GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-19 18:19:34 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000066 WDC_WD10 rev.01.0 931,51GB Running: hm65vzw6.exe; Driver: C:\Users\bartek\AppData\Local\Temp\pfwdipob.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077904c80 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007792d540 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007792d630 5 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007792d750 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007792d7b0 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007792d830 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007792d8d0 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007792dd80 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007792de10 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007792de80 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007792e340 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007792e390 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077984240 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077904c80 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007792d540 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007792d630 5 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007792d750 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007792d7b0 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007792d830 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007792d8d0 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007792dd80 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007792de10 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007792de80 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007792e340 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007792e390 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077984240 5 bytes JMP 0000000000020568 .text C:\Windows\system32\SearchIndexer.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077904c80 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\SearchIndexer.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007792d540 5 bytes JMP 0000000000020678 .text C:\Windows\system32\SearchIndexer.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007792d630 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\SearchIndexer.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007792d750 5 bytes JMP 0000000000020018 .text C:\Windows\system32\SearchIndexer.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007792d7b0 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\SearchIndexer.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007792d830 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\SearchIndexer.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007792d8d0 5 bytes JMP 0000000000020128 .text C:\Windows\system32\SearchIndexer.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007792dd80 5 bytes JMP 0000000000020238 .text C:\Windows\system32\SearchIndexer.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007792de10 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\SearchIndexer.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007792de80 5 bytes JMP 0000000000020348 .text C:\Windows\system32\SearchIndexer.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007792e340 5 bytes JMP 0000000000020458 .text C:\Windows\system32\SearchIndexer.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007792e390 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\SearchIndexer.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077984240 5 bytes JMP 0000000000020568 .text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077904c80 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007792d540 5 bytes JMP 0000000000020678 .text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007792d630 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007792d750 5 bytes JMP 0000000000020018 .text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007792d7b0 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007792d830 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007792d8d0 5 bytes JMP 0000000000020128 .text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007792dd80 5 bytes JMP 0000000000020238 .text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007792de10 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007792de80 5 bytes JMP 0000000000020348 .text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007792e340 5 bytes JMP 0000000000020458 .text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007792e390 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077984240 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077904c80 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007792d540 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007792d630 5 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007792d750 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007792d7b0 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007792d830 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007792d8d0 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007792dd80 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007792de10 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007792de80 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007792e340 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007792e390 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077984240 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077904c80 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007792d540 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007792d630 5 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007792d750 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007792d7b0 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007792d830 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007792d8d0 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007792dd80 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007792de10 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007792de80 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007792e340 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007792e390 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077984240 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077904c80 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007792d480 7 bytes [48, B8, FC, 0E, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007792d488 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007792d540 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007792d5f0 7 bytes [48, B8, 70, 0F, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007792d5f8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007792d610 7 bytes [48, B8, 1C, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007792d618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007792d620 7 bytes [48, B8, 20, 11, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007792d628 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007792d630 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007792d638 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007792d650 7 bytes [48, B8, 4C, 0E, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007792d658 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007792d6a0 7 bytes [48, B8, E0, 0F, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007792d6a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007792d6b0 7 bytes [48, B8, 58, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007792d6b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007792d6e0 7 bytes [48, B8, C4, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007792d6e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007792d750 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007792d780 7 bytes [48, B8, F8, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007792d788 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007792d7b0 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007792d830 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007792d8d0 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007792d900 7 bytes [48, B8, 50, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007792d908 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007792dd80 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007792de10 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007792de80 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007792e340 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007792e370 