 00000000772acf58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryObject + 8 00000000772acf68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDriverEntryOrder + 8 00000000772acf78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEaFile + 8 00000000772acf88 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000772acf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationAtom 00000000772acfa0 6 bytes [51, 48, B8, 40, 23, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationAtom + 8 00000000772acfa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationEnlistment + 8 00000000772acfb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationJobObject + 8 00000000772acfc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationPort + 8 00000000772acfd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationResourceManager + 8 00000000772acfe8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationTransaction + 8 00000000772acff8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationTransactionManager + 8 00000000772ad008 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationWorkerFactory + 8 00000000772ad018 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInstallUILanguage + 8 00000000772ad028 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryIntervalProfile + 8 00000000772ad038 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryIoCompletion + 8 00000000772ad048 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryLicenseValue + 8 00000000772ad058 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9c88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey + 8 00000000772ad068 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMutant + 8 00000000772ad078 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryOpenSubKeys + 8 00000000772ad088 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryOpenSubKeysEx + 8 00000000772ad098 12 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPortInformationProcess + 5 00000000772ad0a5 1 byte [03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPortInformationProcess + 8 00000000772ad0a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryQuotaInformationFile + 8 00000000772ad0b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityAttributesToken + 8 00000000772ad0c8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eae18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityObject + 8 00000000772ad0d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySemaphore + 8 00000000772ad0e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySymbolicLinkObject + 8 00000000772ad0f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemEnvironmentValue + 8 00000000772ad108 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemEnvironmentValueEx + 8 00000000772ad118 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformationEx + 8 00000000772ad128 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimerResolution + 8 00000000772ad138 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 8 00000000772ad148 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000772ad160 6 bytes [51, 48, B8, 00, 25, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000772ad168 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReadOnlyEnlistment + 8 00000000772ad178 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverEnlistment + 8 00000000772ad188 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverResourceManager + 8 00000000772ad198 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverTransactionManager + 8 00000000772ad1a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtRegisterProtocolAddressInformation + 8 00000000772ad1b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtRegisterThreadTerminatePort + 8 00000000772ad1c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseKeyedEvent + 8 00000000772ad1d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseWorkerFactoryWorker + 8 00000000772ad1e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletionEx + 8 00000000772ad1f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveProcessDebug + 8 00000000772ad208 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d7088} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey + 8 00000000772ad218 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtRenameTransactionManager + 8 00000000772ad228 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReplaceKey + 8 00000000772ad238 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReplacePartitionUnit + 8 00000000772ad248 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReplyPort + 8 00000000772ad258 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtRequestPort + 8 00000000772ad268 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtResetEvent + 8 00000000772ad278 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtResetWriteWatch + 8 00000000772ad288 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtRestoreKey + 8 00000000772ad298 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess + 8 00000000772ad2a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackComplete + 8 00000000772ad2b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackEnlistment + 8 00000000772ad2c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackTransaction + 8 00000000772ad2d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtRollforwardTransactionManager + 8 00000000772ad2e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f0068} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSaveKey + 8 00000000772ad2f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSaveKeyEx + 8 00000000772ad308 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSaveMergedKeys + 8 00000000772ad318 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cfba8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 00000000772ad328 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSerializeBoot + 8 00000000772ad338 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 8 00000000772ad348 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 8 00000000772ad358 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000772ad368 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetDebugFilterState + 8 00000000772ad378 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultHardErrorPort + 8 00000000772ad388 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultLocale + 8 00000000772ad398 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultUILanguage + 8 00000000772ad3a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetDriverEntryOrder + 8 00000000772ad3b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetEaFile + 8 00000000772ad3c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetHighEventPair + 8 00000000772ad3d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetHighWaitLowEventPair + 8 00000000772ad3e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationDebugObject + 8 00000000772ad3f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationEnlistment + 8 00000000772ad408 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f1728} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationJobObject + 8 00000000772ad418 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationKey + 8 00000000772ad428 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationResourceManager + 8 00000000772ad438 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ead88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationToken + 8 00000000772ad448 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationTransaction + 8 00000000772ad458 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationTransactionManager + 8 00000000772ad468 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationWorkerFactory + 8 00000000772ad478 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetIntervalProfile + 8 00000000772ad488 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetIoCompletion + 8 00000000772ad498 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetIoCompletionEx + 8 00000000772ad4a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetLdtEntries + 8 00000000772ad4b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetLowEventPair + 8 00000000772ad4c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetLowWaitHighEventPair + 8 00000000772ad4d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetQuotaInformationFile + 8 00000000772ad4e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eab18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 8 00000000772ad4f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemEnvironmentValue + 8 00000000772ad508 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemEnvironmentValueEx + 8 00000000772ad518 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000772ad528 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 8 00000000772ad538 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemTime + 8 00000000772ad548 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetThreadExecutionState + 8 00000000772ad558 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimerEx + 8 00000000772ad568 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimerResolution + 8 00000000772ad578 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetUuidSeed + 8 00000000772ad588 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetVolumeInformationFile + 8 00000000772ad598 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem + 8 00000000772ad5a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownWorkerFactory + 8 00000000772ad5b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSignalAndWaitForSingleObject + 8 00000000772ad5c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSinglePhaseReject + 8 00000000772ad5d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtStartProfile + 8 00000000772ad5e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtStopProfile + 8 00000000772ad5f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 00000000772ad608 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 00000000772ad618 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000772ad628 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtTestAlert 00000000772ad640 6 bytes [51, 48, B8, E0, 29, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtTestAlert + 8 00000000772ad648 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtThawRegistry + 8 00000000772ad658 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtThawTransactions + 8 00000000772ad668 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtTraceControl + 8 00000000772ad678 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtTranslateFilePath + 8 00000000772ad688 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtUmsThreadYield + 8 00000000772ad698 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadDriver + 8 00000000772ad6a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey + 8 00000000772ad6b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey2 + 8 00000000772ad6c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKeyEx + 8 00000000772ad6d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtUnlockFile + 8 00000000772ad6e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtUnlockVirtualMemory + 8 00000000772ad6f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000772ad708 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForDebugEvent + 8 00000000772ad718 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForKeyedEvent + 8 00000000772ad728 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForWorkViaWorkerFactory + 8 00000000772ad738 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtWaitHighEventPair + 8 00000000772ad748 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 8 00000000772ad758 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtWorkerFactoryWorkerReady + 8 00000000772ad768 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!RtlGetFullPathName_UEx 00000000772b0cd0 5 bytes JMP 0000000174c671d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\KERNELBASE.dll!GetVolumeInformationW 000007fefd184f30 6 bytes {JMP QWORD [RIP-0x20064f26]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\KERNELBASE.dll!GetFinalPathNameByHandleW 000007fefd189100 6 bytes {JMP QWORD [RIP-0x200690fe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd1b0250 6 bytes {JMP QWORD [RIP-0x20090256]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesW 000007fefeae1460 6 bytes {JMP QWORD [RIP-0x219c13ae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!CloseEventLog + 1 000007fefeae9271 5 bytes {JMP QWORD [RIP-0x219c9236]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!QueryServiceStatusEx 000007fefeae9474 6 bytes {JMP QWORD [RIP-0x219c9432]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!RegConnectRegistryW 000007fefeaeab20 6 bytes {JMP QWORD [RIP-0x219ca9ae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!SetSecurityInfo 000007fefeaeb210 6 bytes {JMP QWORD [RIP-0x219cb08e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!GetSecurityInfo 000007fefeaedad0 6 bytes {JMP QWORD [RIP-0x219cd946]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExW 000007fefeaeeb20 6 bytes {JMP QWORD [RIP-0x219ceaae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!ReportEventW 000007fefeaf0050 6 bytes {JMP QWORD [RIP-0x219d001e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!LookupAccountNameW 000007fefeaf0b24 6 bytes {JMP QWORD [RIP-0x219d09c2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!RegisterEventSourceW + 1 000007fefeaf6031 5 bytes {JMP QWORD [RIP-0x219d6016]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!DeregisterEventSource 000007fefeafa5a0 6 bytes {JMP QWORD [RIP-0x219da57e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb05548 6 bytes {JMP QWORD [RIP-0x219e546e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameW 