GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-04-14 13:34:22 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3250310AS rev.3.AAC 232,88GB Running: 1x34sdio.exe; Driver: C:\Users\Nerfi\AppData\Local\Temp\pgddqpoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2324] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c42bdc 5 bytes JMP 0000000073a0c3d0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076621401 2 bytes JMP 76a3b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076621419 2 bytes JMP 76a3b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076621431 2 bytes JMP 76ab9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007662144a 2 bytes CALL 76a14885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766214dd 2 bytes JMP 76ab8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766214f5 2 bytes JMP 76ab8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007662150d 2 bytes JMP 76ab8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076621525 2 bytes JMP 76ab8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007662153d 2 bytes JMP 76a2fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076621555 2 bytes JMP 76a36907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007662156d 2 bytes JMP 76ab9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076621585 2 bytes JMP 76ab8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007662159d 2 bytes JMP 76ab88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766215b5 2 bytes JMP 76a2fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766215cd 2 bytes JMP 76a3b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766216b2 2 bytes JMP 76ab90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766216bd 2 bytes JMP 76ab8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076621401 2 bytes JMP 76a3b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[2372] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076621419 2 bytes JMP 76a3b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076621431 2 bytes JMP 76ab9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007662144a 2 bytes CALL 76a14885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[2372] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766214dd 2 bytes JMP 76ab8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766214f5 2 bytes JMP 76ab8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[2372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007662150d 2 bytes JMP 76ab8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076621525 2 bytes JMP 76ab8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007662153d 2 bytes JMP 76a2fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[2372] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076621555 2 bytes JMP 76a36907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007662156d 2 bytes JMP 76ab9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076621585 2 bytes JMP 76ab8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[2372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007662159d 2 bytes JMP 76ab88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766215b5 2 bytes JMP 76a2fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766215cd 2 bytes JMP 76a3b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766216b2 2 bytes JMP 76ab90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766216bd 2 bytes JMP 76ab8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\USER32.dll!SetClassLongPtrW 0000000076b15c34 7 bytes JMP 0000000076ae0000 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\USER32.dll!SetCursor 0000000076b1c850 8 bytes JMP 0000000076b00000 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\USER32.dll!SetClassLongPtrA 0000000076b8de00 7 bytes JMP 0000000076af0000 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d7be00 7 bytes [48, B8, 60, 0D, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076d7be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076d7bf70 7 bytes [48, B8, E0, 0D, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076d7bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d7bf90 7 bytes [48, B8, D0, 11, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d7bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076d7bfa0 7 bytes [48, B8, C0, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076d7bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d7bfb0 7 bytes [48, B8, 40, 0C, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d7bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d7bfd0 7 bytes [48, B8, B0, 0C, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d7bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076d7c020 7 bytes [48, B8, 50, 0E, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076d7c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076d7c030 7 bytes [48, B8, 20, 12, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076d7c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076d7c060 7 bytes [48, B8, 40, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076d7c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076d7c100 7 bytes [48, B8, 80, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076d7c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d7c280 7 bytes [48, B8, C0, 0E, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d7c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076d7ccf0 7 bytes [48, B8, 00, 12, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076d7ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d7cd40 7 bytes [48, B8, A0, 11, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076d7cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076d7ce90 7 bytes [48, B8, A0, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076d7ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d7be00 7 bytes [48, B8, 60, 0D, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076d7be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076d7bf70 7 bytes [48, B8, E0, 0D, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076d7bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d7bf90 7 bytes [48, B8, D0, 11, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d7bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076d7bfa0 7 bytes [48, B8, C0, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076d7bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d7bfb0 7 bytes [48, B8, 40, 0C, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d7bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d7bfd0 7 bytes [48, B8, B0, 0C, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d7bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076d7c020 7 bytes [48, B8, 50, 0E, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076d7c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076d7c030 7 bytes [48, B8, 20, 12, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076d7c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076d7c060 7 bytes [48, B8, 40, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076d7c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076d7c100 7 bytes [48, B8, 80, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076d7c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d7c280 7 bytes [48, B8, C0, 0E, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d7c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076d7ccf0 7 bytes [48, B8, 00, 12, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076d7ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d7cd40 7 bytes [48, B8, A0, 11, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076d7cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076d7ce90 7 bytes [48, B8, A0, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076d7ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d7be00 7 bytes [48, B8, 60, 0D, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076d7be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076d7bf70 7 bytes [48, B8, E0, 0D, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076d7bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d7bf90 7 bytes [48, B8, D0, 11, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d7bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076d7bfa0 7 bytes [48, B8, C0, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076d7bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d7bfb0 7 bytes [48, B8, 40, 0C, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d7bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d7bfd0 7 bytes [48, B8, B0, 0C, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d7bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076d7c020 7 bytes [48, B8, 50, 0E, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076d7c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076d7c030 7 bytes [48, B8, 20, 12, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076d7c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076d7c060 7 bytes [48, B8, 40, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076d7c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076d7c100 7 bytes [48, B8, 80, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076d7c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d7c280 7 bytes [48, B8, C0, 0E, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d7c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076d7ccf0 7 bytes [48, B8, 00, 12, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076d7ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d7cd40 7 bytes [48, B8, A0, 11, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076d7cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076d7ce90 7 bytes [48, B8, A0, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076d7ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d7be00 7 bytes [48, B8, 60, 0D, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076d7be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076d7bf70 