7 bytes [48, B8, 40, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007792e378 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007792e390 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007792e3c0 7 bytes [48, B8, F8, 12, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007792e3c8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007792e510 7 bytes [48, B8, 0C, 11, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007792e518 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077984240 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077904c80 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007792d480 7 bytes [48, B8, FC, 0E, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007792d488 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007792d540 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007792d5f0 7 bytes [48, B8, 70, 0F, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007792d5f8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007792d610 7 bytes [48, B8, 1C, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007792d618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007792d620 7 bytes [48, B8, 20, 11, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007792d628 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007792d630 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007792d638 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007792d650 7 bytes [48, B8, 4C, 0E, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007792d658 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007792d6a0 7 bytes [48, B8, E0, 0F, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007792d6a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007792d6b0 7 bytes [48, B8, 58, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007792d6b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007792d6e0 7 bytes [48, B8, C4, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007792d6e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007792d750 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007792d780 7 bytes [48, B8, F8, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007792d788 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007792d7b0 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007792d830 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007792d8d0 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007792d900 7 bytes [48, B8, 50, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007792d908 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007792dd80 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007792de10 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007792de80 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007792e340 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007792e370 7 bytes [48, B8, 40, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007792e378 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007792e390 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007792e3c0 7 bytes [48, B8, F8, 12, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007792e3c8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007792e510 7 bytes [48, B8, 0C, 11, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007792e518 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077984240 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077904c80 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007792d480 7 bytes [48, B8, FC, 0E, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007792d488 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007792d540 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007792d5f0 7 bytes [48, B8, 70, 0F, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007792d5f8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007792d610 7 bytes [48, B8, 1C, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007792d618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007792d620 7 bytes [48, B8, 20, 11, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007792d628 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007792d630 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007792d638 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007792d650 7 bytes [48, B8, 4C, 0E, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007792d658 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007792d6a0 7 bytes [48, B8, E0, 0F, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007792d6a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007792d6b0 7 bytes [48, B8, 58, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007792d6b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007792d6e0 7 bytes [48, B8, C4, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007792d6e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007792d750 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007792d780 7 bytes [48, B8, F8, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007792d788 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007792d7b0 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007792d830 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007792d8d0 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007792d900 7 bytes [48, B8, 50, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007792d908 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007792dd80 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007792de10 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007792de80 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007792e340 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007792e370 7 bytes [48, B8, 40, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007792e378 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007792e390 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007792e3c0 7 bytes [48, B8, F8, 12, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007792e3c8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007792e510 7 bytes [48, B8, 0C, 11, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007792e518 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077984240 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077904c80 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007792d480 7 bytes [48, B8, FC, 0E, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007792d488 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007792d540 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007792d5f0 7 bytes [48, B8, 70, 0F, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007792d5f8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007792d610 7 bytes [48, B8, 1C, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007792d618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007792d620 7 bytes [48, B8, 20, 11, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007792d628 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007792d630 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007792d638 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007792d650 7 bytes [48, B8, 4C, 0E, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007792d658 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007792d6a0 7 bytes [48, B8, E0, 0F, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007792d6a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007792d6b0 7 bytes [48, B8, 58, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007792d6b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007792d6e0 7 bytes [48, B8, C4, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007792d6e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007792d750 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007792d780 7 bytes [48, B8, F8, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007792d788 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007792d7b0 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007792d830 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007792d8d0 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007792d900 7 bytes [48, B8, 50, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007792d908 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007792dd80 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007792de10 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007792de80 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007792e340 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007792e370 7 bytes [48, B8, 40, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007792e378 