000007fefeb056a0 6 bytes {JMP QWORD [RIP-0x219e560e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameW 000007fefeb05770 6 bytes {JMP QWORD [RIP-0x219e56ce]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!RegisterEventSourceA + 1 000007fefeb07461 5 bytes {JMP QWORD [RIP-0x219e744e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!QueryServiceObjectSecurity 000007fefeb1b2dc 6 bytes {JMP QWORD [RIP-0x219fb222]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!QueryServiceConfig2W 000007fefeb1b310 6 bytes {JMP QWORD [RIP-0x219fb2be]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!QueryServiceConfig2A 000007fefeb1b330 6 bytes {JMP QWORD [RIP-0x219fb2e6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefeb1b77c 6 bytes {JMP QWORD [RIP-0x219fb6aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!CreateRestrictedToken 000007fefeb1b7fc 6 bytes {JMP QWORD [RIP-0x219fb682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefeb1b8f0 6 bytes {JMP QWORD [RIP-0x219fb806]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefeb1b95c 6 bytes {JMP QWORD [RIP-0x219fb87a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!CredRenameA 000007fefeb22d50 6 bytes {JMP QWORD [RIP-0x21a02c16]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!GetEffectiveRightsFromAclW 000007fefeb25b00 6 bytes {JMP QWORD [RIP-0x21a0596e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesA 000007fefeb2d170 6 bytes {JMP QWORD [RIP-0x21a0d0c6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExA 000007fefeb2d2e0 6 bytes {JMP QWORD [RIP-0x21a0d276]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusA 000007fefeb2d4e0 6 bytes {JMP QWORD [RIP-0x21a0d486]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusW 000007fefeb2d8e0 6 bytes {JMP QWORD [RIP-0x21a0d87e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!UnlockServiceDatabase 000007fefeb2d930 6 bytes {JMP QWORD [RIP-0x21a0d866]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!QueryServiceLockStatusW 000007fefeb2d9a0 6 bytes {JMP QWORD [RIP-0x21a0d91e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!QueryServiceLockStatusA 000007fefeb2dab0 6 bytes {JMP QWORD [RIP-0x21a0da36]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!LockServiceDatabase 000007fefeb2dbc0 6 bytes {JMP QWORD [RIP-0x21a0dafe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameA 000007fefeb2dc40 6 bytes {JMP QWORD [RIP-0x21a0dbb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameA 000007fefeb2dcd0 6 bytes {JMP QWORD [RIP-0x21a0dc36]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!CredDeleteW 000007fefeb40910 6 bytes {JMP QWORD [RIP-0x21a207c6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!CredDeleteA 000007fefeb409d0 6 bytes {JMP QWORD [RIP-0x21a2088e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!ReportEventA 000007fefeb41cc0 6 bytes {JMP QWORD [RIP-0x21a21c96]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!RegConnectRegistryA 000007fefeb4c860 6 bytes {JMP QWORD [RIP-0x21a2c6f6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!CredReadDomainCredentialsW 000007fefeb4d820 6 bytes {JMP QWORD [RIP-0x21a2d6ee]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!CredReadDomainCredentialsA 000007fefeb4d950 6 bytes {JMP QWORD [RIP-0x21a2d826]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!CredWriteDomainCredentialsW 000007fefeb4da80 6 bytes {JMP QWORD [RIP-0x21a2d95e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!CredWriteDomainCredentialsA 000007fefeb4db60 6 bytes {JMP QWORD [RIP-0x21a2da46]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!CredEnumerateW 000007fefeb4dc60 6 bytes {JMP QWORD [RIP-0x21a2db06]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!CredEnumerateA 000007fefeb4dd90 6 bytes {JMP QWORD [RIP-0x21a2dc3e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!CredReadW 000007fefeb4dec0 6 bytes {JMP QWORD [RIP-0x21a2ddae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!CredReadA 000007fefeb4dfd0 6 bytes {JMP QWORD [RIP-0x21a2dec6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!CredWriteW 000007fefeb4e0e0 6 bytes {JMP QWORD [RIP-0x21a2dfde]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!CredWriteA 000007fefeb4e190 6 bytes {JMP QWORD [RIP-0x21a2e096]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithTokenW 000007fefeb50c80 6 bytes {JMP QWORD [RIP-0x21a30b8e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefebc642c 5 bytes JMP 000007fffeb055e8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefebc6484 5 bytes JMP 000007fffeaee870 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefebc6518 5 bytes JMP 000007fffeafae24 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerW 000007fefebc659c 5 bytes JMP 000007fffeaee858 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatus 000007fefebc6730 5 bytes JMP 000007fffeaf61ac .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatusEx 000007fefebc6784 5 bytes JMP 000007fffeae9474 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!StartServiceW 000007fefebc6824 5 bytes JMP 000007fffeae9460 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!SetServiceStatus 000007fefebc687c 5 bytes JMP 000007fffeae8e94 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerA 000007fefebc6aa4 5 bytes JMP 000007fffeafa380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefebc6c34 5 bytes JMP 000007fffeafa36c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!StartServiceA 000007fefebc6d00 5 bytes JMP 000007fffeb1b240 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!QueryServiceObjectSecurity 000007fefebc6d58 5 bytes JMP 000007fffeb1b2dc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefebc6e00 5 bytes JMP 000007fffeb1b24c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefebc6f2c 5 bytes JMP 000007fffeb1b95c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefebc7220 5 bytes JMP 000007fffeb1b8f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefebc739c 5 bytes JMP 000007fffeb1b9d4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefebc7538 5 bytes JMP 000007fffeb1b9c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefebc75e8 5 bytes JMP 000007fffeb1b77c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefebc790c 5 bytes JMP 000007fffeb05548 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefebc7ab4 5 bytes JMP 000007fffeb055d4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigA 000007fefebc7b04 5 bytes JMP 000007fffeb1b2fc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigW 000007fefebc7c34 5 bytes JMP 000007fffeaeecac .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2A 000007fefebc7d78 5 bytes JMP 000007fffeb1b330 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2W 000007fefebc8244 5 bytes JMP 000007fffeb1b310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherA 000007fefebc99e4 5 bytes JMP 000007fffeb1b234 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherW 000007fefebc9ac8 5 bytes JMP 000007fffeae6e4c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerW 000007fefebca51c 5 bytes JMP 000007fffeae2c1c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerA 000007fefebca530 5 bytes JMP 000007fffeb1b2d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExW 000007fefebca5b0 5 bytes JMP 000007fffeae8e60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExA 000007fefebca5c4 5 bytes JMP 000007fffeb1b2c4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChange 000007fefebcbb28 5 bytes JMP 000007fffeaeda10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChangeA 000007fefebcbb3c 5 bytes JMP 000007fffeb07440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!CreateWindowStationW 00000000771614c0 5 bytes JMP 0000000174c745b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!DdeInitializeW 0000000077164b74 5 bytes JMP 0000000174c72f40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077165350 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!OpenInputDesktop 0000000077166f00 5 bytes JMP 0000000174c75e00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!RegisterDeviceNotificationA 0000000077166fe4 5 bytes JMP 0000000174c6dd50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!UnregisterDeviceNotification 00000000771673b8 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetClassInfoA 0000000077167490 5 bytes JMP 0000000174c717c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetClassInfoExA 00000000771674c8 5 bytes JMP 0000000174c71680 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!EnumDesktopWindows 0000000077167d9c 5 bytes JMP 0000000174c74560 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!ActivateKeyboardLayout 00000000771683c0 5 bytes JMP 0000000174c6dad0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SetParent 0000000077168530 5 bytes JMP 0000000174c75990 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077169bcc 5 bytes JMP 0000000174c78b20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!UnregisterClassA 0000000077169e70 5 bytes JMP 0000000174c71560 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!RegisterClassA 0000000077169f68 5 bytes JMP 0000000174c713e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!CreateWindowExA 000000007716a2e0 5 bytes JMP 0000000174c6d510 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!PostMessageA 000000007716a404 5 bytes JMP 0000000174c77de0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!MoveWindow 000000007716aad0 5 bytes JMP 0000000174c6db40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007716b500 5 bytes JMP 0000000174c78f10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!UpdateLayeredWindowIndirect + 368 000000007716b830 5 bytes JMP 0000000174c6da30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SetCursor 000000007716c930 5 bytes JMP 0000000174c75b10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!ScreenToClient 000000007716ca58 5 bytes JMP 0000000174c6e9d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!EnumThreadWindows 000000007716ce5c 5 bytes JMP 0000000174c74500 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!IsWindowEnabled 000000007716d15c 5 bytes JMP 0000000174c6e820 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!AttachThreadInput 000000007716d240 5 bytes JMP 0000000174c6ecc0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!FindWindowW 000000007716d264 5 bytes JMP 0000000174c749b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007716d2b0 5 bytes JMP 0000000174c779e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SendMessageA 000000007716d338 5 bytes JMP 0000000174c77aa0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000000007716d440 5 bytes JMP 0000000174c75440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!UnregisterClassW 000000007716d464 5 bytes JMP 0000000174c714e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SetForegroundWindow 000000007716d540 5 bytes JMP 0000000174c75c50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SetThreadDesktop 000000007716d6d0 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetWindowTextW 000000007716d7a4 5 bytes JMP 0000000174c79bd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!OpenDesktopW 000000007716d870 5 bytes JMP 0000000174c74590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!EnumDesktopsW 000000007716d964 5 bytes JMP 0000000174c74570 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007716dc40 5 bytes JMP 0000000174c77db0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007716f874 5 bytes JMP 0000000174c757f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetUserObjectInformationW 000000007716f9c0 5 bytes JMP 0000000174c75e30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007716fac0 5 bytes JMP 0000000174c77ca0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000077170810 5 bytes JMP 0000000174c6d2c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!RegisterClassW 00000000771708c0 5 bytes JMP 0000000174c712e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077170b74 5 bytes JMP 0000000174c77a40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!RegisterClassExW 0000000077170e9c 5 bytes JMP 0000000174c710e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetClassInfoExW 0000000077171550 5 bytes JMP 0000000174c715e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetClassInfoW 00000000771716d0 5 bytes JMP 0000000174c71720 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!ClientToScreen 00000000771732b8 5 bytes JMP 0000000174c6e940 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SetWindowLongW 00000000771733b0 5 bytes JMP 0000000174c78ad0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetWindowLongPtrA 00000000771737c0 5 bytes JMP 0000000174c78c40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SetWindowPos 0000000077173c50 5 bytes JMP 0000000174c6e4a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetWindow 0000000077174bf4 5 bytes JMP 0000000174c75930 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!EnumChildWindows 0000000077174ce0 5 bytes JMP 0000000174c74490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetIconInfo 0000000077174eec 5 bytes JMP 0000000174c75b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetClassNameW 0000000077174f28 5 bytes JMP 0000000174c71860 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetClassLongPtrW 00000000771752a4 5 bytes JMP 0000000174c78cf0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!IsWindowUnicode 0000000077175360 5 bytes JMP 0000000174c6e840 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetWindowLongA 0000000077175408 5 bytes JMP 0000000174c78a90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetShellWindow 00000000771754a0 5 bytes JMP 0000000174c74df0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!EnumWindows 0000000077175e28 5 bytes JMP 0000000174c74480 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!MonitorFromWindow 0000000077175f08 5 bytes