7 bytes [48, B8, E0, 0D, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076d7bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d7bf90 7 bytes [48, B8, D0, 11, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d7bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076d7bfa0 7 bytes [48, B8, C0, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076d7bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d7bfb0 7 bytes [48, B8, 40, 0C, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d7bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d7bfd0 7 bytes [48, B8, B0, 0C, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d7bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076d7c020 7 bytes [48, B8, 50, 0E, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076d7c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076d7c030 7 bytes [48, B8, 20, 12, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076d7c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076d7c060 7 bytes [48, B8, 40, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076d7c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076d7c100 7 bytes [48, B8, 80, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076d7c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d7c280 7 bytes [48, B8, C0, 0E, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d7c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076d7ccf0 7 bytes [48, B8, 00, 12, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076d7ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d7cd40 7 bytes [48, B8, A0, 11, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076d7cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076d7ce90 7 bytes [48, B8, A0, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076d7ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d7be00 7 bytes [48, B8, 60, 0D, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076d7be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076d7bf70 7 bytes [48, B8, E0, 0D, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076d7bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d7bf90 7 bytes [48, B8, D0, 11, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d7bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076d7bfa0 7 bytes [48, B8, C0, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076d7bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d7bfb0 7 bytes [48, B8, 40, 0C, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d7bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d7bfd0 7 bytes [48, B8, B0, 0C, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d7bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076d7c020 7 bytes [48, B8, 50, 0E, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076d7c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076d7c030 7 bytes [48, B8, 20, 12, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076d7c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076d7c060 7 bytes [48, B8, 40, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076d7c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076d7c100 7 bytes [48, B8, 80, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076d7c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d7c280 7 bytes [48, B8, C0, 0E, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d7c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076d7ccf0 7 bytes [48, B8, 00, 12, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076d7ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d7cd40 7 bytes [48, B8, A0, 11, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076d7cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076d7ce90 7 bytes [48, B8, A0, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076d7ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d7be00 7 bytes [48, B8, 60, 0D, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076d7be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076d7bf70 7 bytes [48, B8, E0, 0D, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076d7bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d7bf90 7 bytes [48, B8, D0, 11, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d7bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076d7bfa0 7 bytes [48, B8, C0, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076d7bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d7bfb0 7 bytes [48, B8, 40, 0C, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d7bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d7bfd0 7 bytes [48, B8, B0, 0C, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d7bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076d7c020 7 bytes [48, B8, 50, 0E, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076d7c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076d7c030 7 bytes [48, B8, 20, 12, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076d7c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076d7c060 7 bytes [48, B8, 40, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076d7c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076d7c100 7 bytes [48, B8, 80, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076d7c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d7c280 7 bytes [48, B8, C0, 0E, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d7c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076d7ccf0 7 bytes [48, B8, 00, 12, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076d7ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d7cd40 7 bytes [48, B8, A0, 11, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076d7cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076d7ce90 7 bytes [48, B8, A0, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076d7ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d7be00 7 bytes [48, B8, 60, 0D, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076d7be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076d7bf70 7 bytes [48, B8, E0, 0D, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076d7bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d7bf90 7 bytes [48, B8, D0, 11, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d7bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076d7bfa0 7 bytes [48, B8, C0, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076d7bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d7bfb0 7 bytes [48, B8, 40, 0C, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d7bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d7bfd0 7 bytes [48, B8, B0, 0C, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d7bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076d7c020 7 bytes [48, B8, 50, 0E, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076d7c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076d7c030 7 bytes [48, B8, 20, 12, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076d7c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076d7c060 7 bytes [48, B8, 40, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076d7c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076d7c100 7 bytes [48, B8, 80, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076d7c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d7c280 7 bytes [48, B8, C0, 0E, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d7c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076d7ccf0 7 bytes [48, B8, 00, 12, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076d7ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d7cd40 7 bytes [48, B8, A0, 11, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076d7cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076d7ce90 7 bytes [48, B8, A0, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076d7ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d7be00 7 bytes [48, B8, 60, 0D, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076d7be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076d7bf70 7 bytes [48, B8, E0, 0D, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076d7bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d7bf90 7 bytes [48, B8, D0, 11, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d7bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076d7bfa0 7 bytes [48, B8, C0, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076d7bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d7bfb0 7 bytes [48, B8, 40, 0C, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d7bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d7bfd0 7 bytes [48, B8, B0, 0C, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d7bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076d7c020 7 bytes [48, B8, 50, 0E, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076d7c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076d7c030 7 bytes [48, B8, 20, 12, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076d7c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076d7c060 7 bytes [48, B8, 40, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076d7c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076d7c100 7 bytes [48, B8, 80, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076d7c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d7c280 7 bytes [48, B8, C0, 0E, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d7c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076d7ccf0 7 bytes [48, B8, 00, 12, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076d7ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d7cd40 7 bytes [48, B8, A0, 11, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076d7cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076d7ce90 7 bytes [48, B8, A0, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076d7ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076621401 2 bytes JMP 76a3b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1464] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076621419 