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007792e390 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007792e3c0 7 bytes [48, B8, F8, 12, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007792e3c8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007792e510 7 bytes [48, B8, 0C, 11, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007792e518 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077984240 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077904c80 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007792d480 7 bytes [48, B8, FC, 0E, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007792d488 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007792d540 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007792d5f0 7 bytes [48, B8, 70, 0F, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007792d5f8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007792d610 7 bytes [48, B8, 1C, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007792d618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007792d620 7 bytes [48, B8, 20, 11, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007792d628 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007792d630 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007792d638 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007792d650 7 bytes [48, B8, 4C, 0E, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007792d658 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007792d6a0 7 bytes [48, B8, E0, 0F, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007792d6a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007792d6b0 7 bytes [48, B8, 58, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007792d6b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007792d6e0 7 bytes [48, B8, C4, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007792d6e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007792d750 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007792d780 7 bytes [48, B8, F8, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007792d788 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007792d7b0 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007792d830 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007792d8d0 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007792d900 7 bytes [48, B8, 50, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007792d908 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007792dd80 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007792de10 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007792de80 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007792e340 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007792e370 7 bytes [48, B8, 40, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007792e378 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007792e390 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007792e3c0 7 bytes [48, B8, F8, 12, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007792e3c8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007792e510 7 bytes [48, B8, 0C, 11, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007792e518 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077984240 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077904c80 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007792d480 7 bytes [48, B8, FC, 0E, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007792d488 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007792d540 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007792d5f0 7 bytes [48, B8, 70, 0F, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007792d5f8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007792d610 7 bytes [48, B8, 1C, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007792d618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007792d620 7 bytes [48, B8, 20, 11, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007792d628 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007792d630 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007792d638 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007792d650 7 bytes [48, B8, 4C, 0E, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007792d658 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007792d6a0 7 bytes [48, B8, E0, 0F, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007792d6a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007792d6b0 7 bytes [48, B8, 58, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007792d6b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007792d6e0 7 bytes [48, B8, C4, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007792d6e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007792d750 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007792d780 7 bytes [48, B8, F8, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007792d788 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007792d7b0 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007792d830 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007792d8d0 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007792d900 7 bytes [48, B8, 50, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007792d908 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007792dd80 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007792de10 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007792de80 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007792e340 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007792e370 7 bytes [48, B8, 40, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007792e378 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007792e390 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007792e3c0 7 bytes [48, B8, F8, 12, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007792e3c8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007792e510 7 bytes [48, B8, 0C, 11, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007792e518 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077984240 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077904c80 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007792d480 7 bytes [48, B8, FC, 0E, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007792d488 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007792d540 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007792d5f0 7 bytes [48, B8, 70, 0F, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007792d5f8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007792d610 7 bytes [48, B8, 1C, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007792d618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007792d620 7 bytes [48, B8, 20, 11, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007792d628 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007792d630 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007792d638 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007792d650 7 bytes [48, B8, 4C, 0E, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007792d658 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007792d6a0 7 bytes [48, B8, E0, 0F, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007792d6a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007792d6b0 7 bytes [48, B8, 58, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007792d6b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007792d6e0 7 bytes [48, B8, C4, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007792d6e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007792d750 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007792d780 7 bytes [48, B8, F8, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007792d788 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007792d7b0 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007792d830 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007792d8d0 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007792d900 7 bytes [48, B8, 50, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007792d908 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007792dd80 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007792de10 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007792de80 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007792e340 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007792e370 7 bytes [48, B8, 40, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007792e378 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007792e390 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007792e3c0 7 bytes [48, B8, F8, 12, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007792e3c8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007792e510 7 bytes [48, B8, 0C, 11, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007792e518 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077984240 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077904c80 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007792d480 7 bytes [48, B8, FC, 0E, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007792d488 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007792d540 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007792d5f0 7 bytes [48, B8, 70, 0F, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007792d5f8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007792d610 7 bytes [48, B8, 1C, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007792d618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007792d620 7 bytes [48, B8, 20, 11, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007792d628 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007792d630 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007792d638 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007792d650 7 bytes [48, B8, 4C, 0E, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007792d658 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007792d6a0 7 bytes [48, B8, E0, 0F, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007792d6a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007792d6b0 7 bytes [48, B8, 58, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007792d6b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007792d6e0 7 bytes [48, B8, C4, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007792d6e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007792d750 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007792d780 7 bytes [48, B8, F8, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007792d788 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007792d7b0 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007792d830 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007792d8d0 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007792d900 7 bytes [48, B8, 50, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007792d908 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007792dd80 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007792de10 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007792de80 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007792e340 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007792e370 7 bytes [48, B8, 40, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007792e378 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007792e390 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007792e3c0 7 bytes [48, B8, F8, 12, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007792e3c8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007792e510 7 bytes [48, B8, 0C, 11, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007792e518 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077984240 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077904c80 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007792d480 7 bytes [48, B8, FC, 0E, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007792d488 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007792d540 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007792d5f0 7 bytes [48, B8, 70, 0F, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007792d5f8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007792d610 7 bytes [48, B8, 1C, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007792d618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007792d620 7 bytes [48, B8, 20, 11, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007792d628 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007792d630 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007792d638 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007792d650 7 bytes [48, B8, 4C, 0E, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007792d658 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007792d6a0 7 bytes [48, B8, E0, 0F, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007792d6a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007792d6b0 7 bytes [48, B8, 58, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007792d6b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007792d6e0 7 bytes [48, B8, C4, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007792d6e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007792d750 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007792d780 7 bytes [48, B8, F8, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007792d788 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007792d7b0 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007792d830 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007792d8d0 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007792d900 7 bytes [48, B8, 50, 10, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007792d908 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007792dd80 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007792de10 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007792de80 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007792e340 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007792e370 7 bytes [48, B8, 40, 13, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007792e378 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007792e390 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007792e3c0 7 bytes [48, B8, F8, 12, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007792e3c8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007792e510 7 bytes [48, B8, 0C, 11, E9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007792e518 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077984240 5 bytes JMP 0000000000020568 .text C:\Windows\system32\wuauclt.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077904c80 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\wuauclt.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007792d540 5 bytes JMP 0000000000020678 .text C:\Windows\system32\wuauclt.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007792d630 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\wuauclt.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007792d750 5 bytes JMP 0000000000020018 .text C:\Windows\system32\wuauclt.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007792d7b0 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\wuauclt.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007792d830 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\wuauclt.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007792d8d0 5 bytes JMP 0000000000020128 .text C:\Windows\system32\wuauclt.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007792dd80 5 bytes JMP 0000000000020238 .text C:\Windows\system32\wuauclt.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007792de10 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\wuauclt.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007792de80 5 bytes JMP 0000000000020348 .text C:\Windows\system32\wuauclt.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007792e340 5 bytes JMP 0000000000020458 .text C:\Windows\system32\wuauclt.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007792e390 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\wuauclt.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077984240 5 bytes JMP 0000000000020568 .text C:\Windows\system32\taskeng.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077904c80 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\taskeng.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007792d540 5 bytes JMP 0000000000020678 .text C:\Windows\system32\taskeng.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007792d630 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\taskeng.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007792d750 5 bytes JMP 0000000000020018 .text C:\Windows\system32\taskeng.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007792d7b0 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\taskeng.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007792d830 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\taskeng.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007792d8d0 5 bytes JMP 0000000000020128 .text C:\Windows\system32\taskeng.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007792dd80 5 bytes JMP 0000000000020238 .text C:\Windows\system32\taskeng.