JMP 0000000174c75ce0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!DispatchMessageA 0000000077176274 5 bytes JMP 0000000174c77170 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetClassLongW 0000000077176458 5 bytes JMP 0000000174c78b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SendMessageW 0000000077176b50 5 bytes JMP 0000000174c77b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetClientRect 0000000077176bc8 5 bytes JMP 0000000174c6ea60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetWindowRect 0000000077176c0c 5 bytes JMP 0000000174c6eb30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!MapWindowPoints 0000000077176cd4 5 bytes JMP 0000000174c6e870 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SetPropW 0000000077176f50 5 bytes JMP 0000000174c78670 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!RemovePropW 0000000077176fd0 5 bytes JMP 0000000174c78750 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771776c0 5 bytes JMP 0000000174c78e40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!PostMessageW 00000000771776e4 5 bytes JMP 0000000174c77e80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!IsWindow 0000000077177928 5 bytes JMP 0000000174c6e810 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SetScrollInfo + 380 0000000077177ec0 5 bytes JMP 0000000174c74310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetWindowLongW 0000000077177f20 5 bytes JMP 0000000174c78a50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetPropW 0000000077178878 5 bytes JMP 0000000174c784d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetParent 00000000771789e4 5 bytes JMP 0000000174c75950 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetWindowInfo 0000000077178b08 5 bytes JMP 0000000174c6ec00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!IsIconic 0000000077178c5c 5 bytes JMP 0000000174c6e850 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!IsZoomed 0000000077178c8c 5 bytes JMP 0000000174c6e860 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!IsWindowVisible 0000000077178d24 5 bytes JMP 0000000174c6e830 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetWindowLongPtrW 00000000771796c0 5 bytes JMP 0000000174c78b90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!DispatchMessageW 000000007717991c 5 bytes JMP 0000000174c771a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!AnimateWindow 000000007717bff0 5 bytes JMP 0000000174c6dda0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamW 000000007717ce40 5 bytes JMP 0000000174c73f50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!DialogBoxParamW 000000007717d410 5 bytes JMP 0000000174c74090 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetClipboardData 000000007717e874 5 bytes JMP 0000000174c766c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetPropA 000000007717f4cc 5 bytes JMP 0000000174c785a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771828e4 5 bytes JMP 0000000174c77d80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!WaitForInputIdle 0000000077183fa0 5 bytes JMP 0000000174c6de30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW 0000000077184efc 5 bytes JMP 0000000174c73ec0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamW 0000000077184f70 5 bytes JMP 0000000174c73f90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!CloseClipboard 0000000077185a50 5 bytes JMP 0000000174c75f00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!OpenClipboard 0000000077185a70 5 bytes JMP 0000000174c75eb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW 0000000077187468 5 bytes JMP 0000000174c73e20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!CreateDialogParamW 000000007718751c 5 bytes JMP 0000000174c73fd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!FindWindowA 0000000077188270 5 bytes JMP 0000000174c74ab0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077188be0 5 bytes JMP 0000000174c77c60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077188c20 5 bytes JMP 0000000174c75770 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SendInput 0000000077188cd0 5 bytes JMP 0000000174c75d80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!FindWindowExW 0000000077188d20 5 bytes JMP 0000000174c74bb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!BlockInput 000000007718ad60 5 bytes JMP 0000000174c75d70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!ClipCursor 000000007718adb0 5 bytes JMP 0000000174c75a00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!UserHandleGrantAccess 000000007718b400 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!EnumDesktopsA 000000007719ffa0 5 bytes JMP 0000000174c74580 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!CreateWindowStationA 00000000771a14c4 5 bytes JMP 0000000174c745d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!OpenDesktopA 00000000771a1724 5 bytes JMP 0000000174c74590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SetCursorPos 00000000771a1f58 5 bytes JMP 0000000174c75be0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SetDoubleClickTime 00000000771a1f70 5 bytes JMP 0000000174c9e700 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SwapMouseButton 00000000771a1fa4 5 bytes JMP 0000000174c9e700 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamA 00000000771a2be4 5 bytes JMP 0000000174c73fb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamA 00000000771a2c0c 5 bytes JMP 0000000174c73f70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!DialogBoxParamA 00000000771a2c34 5 bytes JMP 0000000174c740f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!CreateDialogParamA 00000000771a2cf8 5 bytes JMP 0000000174c74030 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!ExitWindowsEx 00000000771b14e0 5 bytes JMP 0000000174c6db00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!EndTask 00000000771b1604 5 bytes JMP 0000000174c6dca0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!DdeInitializeA 00000000771b24a8 5 bytes JMP 0000000174c72f80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!MessageBoxW 00000000771d1314 5 bytes JMP 0000000174c6dbb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!MessageBoxExW 00000000771d1394 5 bytes JMP 0000000174c6dc20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetClassNameA 00000000771db394 5 bytes JMP 0000000174c719b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetClassLongPtrA 00000000771dcb6c 5 bytes JMP 0000000174c78d00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetClassLongA 00000000771dcbac 5 bytes JMP 0000000174c78b80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!GetWindowTextA 00000000771dccd0 5 bytes JMP 0000000174c79c00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!RegisterClassExA 00000000771dd670 5 bytes JMP 0000000174c711e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!FindWindowExA 00000000771ddae0 5 bytes JMP 0000000174c74cd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!RemovePropA 00000000771dde90 5 bytes JMP 0000000174c787b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\USER32.dll!SetPropA 00000000771ddf94 5 bytes JMP 0000000174c786e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\GDI32.dll!EnumFontFamiliesExW 000007fefea28724 6 bytes {JMP QWORD [RIP-0x21908542]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\GDI32.dll!GdiAddFontResourceW 000007fefea2a074 6 bytes {JMP QWORD [RIP-0x21909eba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\GDI32.dll!GdiDllInitialize 000007fefea2ae78 6 bytes {JMP QWORD [RIP-0x2190acc6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\GDI32.dll!RemoveFontResourceExW 000007fefea34784 6 bytes {JMP QWORD [RIP-0x219145c2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\GDI32.dll!GetFontResourceInfoW + 1 000007fefea34845 5 bytes {JMP QWORD [RIP-0x2191467a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\GDI32.dll!EnumFontFamiliesExA 000007fefea491f0 6 bytes {JMP QWORD [RIP-0x21929016]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\GDI32.dll!CreateScalableFontResourceW + 1 000007fefea49f4d 5 bytes {JMP QWORD [RIP-0x21929d7a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\WTSAPI32.dll!WTSEnumerateSessionsW 000007fefaed1430 6 bytes {JMP QWORD [RIP-0x1ddb123e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\WTSAPI32.dll!WTSQueryUserToken 000007fefaed18f0 6 bytes {JMP QWORD [RIP-0x1ddb1706]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\WTSAPI32.dll!WTSRegisterSessionNotification 000007fefaed1d00 6 bytes {JMP QWORD [RIP-0x1ddb1afe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\WTSAPI32.dll!WTSUnRegisterSessionNotification + 1 000007fefaed1e31 5 bytes {JMP QWORD [RIP-0x1ddb1c1e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\WTSAPI32.dll!WTSRegisterSessionNotificationEx 000007fefaed5030 6 bytes {JMP QWORD [RIP-0x1ddb4e26]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\WTSAPI32.dll!WTSUnRegisterSessionNotificationEx 000007fefaed50b4 6 bytes {JMP QWORD [RIP-0x1ddb4e9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\WTSAPI32.dll!WTSEnumerateProcessesW 000007fefaed54b0 6 bytes {JMP QWORD [RIP-0x1ddb52b6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\IMM32.DLL!ImmAssociateContext 000007fefeab1750 6 bytes {JMP QWORD [RIP-0x2199152e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\IMM32.DLL!ImmAssociateContextEx 000007fefeab8240 6 bytes {JMP QWORD [RIP-0x21998016]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\WINNSI.DLL!NsiRpcRegisterChangeNotification 000007fefad21910 6 bytes {JMP QWORD [RIP-0x1dc0162e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd8845c1 5 bytes {JMP QWORD [RIP-0x207642ce]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\WS2_32.dll!WSANSPIoctl 000007fefd8a44c0 6 bytes {JMP QWORD [RIP-0x207841d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd8ae0f0 6 bytes {JMP QWORD [RIP-0x2078ddf6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\CRYPT32.dll!CertGetCertificateChain 000007fefd260ba0 6 bytes {JMP QWORD [RIP-0x2014088e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\CRYPT32.dll!CryptUnprotectData + 1 000007fefd2791b9 5 bytes {JMP QWORD [RIP-0x20158eae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] C:\Windows\system32\CRYPT32.dll!CryptProtectData 000007fefd2796d4 6 bytes {JMP QWORD [RIP-0x201593d2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772822f0 5 bytes JMP 0000000174c883b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077286290 5 bytes JMP 0000000174c882f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk 000000007728a430 5 bytes JMP 0000000100030880 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx 0000000077295140 5 bytes JMP 0000000174c8d350 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentDirectory_U 00000000772a5d20 5 bytes JMP 0000000174c66cc0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentDirectory_U 00000000772a6050 5 bytes JMP 0000000174c66f30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!LdrQueryImageFileExecutionOptions 00000000772a66e0 5 bytes JMP 0000000174c88470 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter 00000000772abe60 6 bytes [51, 48, B8, 00, 12, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter + 8 00000000772abe68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForSingleObject + 8 00000000772abe78 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 00000000772abe90 6 bytes JMP 0000000174c5d910 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile + 8 00000000772abe98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ba1e8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 8 00000000772abea8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b1b88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000772abeb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletion + 8 00000000772abec8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseSemaphore + 8 00000000772abed8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 8 00000000772abee8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyPort + 8 00000000772abef8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772abf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetEvent 00000000772abf10 6 bytes [51, 48, B8, B0, 12, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetEvent + 8 00000000772abf18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bf418} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000772abf28 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9dea08} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 8 00000000772abf38 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bee18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationFile + 8 00000000772abf48 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9db028} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000772abf58 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9daba8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey + 8 00000000772abf68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtFindAtom + 8 00000000772abf78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultLocale + 8 00000000772abf88 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9db448} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryKey + 8 00000000772abf98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da868} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey + 8 00000000772abfa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 8 00000000772abfb8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9e1fc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess + 8 00000000772abfc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects32 + 8 00000000772abfd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFileGather + 8 