2 bytes JMP 76a3b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076621431 2 bytes JMP 76ab9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007662144a 2 bytes CALL 76a14885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1464] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766214dd 2 bytes JMP 76ab8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766214f5 2 bytes JMP 76ab8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007662150d 2 bytes JMP 76ab8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076621525 2 bytes JMP 76ab8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007662153d 2 bytes JMP 76a2fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1464] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076621555 2 bytes JMP 76a36907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007662156d 2 bytes JMP 76ab9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076621585 2 bytes JMP 76ab8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007662159d 2 bytes JMP 76ab88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766215b5 2 bytes JMP 76a2fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766215cd 2 bytes JMP 76a3b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766216b2 2 bytes JMP 76ab90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766216bd 2 bytes JMP 76ab8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d7be00 7 bytes [48, B8, 60, 0D, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076d7be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076d7bf70 7 bytes [48, B8, E0, 0D, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076d7bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d7bf90 7 bytes [48, B8, D0, 11, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d7bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076d7bfa0 7 bytes [48, B8, C0, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076d7bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d7bfb0 7 bytes [48, B8, 40, 0C, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d7bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d7bfd0 7 bytes [48, B8, B0, 0C, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d7bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076d7c020 7 bytes [48, B8, 50, 0E, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076d7c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076d7c030 7 bytes [48, B8, 20, 12, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076d7c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076d7c060 7 bytes [48, B8, 40, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076d7c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076d7c100 7 bytes [48, B8, 80, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076d7c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d7c280 7 bytes [48, B8, C0, 0E, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d7c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076d7ccf0 7 bytes [48, B8, 00, 12, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076d7ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d7cd40 7 bytes [48, B8, A0, 11, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076d7cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076d7ce90 7 bytes [48, B8, A0, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076d7ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d7be00 7 bytes [48, B8, 60, 0D, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076d7be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076d7bf70 7 bytes [48, B8, E0, 0D, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076d7bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d7bf90 7 bytes [48, B8, D0, 11, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d7bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076d7bfa0 7 bytes [48, B8, C0, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076d7bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d7bfb0 7 bytes [48, B8, 40, 0C, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d7bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d7bfd0 7 bytes [48, B8, B0, 0C, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d7bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076d7c020 7 bytes [48, B8, 50, 0E, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076d7c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076d7c030 7 bytes [48, B8, 20, 12, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076d7c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076d7c060 7 bytes [48, B8, 40, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076d7c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076d7c100 7 bytes [48, B8, 80, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076d7c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d7c280 7 bytes [48, B8, C0, 0E, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d7c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076d7ccf0 7 bytes [48, B8, 00, 12, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076d7ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d7cd40 7 bytes [48, B8, A0, 11, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076d7cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076d7ce90 7 bytes [48, B8, A0, 0F, B7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076d7ce98 6 bytes {ADD [RAX], AL; JMP RAX} ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee2c4e9c0] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee2c4e23c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee2c4e9a8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee2c4ec08] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee1d8bd5c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee2c4e9c0] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee2c4e23c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee2c4e9a8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee2c4ec08] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4592] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee1d8bd5c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee2c4e9c0] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee2c4e23c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee2c4e9a8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee2c4ec08] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee1d8bd5c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee2c4e9c0] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee2c4e23c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee2c4e9a8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee2c4ec08] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee1d8bd5c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee2c4e9c0] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee2c4e23c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee2c4e9a8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee2c4ec08] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4640] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee1d8bd5c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee2c4e9c0] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee2c4e23c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee2c4e9a8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee2c4ec08] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4648] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee1d8bd5c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee2c4e9c0] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee2c4e23c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee2c4e9a8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee2c4ec08] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee1d8bd5c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee2c4e9c0] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee2c4e23c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee2c4e9a8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee2c4ec08] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2220] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee1d8bd5c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\System32\svchost.exe [3744:5084] 000007fee9739688 ---- Files - GMER 2.2 ---- File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\25DE.tmp 28134 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\25DF.tmp 28134 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\25E0.tmp 28134 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\25E1.tmp 28134 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\25E2.tmp 28134 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\25E3.tmp 28134 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\25E4.tmp 28134 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\25E5.tmp 28134 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\25E6.tmp 0 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\25E7.tmp 28134 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\25E8.tmp 28134 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\25E9.tmp 28134 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\25FA.tmp 28134 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\25FB.tmp 28134 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\25FC.tmp 28134 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\25FD.tmp 0 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\25FE.tmp 28134 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\25FF.tmp 28134 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\2600.tmp 0 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\2601.tmp 28134 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\2602.tmp 28134 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\2603.tmp 28134 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\2604.tmp 28134 bytes File C:\Users\Nerfi\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\2605.tmp 28134 bytes ---- EOF - GMER 2.2 ----