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007792de10 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\taskeng.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007792de80 5 bytes JMP 0000000000020348 .text C:\Windows\system32\taskeng.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007792e340 5 bytes JMP 0000000000020458 .text C:\Windows\system32\taskeng.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007792e390 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\taskeng.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077984240 5 bytes JMP 0000000000020568 .text C:\Users\bartek\Desktop\GMER\hm65vzw6.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess 0000000077adfb78 5 bytes JMP 00000000739630e0 .text C:\Users\bartek\Desktop\GMER\hm65vzw6.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077adfcf0 5 bytes JMP 0000000073962360 .text C:\Users\bartek\Desktop\GMER\hm65vzw6.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077adfeb4 1 byte JMP 00000000739621f0 .text C:\Users\bartek\Desktop\GMER\hm65vzw6.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 2 0000000077adfeb6 3 bytes {JMP 0xfffffffffbe8233c} .text C:\Users\bartek\Desktop\GMER\hm65vzw6.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077adff48 5 bytes JMP 00000000739627a0 .text C:\Users\bartek\Desktop\GMER\hm65vzw6.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077ae0014 5 bytes JMP 0000000073962650 .text C:\Users\bartek\Desktop\GMER\hm65vzw6.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077ae0108 5 bytes JMP 0000000073962520 .text C:\Users\bartek\Desktop\GMER\hm65vzw6.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077ae083c 5 bytes JMP 00000000739628e0 .text C:\Users\bartek\Desktop\GMER\hm65vzw6.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077ae0914 5 bytes JMP 0000000073962b70 .text C:\Users\bartek\Desktop\GMER\hm65vzw6.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077ae09bc 5 bytes JMP 0000000073962e00 .text C:\Users\bartek\Desktop\GMER\hm65vzw6.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077ae1118 5 bytes JMP 0000000073962a30 .text C:\Users\bartek\Desktop\GMER\hm65vzw6.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077ae1190 5 bytes JMP 0000000073962cc0 .text C:\Users\bartek\Desktop\GMER\hm65vzw6.exe[4712] C:\Windows\SysWOW64\ntdll.dll!RtlQueryEnvironmentVariable 0000000077af921f 5 bytes JMP 0000000073962f80 .text C:\Users\bartek\Desktop\GMER\hm65vzw6.exe[4712] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077b80e9d 5 bytes JMP 0000000073962e90 ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88000e39e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88000e39c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88000e3a654] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88000e3aa50] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff88000e3a8ac] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee2dc6778] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee2dc6000] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee2dc6760] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee2dc69b4] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee1f79354] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee2dc6778] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee2dc6000] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee2dc6760] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee2dc69b4] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee1f79354] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee2dc6778] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee2dc6000] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee2dc6760] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee2dc69b4] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4268] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee1f79354] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee2dc6778] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee2dc6000] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee2dc6760] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee2dc69b4] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4676] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee1f79354] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee2dc6778] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee2dc6000] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee2dc6760] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee2dc69b4] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5296] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee1f79354] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee2dc6778] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee2dc6000] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee2dc6760] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee2dc69b4] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5380] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee1f79354] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee2dc6778] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee2dc6000] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee2dc6760] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee2dc69b4] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee1f79354] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee2dc6778] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee2dc6000] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee2dc6760] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee2dc69b4] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee1f79354] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5512] @ C:\Users\bartek\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.185\pepflashplayer.dll[KERNEL32.dll!CreateNamedPipeW] [777e002c] ---- Devices - GMER 2.2 ---- Device \FileSystem\Ntfs \Ntfs fffffa80076d62c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa80086812c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80086812c0 Device \Driver\amd_sata \Device\RaidPort0 fffffa8006ce82c0 Device \Driver\cdrom \Device\CdRom0 fffffa80082f82c0 Device \Driver\usbohci \Device\USBFDO-4 fffffa80086892c0 Device \Driver\usbohci \Device\USBPDO-2 fffffa80086892c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa80086892c0 Device \Driver\amd_sata \Device\00000066 fffffa8006ce82c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80086812c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa80086812c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80083bf2c0 Device \Driver\amd_sata \Device\00000067 fffffa8006ce82c0 Device \Driver\usbohci \Device\USBFDO-2 fffffa80086892c0 Device \Driver\amd_sata \Device\ScsiPort0 fffffa8006ce82c0 Device \Driver\usbohci \Device\USBPDO-4 fffffa80086892c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa80086892c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{4F824A17-8702-4BF8-9431-E3307FDC332B} fffffa80083bf2c0 ---- Trace I/O - GMER 2.2 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80076d22c0]<< sptd.sys amd_xata.sys >>UNKNOWN [0xfffffa8006ce82c0]<< storport.sys hal.dll amd_sata.sys fffffa8006ce82c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007df2060] fffffa8007df2060 Trace 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8007b896e0] fffffa8007b896e0 Trace \Driver\amd_xata[0xfffffa8007b71780] -> IRP_MJ_CREATE -> 0xfffffa80076d22c0 fffffa80076d22c0 Trace 5 amd_xata.sys[fffff88001065d00] -> nt!IofCallDriver -> \Device\00000066[0xfffffa8007b879c0] fffffa8007b879c0 Trace \Driver\amd_sata[0xfffffa8007b714c0] -> IRP_MJ_CREATE -> 0xfffffa8006ce82c0 fffffa8006ce82c0 ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\svchost.exe [1580:3524] 000007fef3020ea8 Thread C:\Windows\system32\svchost.exe [1580:3556] 000007fef3019db0 Thread C:\Windows\system32\svchost.exe [1580:3604] 000007fef301aa10 Thread C:\Windows\system32\svchost.exe [1580:3640] 000007fef3021c94 Thread C:\Windows\system32\svchost.exe [1580:3276] 000007fef13d5c24 Thread C:\Windows\system32\svchost.exe [1580:1484] 000007fef13deff0 Thread C:\Windows\system32\svchost.exe [1580:1444] 000007fef14b4f84 Thread C:\Windows\system32\svchost.exe [1580:4848] 000007fee64bd3c8 Thread C:\Windows\system32\svchost.exe [1580:4852] 000007fee64bd3c8 Thread C:\Windows\system32\svchost.exe [1580:4856] 000007fee64bd3c8 Thread C:\Windows\system32\svchost.exe [1580:4860] 000007fee64bd3c8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4724:4060] 000007fefab72af8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4724:4144] 000007fef3825124 ---- EOF - GMER 2.2 ----