00000000772abfe8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9e1f78} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000772abff8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9ee8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000772ac008 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 8 00000000772ac018 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf6f8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 8 00000000772ac028 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseMutant + 8 00000000772ac038 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec0c8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 00000000772ac048 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cfcd8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 8 00000000772ac058 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9deb38} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVirtualMemory + 8 00000000772ac068 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000772ac078 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000772ac080 6 bytes [51, 48, B8, 20, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 8 00000000772ac088 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000772ac098 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000772ac0a0 7 bytes [48, B8, C4, BF, 01, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000772ac0a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772ac0b0 7 bytes [48, B8, D0, BD, 01, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000772ac0b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm 00000000772ac0c0 6 bytes [51, 48, B8, 60, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm + 8 00000000772ac0c8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772ac0d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772ac0e0 6 bytes [51, 48, B8, 80, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 8 00000000772ac0e8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority 00000000772ac100 6 bytes [51, 48, B8, A0, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority + 8 00000000772ac108 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtReadFileScatter + 8 00000000772ac118 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000772ac128 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000772ac130 7 bytes [48, B8, 00, BF, 01, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000772ac138 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPerformanceCounter 00000000772ac140 6 bytes [51, 48, B8, E0, 14, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPerformanceCounter + 8 00000000772ac148 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da228} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey + 8 00000000772ac158 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000772ac168 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDelayExecution 00000000772ac170 6 bytes [51, 48, B8, 10, 15, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDelayExecution + 8 00000000772ac178 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ba0d8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 8 00000000772ac188 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2868} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformation + 8 00000000772ac198 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d25b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000772ac1a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimer + 8 00000000772ac1b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bc838} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 8 00000000772ac1c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000772ac1d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCloseObjectAuditAlarm + 8 00000000772ac1e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ec8b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000772ac1f8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772ac208 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtClearEvent 00000000772ac210 6 bytes [51, 48, B8, B0, 15, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtClearEvent + 8 00000000772ac218 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 8 00000000772ac228 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1b08} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000772ac238 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ebfb8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 00000000772ac248 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateToken + 8 00000000772ac258 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage 00000000772ac270 6 bytes [51, 48, B8, 10, 16, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage + 8 00000000772ac278 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000772ac288 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom 00000000772ac2a0 6 bytes [51, 48, B8, 40, 16, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom + 8 00000000772ac2a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d18b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000772ac2b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bcbc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVolumeInformationFile + 8 00000000772ac2c8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d2238} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000772ac2d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtFlushBuffersFile + 8 00000000772ac2e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtApphelpCacheControl + 8 00000000772ac2f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000772ac308 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000772ac318 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtIsProcessInJob + 8 00000000772ac328 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 00000000772ac338 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySection + 8 00000000772ac348 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread + 8 00000000772ac358 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData 00000000772ac370 6 bytes [51, 48, B8, 10, 17, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData + 8 00000000772ac378 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772ac388 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEvent 00000000772ac390 6 bytes [51, 48, B8, 30, 17, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEvent + 8 00000000772ac398 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtWriteRequestData + 8 00000000772ac3a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000772ac3b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeAndAuditAlarm + 8 00000000772ac3c8 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects 00000000772ac3e0 6 bytes [51, 48, B8, 80, 17, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects + 8 00000000772ac3e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationObject + 8 00000000772ac3f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFile + 8 00000000772ac408 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2318} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtTraceEvent + 8 00000000772ac418 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtPowerInformation + 8 00000000772ac428 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d88e8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000772ac438 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCancelTimer + 8 00000000772ac448 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimer + 8 00000000772ac458 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAcceptConnectPort + 8 00000000772ac468 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheck + 8 00000000772ac478 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType + 8 00000000772ac488 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultList + 8 00000000772ac498 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarm + 8 00000000772ac4a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarmByHandle + 8 00000000772ac4b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 8 00000000772ac4c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAddDriverEntry + 8 00000000772ac4d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustGroupsToken + 8 00000000772ac4e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlertResumeThread + 8 00000000772ac4f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlertThread + 8 00000000772ac508 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateLocallyUniqueId + 8 00000000772ac518 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateReserveObject + 8 00000000772ac528 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateUserPhysicalPages + 8 00000000772ac538 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateUuids + 8 00000000772ac548 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 00000000772ac558 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCancelMessage + 8 00000000772ac568 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0de8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 00000000772ac578 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0c68} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 00000000772ac588 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePortSection + 8 00000000772ac598 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateResourceReserve + 8 00000000772ac5a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateSectionView + 8 00000000772ac5b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreateSecurityContext + 8 00000000772ac5c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeletePortSection + 8 00000000772ac5d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteResourceReserve + 8 00000000772ac5e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteSectionView + 8 00000000772ac5f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDeleteSecurityContext + 8 00000000772ac608 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcDisconnectPort + 8 00000000772ac618 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf118} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort + 8 00000000772ac628 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcOpenSenderProcess + 8 00000000772ac638 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcOpenSenderThread + 8 00000000772ac648 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cedb8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcQueryInformation + 8 00000000772ac658 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cedd8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcQueryInformationMessage + 8 00000000772ac668 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcRevokeSecurityContext + 8 00000000772ac678 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cf878} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 00000000772ac688 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSetInformation + 8 00000000772ac698 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAreMappedFilesTheSame + 8 00000000772ac6a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2448} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 8 00000000772ac6b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFileEx + 8 00000000772ac6c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCancelSynchronousIoFile + 8 00000000772ac6d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCommitComplete + 8 00000000772ac6e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCommitEnlistment + 8 00000000772ac6f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCommitTransaction + 8 00000000772ac708 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCompactKeys + 8 00000000772ac718 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCompareTokens + 8 00000000772ac728 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCompleteConnectPort + 8 00000000772ac738 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCompressKey + 8 00000000772ac748 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d0538} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 00000000772ac758 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateDebugObject + 8 00000000772ac768 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateDirectoryObject + 8 00000000772ac778 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEnlistment + 8 00000000772ac788 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 8 00000000772ac798 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000772ac7a8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f2078} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateJobObject + 8 00000000772ac7b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateJobSet + 8 00000000772ac7c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyTransacted + 8 00000000772ac7d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000772ac7e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b9388} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMailslotFile + 8 00000000772ac7f8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d16a8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000772ac808 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9b9528} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000772ac818 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePagingFile + 8 00000000772ac828 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000772ac832 4 bytes {JMP 0xfffffffffd9d0290} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 8 00000000772ac838 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePrivateNamespace + 8 00000000772ac848 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000772ac858 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProfile + 8 00000000772ac868 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProfileEx + 8 00000000772ac878 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateResourceManager + 8 00000000772ac888 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1938} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000772ac898 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 8 00000000772ac8a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000772ac8b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000772ac8c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateToken + 8 00000000772ac8d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTransaction + 8 00000000772ac8e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTransactionManager + 8 00000000772ac8f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 8 00000000772ac908 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWaitablePort + 8 00000000772ac918 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWorkerFactory + 8 00000000772ac928 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 8 00000000772ac938 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDebugContinue + 8 00000000772ac948 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteAtom + 8 00000000772ac958 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 8 00000000772ac968 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteDriverEntry + 8 00000000772ac978 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9bef58} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000772ac988 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9daa68} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey + 8 00000000772ac998 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteObjectAuditAlarm + 8 00000000772ac9a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDeletePrivateNamespace + 8 00000000772ac9b8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9da8b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey + 8 00000000772ac9c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDisableLastKnownGood + 8 00000000772ac9d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDisplayString + 8 00000000772ac9e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDrawText + 8 00000000772ac9f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtEnableLastKnownGood + 8 00000000772aca08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateBootEntries + 8 00000000772aca18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateDriverEntries + 8 00000000772aca28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateSystemEnvironmentValuesEx + 8 00000000772aca38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateTransactionObject + 8 00000000772aca48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtExtendSection + 8 00000000772aca58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtFilterToken + 8 00000000772aca68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtFlushInstallUILanguage + 8 00000000772aca78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtFlushInstructionCache + 8 00000000772aca88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtFlushKey + 8 00000000772aca98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtFlushProcessWriteBuffers + 8 00000000772acaa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtFlushVirtualMemory + 8 00000000772acab8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtFlushWriteBuffer + 8 00000000772acac8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtFreeUserPhysicalPages + 8 00000000772acad8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtFreezeRegistry + 8 00000000772acae8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtFreezeTransactions + 8 00000000772acaf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 8 00000000772acb08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtGetCurrentProcessorNumber + 8 00000000772acb18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtGetDevicePowerState + 8 00000000772acb28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtGetMUIRegistryInfo + 8 00000000772acb38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 8 00000000772acb48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 8 00000000772acb58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtGetNlsSectionPtr + 8 00000000772acb68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtGetNotificationResourceManager + 8 00000000772acb78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtGetPlugPlayEvent + 8 00000000772acb88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtGetWriteWatch + 8 00000000772acb98 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cebc8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateAnonymousToken + 8 00000000772acba8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cebf8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateThread + 8 00000000772acbb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtInitializeNlsFiles + 8 00000000772acbc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtInitializeRegistry + 8 00000000772acbd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtInitiatePowerAction + 8 00000000772acbe8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtIsSystemResumeAutomatic + 8 00000000772acbf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtIsUILanguageComitted + 8 00000000772acc08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtListenPort + 8 00000000772acc18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9dbc78} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000772acc28 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d76a8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKey + 8 00000000772acc38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKey2 + 8 00000000772acc48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtLoadKeyEx + 8 00000000772acc58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtLockFile + 8 00000000772acc68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtLockProductActivationKeys + 8 00000000772acc78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtLockRegistryKey + 8 00000000772acc88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtLockVirtualMemory + 8 00000000772acc98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtMakePermanentObject + 8 00000000772acca8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject + 8 00000000772accb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtMapCMFModule + 8 00000000772accc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPages + 8 00000000772accd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 8 00000000772acce8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtModifyDriverEntry + 8 00000000772accf8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeDirectoryFile + 8 00000000772acd08 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d81b8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 8 00000000772acd18 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d7088} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 8 00000000772acd28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeSession + 8 00000000772acd38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEnlistment + 8 00000000772acd48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair + 8 00000000772acd58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000772acd68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenJobObject + 8 00000000772acd78 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9138} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000772acd88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyTransacted + 8 00000000772acd98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyTransactedEx + 8 00000000772acda8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000772acdb8 9 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 2 00000000772acdc2 4 bytes {JMP 0xfffffffffd9d1290} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000772acdc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenObjectAuditAlarm + 8 00000000772acdd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenPrivateNamespace + 8 00000000772acde8 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772acdf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenResourceManager 00000000772ace00 6 bytes [51, 48, B8, A0, 21, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenResourceManager + 8 00000000772ace08 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d1588} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000772ace18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSession + 8 00000000772ace28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000772ace38 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000772ace48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ace50 6 bytes [51, 48, B8, F0, 21, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000772ace58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTransaction + 8 00000000772ace68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTransactionManager + 8 00000000772ace78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtPlugPlayControl + 8 00000000772ace88 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtPrePrepareComplete + 8 00000000772ace98 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtPrePrepareEnlistment + 8 00000000772acea8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtPrepareComplete + 8 00000000772aceb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtPrepareEnlistment + 8 00000000772acec8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegeCheck + 8 00000000772aced8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegeObjectAuditAlarm + 8 00000000772acee8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtPrivilegedServiceAuditAlarm + 8 00000000772acef8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtPropagationComplete + 8 00000000772acf08 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtPropagationFailed + 8 00000000772acf18 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtPulseEvent + 8 00000000772acf28 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryBootEntryOrder + 8 00000000772acf38 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryBootOptions + 8 00000000772acf48 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDebugFilterState + 8 00000000772acf58 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryObject + 8 00000000772acf68 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDriverEntryOrder + 8 00000000772acf78 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEaFile + 8 00000000772acf88 15 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000772acf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationAtom 00000000772acfa0 6 bytes [51, 48, B8, 40, 23, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationAtom + 8 00000000772acfa8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationEnlistment + 8 00000000772acfb8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationJobObject + 8 00000000772acfc8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationPort + 8 00000000772acfd8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationResourceManager + 8 00000000772acfe8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationTransaction + 8 00000000772acff8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationTransactionManager + 8 00000000772ad008 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationWorkerFactory + 8 00000000772ad018 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInstallUILanguage + 8 00000000772ad028 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryIntervalProfile + 8 00000000772ad038 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryIoCompletion + 8 00000000772ad048 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryLicenseValue + 8 00000000772ad058 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d9c88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey + 8 00000000772ad068 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMutant + 8 00000000772ad078 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryOpenSubKeys + 8 00000000772ad088 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryOpenSubKeysEx + 8 00000000772ad098 12 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPortInformationProcess + 5 00000000772ad0a5 1 byte [03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPortInformationProcess + 8 00000000772ad0a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryQuotaInformationFile + 8 00000000772ad0b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityAttributesToken + 8 00000000772ad0c8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eae18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityObject + 8 00000000772ad0d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySemaphore + 8 00000000772ad0e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySymbolicLinkObject + 8 00000000772ad0f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemEnvironmentValue + 8 00000000772ad108 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemEnvironmentValueEx + 8 00000000772ad118 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformationEx + 8 00000000772ad128 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimerResolution + 8 00000000772ad138 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 8 00000000772ad148 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000772ad160 6 bytes [51, 48, B8, 00, 25, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000772ad168 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtReadOnlyEnlistment + 8 00000000772ad178 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverEnlistment + 8 00000000772ad188 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverResourceManager + 8 00000000772ad198 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtRecoverTransactionManager + 8 00000000772ad1a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtRegisterProtocolAddressInformation + 8 00000000772ad1b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtRegisterThreadTerminatePort + 8 00000000772ad1c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseKeyedEvent + 8 00000000772ad1d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseWorkerFactoryWorker + 8 00000000772ad1e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletionEx + 8 00000000772ad1f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveProcessDebug + 8 00000000772ad208 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9d7088} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey + 8 00000000772ad218 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtRenameTransactionManager + 8 00000000772ad228 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtReplaceKey + 8 00000000772ad238 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtReplacePartitionUnit + 8 00000000772ad248 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReplyPort + 8 00000000772ad258 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtRequestPort + 8 00000000772ad268 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtResetEvent + 8 00000000772ad278 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtResetWriteWatch + 8 00000000772ad288 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtRestoreKey + 8 00000000772ad298 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess + 8 00000000772ad2a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackComplete + 8 00000000772ad2b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackEnlistment + 8 00000000772ad2c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtRollbackTransaction + 8 00000000772ad2d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtRollforwardTransactionManager + 8 00000000772ad2e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f0068} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSaveKey + 8 00000000772ad2f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSaveKeyEx + 8 00000000772ad308 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSaveMergedKeys + 8 00000000772ad318 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9cfba8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 00000000772ad328 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSerializeBoot + 8 00000000772ad338 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 8 00000000772ad348 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 8 00000000772ad358 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000772ad368 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetDebugFilterState + 8 00000000772ad378 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultHardErrorPort + 8 00000000772ad388 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultLocale + 8 00000000772ad398 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetDefaultUILanguage + 8 00000000772ad3a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetDriverEntryOrder + 8 00000000772ad3b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetEaFile + 8 00000000772ad3c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetHighEventPair + 8 00000000772ad3d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetHighWaitLowEventPair + 8 00000000772ad3e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationDebugObject + 8 00000000772ad3f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationEnlistment + 8 00000000772ad408 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9f1728} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationJobObject + 8 00000000772ad418 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationKey + 8 00000000772ad428 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationResourceManager + 8 00000000772ad438 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9ead88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationToken + 8 00000000772ad448 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationTransaction + 8 00000000772ad458 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationTransactionManager + 8 00000000772ad468 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationWorkerFactory + 8 00000000772ad478 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetIntervalProfile + 8 00000000772ad488 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetIoCompletion + 8 00000000772ad498 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetIoCompletionEx + 8 00000000772ad4a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetLdtEntries + 8 00000000772ad4b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetLowEventPair + 8 00000000772ad4c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetLowWaitHighEventPair + 8 00000000772ad4d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetQuotaInformationFile + 8 00000000772ad4e8 14 bytes {ADD [RAX], AL; ADD [RAX-0x77], CL; ADD AL, 0x24; RET ; JMP 0xfffffffffd9eab18} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 8 00000000772ad4f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemEnvironmentValue + 8 00000000772ad508 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemEnvironmentValueEx + 8 00000000772ad518 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000772ad528 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 8 00000000772ad538 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemTime + 8 00000000772ad548 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetThreadExecutionState + 8 00000000772ad558 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimerEx + 8 00000000772ad568 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimerResolution + 8 00000000772ad578 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetUuidSeed + 8 00000000772ad588 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetVolumeInformationFile + 8 00000000772ad598 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem + 8 00000000772ad5a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownWorkerFactory + 8 00000000772ad5b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSignalAndWaitForSingleObject + 8 00000000772ad5c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSinglePhaseReject + 8 00000000772ad5d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtStartProfile + 8 00000000772ad5e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtStopProfile + 8 00000000772ad5f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 00000000772ad608 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 00000000772ad618 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000772ad628 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtTestAlert 00000000772ad640 6 bytes [51, 48, B8, E0, 29, 03] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtTestAlert + 8 00000000772ad648 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtThawRegistry + 8 00000000772ad658 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtThawTransactions + 8 00000000772ad668 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtTraceControl + 8 00000000772ad678 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtTranslateFilePath + 8 00000000772ad688 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtUmsThreadYield + 8 00000000772ad698 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadDriver + 8 00000000772ad6a8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey + 8 00000000772ad6b8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey2 + 8 00000000772ad6c8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKeyEx + 8 00000000772ad6d8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtUnlockFile + 8 00000000772ad6e8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtUnlockVirtualMemory + 8 00000000772ad6f8 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000772ad708 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForDebugEvent + 8 00000000772ad718 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForKeyedEvent + 8 00000000772ad728 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForWorkViaWorkerFactory + 8 00000000772ad738 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtWaitHighEventPair + 8 00000000772ad748 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 8 00000000772ad758 14 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtWorkerFactoryWorkerReady + 8 00000000772ad768 8 bytes [00, 00, 00, 48, 89, 04, 24, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!RtlGetFullPathName_UEx 00000000772b0cd0 5 bytes JMP 0000000174c671d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\kernel32.dll!CreateActCtxW 000000007705a180 5 bytes JMP 0000000174c9da80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007705dae0 5 bytes JMP 0000000174c8e480 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\kernel32.dll!SetLocaleInfoA 00000000770af430 5 bytes JMP 0000000174c9e700 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\kernel32.dll!AllocConsole 00000000770c5c60 5 bytes JMP 0000000174c72120 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000770cf690 5 bytes JMP 0000000174c5e7e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\kernel32.dll!ReplaceFile 00000000770d4390 5 bytes JMP 0000000174c6b4e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\kernel32.dll!WinExec 00000000770db4b0 5 bytes JMP 0000000174c8d4e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\KERNELBASE.dll!GetVolumeInformationW 000007fefd184f30 6 bytes {JMP QWORD [RIP-0x20064f26]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\KERNELBASE.dll!GetFinalPathNameByHandleW 000007fefd189100 6 bytes {JMP QWORD [RIP-0x200690fe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd1b0250 6 bytes {JMP QWORD [RIP-0x20090256]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesW 000007fefeae1460 6 bytes {JMP QWORD [RIP-0x219c13ae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!CloseEventLog + 1 000007fefeae9271 5 bytes {JMP QWORD [RIP-0x219c9236]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!QueryServiceStatusEx 000007fefeae9474 6 bytes {JMP QWORD [RIP-0x219c9432]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!RegConnectRegistryW 000007fefeaeab20 6 bytes {JMP QWORD [RIP-0x219ca9ae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!SetSecurityInfo 000007fefeaeb210 6 bytes {JMP QWORD [RIP-0x219cb08e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!GetSecurityInfo 000007fefeaedad0 6 bytes {JMP QWORD [RIP-0x219cd946]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExW 000007fefeaeeb20 6 bytes {JMP QWORD [RIP-0x219ceaae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!ReportEventW 000007fefeaf0050 6 bytes {JMP QWORD [RIP-0x219d001e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!LookupAccountNameW 000007fefeaf0b24 6 bytes {JMP QWORD [RIP-0x219d09c2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!RegisterEventSourceW + 1 000007fefeaf6031 5 bytes {JMP QWORD [RIP-0x219d6016]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!DeregisterEventSource 000007fefeafa5a0 6 bytes {JMP QWORD [RIP-0x219da57e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb05548 6 bytes {JMP QWORD [RIP-0x219e546e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameW 000007fefeb056a0 6 bytes {JMP QWORD [RIP-0x219e560e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameW 000007fefeb05770 6 bytes {JMP QWORD [RIP-0x219e56ce]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!RegisterEventSourceA + 1 000007fefeb07461 5 bytes {JMP QWORD [RIP-0x219e744e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!QueryServiceObjectSecurity 000007fefeb1b2dc 6 bytes {JMP QWORD [RIP-0x219fb222]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!QueryServiceConfig2W 000007fefeb1b310 6 bytes {JMP QWORD [RIP-0x219fb2be]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!QueryServiceConfig2A 000007fefeb1b330 6 bytes {JMP QWORD [RIP-0x219fb2e6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefeb1b77c 6 bytes {JMP QWORD [RIP-0x219fb6aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!CreateRestrictedToken 000007fefeb1b7fc 6 bytes {JMP QWORD [RIP-0x219fb682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefeb1b8f0 6 bytes {JMP QWORD [RIP-0x219fb806]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefeb1b95c 6 bytes {JMP QWORD [RIP-0x219fb87a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!CredRenameA 000007fefeb22d50 6 bytes {JMP QWORD [RIP-0x21a02c16]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!GetEffectiveRightsFromAclW 000007fefeb25b00 6 bytes {JMP QWORD [RIP-0x21a0596e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesA 000007fefeb2d170 6 bytes {JMP QWORD [RIP-0x21a0d0c6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExA 000007fefeb2d2e0 6 bytes {JMP QWORD [RIP-0x21a0d276]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusA 000007fefeb2d4e0 6 bytes {JMP QWORD [RIP-0x21a0d486]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusW 000007fefeb2d8e0 6 bytes {JMP QWORD [RIP-0x21a0d87e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!UnlockServiceDatabase 000007fefeb2d930 6 bytes {JMP QWORD [RIP-0x21a0d866]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!QueryServiceLockStatusW 000007fefeb2d9a0 6 bytes {JMP QWORD [RIP-0x21a0d91e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!QueryServiceLockStatusA 000007fefeb2dab0 6 bytes {JMP QWORD [RIP-0x21a0da36]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!LockServiceDatabase 000007fefeb2dbc0 6 bytes {JMP QWORD [RIP-0x21a0dafe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameA 000007fefeb2dc40 6 bytes {JMP QWORD [RIP-0x21a0dbb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameA 000007fefeb2dcd0 6 bytes {JMP QWORD [RIP-0x21a0dc36]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!CredDeleteW 000007fefeb40910 6 bytes {JMP QWORD [RIP-0x21a207c6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!CredDeleteA 000007fefeb409d0 6 bytes {JMP QWORD [RIP-0x21a2088e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!ReportEventA 000007fefeb41cc0 6 bytes {JMP QWORD [RIP-0x21a21c96]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!RegConnectRegistryA 000007fefeb4c860 6 bytes {JMP QWORD [RIP-0x21a2c6f6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!CredReadDomainCredentialsW 000007fefeb4d820 6 bytes {JMP QWORD [RIP-0x21a2d6ee]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!CredReadDomainCredentialsA 000007fefeb4d950 6 bytes {JMP QWORD [RIP-0x21a2d826]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!CredWriteDomainCredentialsW 000007fefeb4da80 6 bytes {JMP QWORD [RIP-0x21a2d95e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!CredWriteDomainCredentialsA 000007fefeb4db60 6 bytes {JMP QWORD [RIP-0x21a2da46]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!CredEnumerateW 000007fefeb4dc60 6 bytes {JMP QWORD [RIP-0x21a2db06]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!CredEnumerateA 000007fefeb4dd90 6 bytes {JMP QWORD [RIP-0x21a2dc3e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!CredReadW 000007fefeb4dec0 6 bytes {JMP QWORD [RIP-0x21a2ddae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!CredReadA 000007fefeb4dfd0 6 bytes {JMP QWORD [RIP-0x21a2dec6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!CredWriteW 000007fefeb4e0e0 6 bytes {JMP QWORD [RIP-0x21a2dfde]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!CredWriteA 000007fefeb4e190 6 bytes {JMP QWORD [RIP-0x21a2e096]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithTokenW 000007fefeb50c80 6 bytes {JMP QWORD [RIP-0x21a30b8e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefebc642c 5 bytes JMP 000007fffeb055e8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefebc6484 5 bytes JMP 000007fffeaee870 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefebc6518 5 bytes JMP 000007fffeafae24 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerW 000007fefebc659c 5 bytes JMP 000007fffeaee858 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatus 000007fefebc6730 5 bytes JMP 000007fffeaf61ac .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatusEx 000007fefebc6784 5 bytes JMP 000007fffeae9474 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!StartServiceW 000007fefebc6824 5 bytes JMP 000007fffeae9460 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!SetServiceStatus 000007fefebc687c 5 bytes JMP 000007fffeae8e94 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerA 000007fefebc6aa4 5 bytes JMP 000007fffeafa380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefebc6c34 5 bytes JMP 000007fffeafa36c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!StartServiceA 000007fefebc6d00 5 bytes JMP 000007fffeb1b240 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!QueryServiceObjectSecurity 000007fefebc6d58 5 bytes JMP 000007fffeb1b2dc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefebc6e00 5 bytes JMP 000007fffeb1b24c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefebc6f2c 5 bytes JMP 000007fffeb1b95c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefebc7220 5 bytes JMP 000007fffeb1b8f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefebc739c 5 bytes JMP 000007fffeb1b9d4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefebc7538 5 bytes JMP 000007fffeb1b9c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefebc75e8 5 bytes JMP 000007fffeb1b77c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefebc790c 5 bytes JMP 000007fffeb05548 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefebc7ab4 5 bytes JMP 000007fffeb055d4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigA 000007fefebc7b04 5 bytes JMP 000007fffeb1b2fc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigW 000007fefebc7c34 5 bytes JMP 000007fffeaeecac .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2A 000007fefebc7d78 5 bytes JMP 000007fffeb1b330 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2W 000007fefebc8244 5 bytes JMP 000007fffeb1b310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherA 000007fefebc99e4 5 bytes JMP 000007fffeb1b234 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherW 000007fefebc9ac8 5 bytes JMP 000007fffeae6e4c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerW 000007fefebca51c 5 bytes JMP 000007fffeae2c1c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerA 000007fefebca530 5 bytes JMP 000007fffeb1b2d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExW 000007fefebca5b0 5 bytes JMP 000007fffeae8e60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExA 000007fefebca5c4 5 bytes JMP 000007fffeb1b2c4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChange 000007fefebcbb28 5 bytes JMP 000007fffeaeda10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChangeA 000007fefebcbb3c 5 bytes JMP 000007fffeb07440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!CreateWindowStationW 00000000771614c0 5 bytes JMP 0000000174c745b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!DdeInitializeW 0000000077164b74 5 bytes JMP 0000000174c72f40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077165350 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!OpenInputDesktop 0000000077166f00 5 bytes JMP 0000000174c75e00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!RegisterDeviceNotificationA 0000000077166fe4 5 bytes JMP 0000000174c6dd50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!UnregisterDeviceNotification 00000000771673b8 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetClassInfoA 0000000077167490 5 bytes JMP 0000000174c717c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetClassInfoExA 00000000771674c8 5 bytes JMP 0000000174c71680 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!EnumDesktopWindows 0000000077167d9c 5 bytes JMP 0000000174c74560 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!ActivateKeyboardLayout 00000000771683c0 5 bytes JMP 0000000174c6dad0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SetParent 0000000077168530 5 bytes JMP 0000000174c75990 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077169bcc 5 bytes JMP 0000000174c78b20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!UnregisterClassA 0000000077169e70 5 bytes JMP 0000000174c71560 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!RegisterClassA 0000000077169f68 5 bytes JMP 0000000174c713e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!CreateWindowExA 000000007716a2e0 5 bytes JMP 0000000174c6d510 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!PostMessageA 000000007716a404 5 bytes JMP 0000000174c77de0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!MoveWindow 000000007716aad0 5 bytes JMP 0000000174c6db40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007716b500 5 bytes JMP 0000000174c78f10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!UpdateLayeredWindowIndirect + 368 000000007716b830 5 bytes JMP 0000000174c6da30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SetCursor 000000007716c930 5 bytes JMP 0000000174c75b10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!ScreenToClient 000000007716ca58 5 bytes JMP 0000000174c6e9d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!EnumThreadWindows 000000007716ce5c 5 bytes JMP 0000000174c74500 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!IsWindowEnabled 000000007716d15c 5 bytes JMP 0000000174c6e820 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!AttachThreadInput 000000007716d240 5 bytes JMP 0000000174c6ecc0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!FindWindowW 000000007716d264 5 bytes JMP 0000000174c749b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007716d2b0 5 bytes JMP 0000000174c779e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SendMessageA 000000007716d338 5 bytes JMP 0000000174c77aa0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000000007716d440 5 bytes JMP 0000000174c75440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!UnregisterClassW 000000007716d464 5 bytes JMP 0000000174c714e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SetForegroundWindow 000000007716d540 5 bytes JMP 0000000174c75c50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SetThreadDesktop 000000007716d6d0 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetWindowTextW 000000007716d7a4 5 bytes JMP 0000000174c79bd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!OpenDesktopW 000000007716d870 5 bytes JMP 0000000174c74590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!EnumDesktopsW 000000007716d964 5 bytes JMP 0000000174c74570 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007716dc40 5 bytes JMP 0000000174c77db0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007716f874 5 bytes JMP 0000000174c757f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetUserObjectInformationW 000000007716f9c0 5 bytes JMP 0000000174c75e30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007716fac0 5 bytes JMP 0000000174c77ca0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000077170810 5 bytes JMP 0000000174c6d2c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!RegisterClassW 00000000771708c0 5 bytes JMP 0000000174c712e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077170b74 5 bytes JMP 0000000174c77a40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!RegisterClassExW 0000000077170e9c 5 bytes JMP 0000000174c710e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetClassInfoExW 0000000077171550 5 bytes JMP 0000000174c715e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetClassInfoW 00000000771716d0 5 bytes JMP 0000000174c71720 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!ClientToScreen 00000000771732b8 5 bytes JMP 0000000174c6e940 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SetWindowLongW 00000000771733b0 5 bytes JMP 0000000174c78ad0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetWindowLongPtrA 00000000771737c0 5 bytes JMP 0000000174c78c40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SetWindowPos 0000000077173c50 5 bytes JMP 0000000174c6e4a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetWindow 0000000077174bf4 5 bytes JMP 0000000174c75930 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!EnumChildWindows 0000000077174ce0 5 bytes JMP 0000000174c74490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetIconInfo 0000000077174eec 5 bytes JMP 0000000174c75b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetClassNameW 0000000077174f28 5 bytes JMP 0000000174c71860 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetClassLongPtrW 00000000771752a4 5 bytes JMP 0000000174c78cf0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!IsWindowUnicode 0000000077175360 5 bytes JMP 0000000174c6e840 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetWindowLongA 0000000077175408 5 bytes JMP 0000000174c78a90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetShellWindow 00000000771754a0 5 bytes JMP 0000000174c74df0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!EnumWindows 0000000077175e28 5 bytes JMP 0000000174c74480 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!MonitorFromWindow 0000000077175f08 5 bytes JMP 0000000174c75ce0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!DispatchMessageA 0000000077176274 5 bytes JMP 0000000174c77170 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetClassLongW 0000000077176458 5 bytes JMP 0000000174c78b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SendMessageW 0000000077176b50 5 bytes JMP 0000000174c77b70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetClientRect 0000000077176bc8 5 bytes JMP 0000000174c6ea60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetWindowRect 0000000077176c0c 5 bytes JMP 0000000174c6eb30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!MapWindowPoints 0000000077176cd4 5 bytes JMP 0000000174c6e870 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SetPropW 0000000077176f50 5 bytes JMP 0000000174c78670 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!RemovePropW 0000000077176fd0 5 bytes JMP 0000000174c78750 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771776c0 5 bytes JMP 0000000174c78e40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!PostMessageW 00000000771776e4 5 bytes JMP 0000000174c77e80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!IsWindow 0000000077177928 5 bytes JMP 0000000174c6e810 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SetScrollInfo + 380 0000000077177ec0 5 bytes JMP 0000000174c74310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetWindowLongW 0000000077177f20 5 bytes JMP 0000000174c78a50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetPropW 0000000077178878 5 bytes JMP 0000000174c784d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetParent 00000000771789e4 5 bytes JMP 0000000174c75950 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetWindowInfo 0000000077178b08 5 bytes JMP 0000000174c6ec00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!IsIconic 0000000077178c5c 5 bytes JMP 0000000174c6e850 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!IsZoomed 0000000077178c8c 5 bytes JMP 0000000174c6e860 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!IsWindowVisible 0000000077178d24 5 bytes JMP 0000000174c6e830 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetWindowLongPtrW 00000000771796c0 5 bytes JMP 0000000174c78b90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!DispatchMessageW 000000007717991c 5 bytes JMP 0000000174c771a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!AnimateWindow 000000007717bff0 5 bytes JMP 0000000174c6dda0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamW 000000007717ce40 5 bytes JMP 0000000174c73f50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!DialogBoxParamW 000000007717d410 5 bytes JMP 0000000174c74090 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetClipboardData 000000007717e874 5 bytes JMP 0000000174c766c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetPropA 000000007717f4cc 5 bytes JMP 0000000174c785a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771828e4 5 bytes JMP 0000000174c77d80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!WaitForInputIdle 0000000077183fa0 5 bytes JMP 0000000174c6de30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW 0000000077184efc 5 bytes JMP 0000000174c73ec0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamW 0000000077184f70 5 bytes JMP 0000000174c73f90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!CloseClipboard 0000000077185a50 5 bytes JMP 0000000174c75f00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!OpenClipboard 0000000077185a70 5 bytes JMP 0000000174c75eb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW 0000000077187468 5 bytes JMP 0000000174c73e20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!CreateDialogParamW 000000007718751c 5 bytes JMP 0000000174c73fd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!FindWindowA 0000000077188270 5 bytes JMP 0000000174c74ab0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077188be0 5 bytes JMP 0000000174c77c60 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077188c20 5 bytes JMP 0000000174c75770 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SendInput 0000000077188cd0 5 bytes JMP 0000000174c75d80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!FindWindowExW 0000000077188d20 5 bytes JMP 0000000174c74bb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!BlockInput 000000007718ad60 5 bytes JMP 0000000174c75d70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!ClipCursor 000000007718adb0 5 bytes JMP 0000000174c75a00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!UserHandleGrantAccess 000000007718b400 5 bytes JMP 0000000174c6cfe0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!EnumDesktopsA 000000007719ffa0 5 bytes JMP 0000000174c74580 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!CreateWindowStationA 00000000771a14c4 5 bytes JMP 0000000174c745d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!OpenDesktopA 00000000771a1724 5 bytes JMP 0000000174c74590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SetCursorPos 00000000771a1f58 5 bytes JMP 0000000174c75be0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SetDoubleClickTime 00000000771a1f70 5 bytes JMP 0000000174c9e700 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SwapMouseButton 00000000771a1fa4 5 bytes JMP 0000000174c9e700 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamA 00000000771a2be4 5 bytes JMP 0000000174c73fb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamA 00000000771a2c0c 5 bytes JMP 0000000174c73f70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!DialogBoxParamA 00000000771a2c34 5 bytes JMP 0000000174c740f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!CreateDialogParamA 00000000771a2cf8 5 bytes JMP 0000000174c74030 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!ExitWindowsEx 00000000771b14e0 5 bytes JMP 0000000174c6db00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!EndTask 00000000771b1604 5 bytes JMP 0000000174c6dca0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!DdeInitializeA 00000000771b24a8 5 bytes JMP 0000000174c72f80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!MessageBoxW 00000000771d1314 5 bytes JMP 0000000174c6dbb0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!MessageBoxExW 00000000771d1394 5 bytes JMP 0000000174c6dc20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetClassNameA 00000000771db394 5 bytes JMP 0000000174c719b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetClassLongPtrA 00000000771dcb6c 5 bytes JMP 0000000174c78d00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetClassLongA 00000000771dcbac 5 bytes JMP 0000000174c78b80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!GetWindowTextA 00000000771dccd0 5 bytes JMP 0000000174c79c00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!RegisterClassExA 00000000771dd670 5 bytes JMP 0000000174c711e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!FindWindowExA 00000000771ddae0 5 bytes JMP 0000000174c74cd0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!RemovePropA 00000000771dde90 5 bytes JMP 0000000174c787b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\USER32.dll!SetPropA 00000000771ddf94 5 bytes JMP 0000000174c786e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\GDI32.dll!EnumFontFamiliesExW 000007fefea28724 6 bytes {JMP QWORD [RIP-0x21908542]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\GDI32.dll!GdiAddFontResourceW 000007fefea2a074 6 bytes {JMP QWORD [RIP-0x21909eba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\GDI32.dll!GdiDllInitialize 000007fefea2ae78 6 bytes {JMP QWORD [RIP-0x2190acc6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\GDI32.dll!RemoveFontResourceExW 000007fefea34784 6 bytes {JMP QWORD [RIP-0x219145c2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\GDI32.dll!GetFontResourceInfoW + 1 000007fefea34845 5 bytes {JMP QWORD [RIP-0x2191467a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\GDI32.dll!EnumFontFamiliesExA 000007fefea491f0 6 bytes {JMP QWORD [RIP-0x21929016]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\GDI32.dll!CreateScalableFontResourceW + 1 000007fefea49f4d 5 bytes {JMP QWORD [RIP-0x21929d7a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\WTSAPI32.dll!WTSEnumerateSessionsW 000007fefaed1430 6 bytes {JMP QWORD [RIP-0x1ddb123e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\WTSAPI32.dll!WTSQueryUserToken 000007fefaed18f0 6 bytes {JMP QWORD [RIP-0x1ddb1706]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\WTSAPI32.dll!WTSRegisterSessionNotification 000007fefaed1d00 6 bytes {JMP QWORD [RIP-0x1ddb1afe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\WTSAPI32.dll!WTSUnRegisterSessionNotification + 1 000007fefaed1e31 5 bytes {JMP QWORD [RIP-0x1ddb1c1e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\WTSAPI32.dll!WTSRegisterSessionNotificationEx 000007fefaed5030 6 bytes {JMP QWORD [RIP-0x1ddb4e26]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\WTSAPI32.dll!WTSUnRegisterSessionNotificationEx 000007fefaed50b4 6 bytes {JMP QWORD [RIP-0x1ddb4e9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\WTSAPI32.dll!WTSEnumerateProcessesW 000007fefaed54b0 6 bytes {JMP QWORD [RIP-0x1ddb52b6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\IMM32.DLL!ImmAssociateContext 000007fefeab1750 6 bytes {JMP QWORD [RIP-0x2199152e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\IMM32.DLL!ImmAssociateContextEx 000007fefeab8240 6 bytes {JMP QWORD [RIP-0x21998016]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\WINNSI.DLL!NsiRpcRegisterChangeNotification 000007fefad21910 6 bytes {JMP QWORD [RIP-0x1dc0162e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd8845c1 5 bytes {JMP QWORD [RIP-0x207642ce]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\WS2_32.dll!WSANSPIoctl 000007fefd8a44c0 6 bytes {JMP QWORD [RIP-0x207841d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd8ae0f0 6 bytes {JMP QWORD [RIP-0x2078ddf6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\CRYPT32.dll!CertGetCertificateChain 000007fefd260ba0 6 bytes {JMP QWORD [RIP-0x2014088e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\CRYPT32.dll!CryptUnprotectData + 1 000007fefd2791b9 5 bytes {JMP QWORD [RIP-0x20158eae]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\system32\CRYPT32.dll!CryptProtectData 000007fefd2796d4 6 bytes {JMP QWORD [RIP-0x201593d2]} .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtClose + 1 000000007745f9e1 3 bytes [0B, 1D, 19] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtClose + 5 000000007745f9e5 2 bytes [50, C3] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 1 00000000774600b5 3 bytes [08, 1A, 19] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000774600b9 2 bytes [50, C3] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 1 0000000077460389 3 bytes [68, 1C, 19] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 5 000000007746038d 2 bytes [50, C3] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 1 00000000774603b9 3 bytes [96, 19, 19] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 5 00000000774603bd 2 bytes [50, C3] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 1 00000000774603d1 3 bytes [E0, 1B, 19] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 5 00000000774603d5 2 bytes [50, C3] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 1 0000000077460551 3 bytes [34, 1D, 19] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 5 0000000077460555 2 bytes [50, C3] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 1 0000000077460695 3 bytes [E2, 19, 19] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 5 0000000077460699 2 bytes [50, C3] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 1 00000000774618c1 3 bytes [BC, 19, 19] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 5 00000000774618c5 2 bytes [50, C3] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007747dffe 7 bytes [B8, 0D, 77, 19, 00, 50, C3] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007747f7fd 10 bytes [B8, 42, 84, 19, 00, 50, C3, ...] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW + 257 00000000769f4322 7 bytes JMP 00000001001911e5 .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\kernel32.dll!VirtualAllocExNuma + 11 0000000076a74d6a 7 bytes JMP 0000000100191229 .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000763b78e2 8 bytes [B8, 8D, 1D, 19, 00, 50, C3, ...] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000763b7bd3 8 bytes [B8, 45, 1D, 19, 00, 50, C3, ...] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000763b8332 7 bytes [B8, DD, 18, 19, 00, 50, C3] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\USER32.dll!RegisterClassW + 237 00000000763b8b52 8 bytes [B8, B6, 5B, 19, 00, 50, C3, ...] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000763c05ba 11 bytes [B8, 20, 1E, 19, 00, 50, C3, ...] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000763c291f 11 bytes [B8, EE, 77, 19, 00, 50, C3, ...] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000763c5f74 11 bytes [B8, D5, 1D, 19, 00, 50, C3, ...] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000763c6110 7 bytes [B8, B7, 18, 19, 00, 50, C3] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000763c6285 12 bytes [B8, 3C, 79, 19, 00, 50, C3, ...] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\USER32.dll!ScrollWindowEx + 84 00000000763dd5bf 8 bytes [B8, DA, 73, 19, 00, 50, C3, ...] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000763deb96 7 bytes [B8, 41, 77, 19, 00, 50, C3] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 1 00000000763dec69 3 bytes [9B, 78, 19] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 5 00000000763dec6d 5 bytes [50, C3, 90, 90, 90] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\USER32.dll!GetRawInputBuffer 000000007640816c 11 bytes [B8, 9A, 56, 19, 00, 50, C3, ...] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\USER32.dll!GetRawInputData + 1 0000000076418370 3 bytes [FD, 55, 19] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\USER32.dll!GetRawInputData + 5 0000000076418374 5 bytes [50, C3, 90, 90, 90] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\USER32.dll!EndTask + 1 000000007641a7ef 3 bytes [4F, 19, 19] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\USER32.dll!EndTask + 5 000000007641a7f3 5 bytes [50, C3, 90, 90, 90] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\MSCTF.dll!TF_Notify 00000000751e3a1d 7 bytes [B8, 07, 74, 19, 00, 50, C3] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000765d548d 10 bytes [B8, 20, 6A, 19, 00, 50, C3, ...] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9cff 8 bytes [B8, 90, 87, 19, 00, 50, C3, ...] .text D:\Pobrane\FRST-GMER\ockq3kzv.exe[3252] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000765e9d42 9 bytes [B8, FA, 69, 19, 00, 50, C3, ...] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IofCompleteRequest] [fffff88003b027c4] \??\C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.sys [.text] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee5ddaef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee5dda630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee5ddaee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee5ddb31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3948] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee5ddaed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee5ddaef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee5dda630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee5ddaee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee5ddb31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[784] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee5ddaed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee5ddaef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee5dda630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee5ddaee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee5ddb31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee5ddaed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee5ddaef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee5dda630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee5ddaee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee5ddb31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1628] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee5ddaed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] @ C:\Users\Giant\AppData\Local\Google\Chrome\User Data\PepperFlash\22.0.0.209\pepflashplayer.dll[KERNEL32.dll!CreateNamedPipeW] [b704002c] ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----