GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-04 16:19:41 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9SA00 rev.FB4OC43C 298,09GB Running: xz32g78k.exe; Driver: C:\Users\Paulina\AppData\Local\Temp\uxldapod.sys ---- System - GMER 2.1 ---- SSDT 86478184 ZwCreateKey SSDT 8647D1AC ZwCreateMutant SSDT 8647830C ZwCreateProcess SSDT 864782D4 ZwCreateProcessEx SSDT 8647D174 ZwCreateSymbolicLinkObject SSDT 8647D254 ZwCreateThread SSDT 8647D21C ZwCreateThreadEx SSDT 8647829C ZwCreateUserProcess SSDT 86478114 ZwDeleteKey SSDT 8647D00C ZwDeleteValueKey SSDT 8647D13C ZwDuplicateObject SSDT 8647D1E4 ZwLoadDriver SSDT 86478264 ZwOpenProcess SSDT 8647D34C ZwOpenSection SSDT 8647822C ZwOpenThread SSDT 864780DC ZwRenameKey SSDT 864780A4 ZwRestoreKey SSDT 8647D104 ZwSetSystemInformation SSDT 8647814C ZwSetValueKey SSDT 864781F4 ZwTerminateProcess SSDT 864781BC ZwTerminateThread SSDT 8647D28C ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E52A09 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E8C1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 82E93314 4 Bytes [84, 81, 47, 86] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82E93324 4 Bytes [AC, D1, 47, 86] {LODSB ; ROL DWORD [EDI-0x7a], 0x1} .text ntkrnlpa.exe!KeRemoveQueueEx + 11E3 82E93338 8 Bytes [0C, 83, 47, 86, D4, 82, 47, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 82E93354 12 Bytes [74, D1, 47, 86, 54, D2, 47, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 121B 82E93370 4 Bytes [9C, 82, 47, 86] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91821000, 0x2D5378, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, 98, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtMapViewOfSection + 6 77145C2E 4 Bytes [28, 9B, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, 98, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [A8, 99, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [A8, 9A, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [68, 99, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [68, 9A, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, 98, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, 99, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtSetInformationThread + 6 7714669E 4 Bytes [28, 9A, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [68, 9B, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[668] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, 84, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtMapViewOfSection + 6 77145C2E 4 Bytes [28, 87, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, 84, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [A8, 85, 1C, 00] {TEST AL, 0x85; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [A8, 86, 1C, 00] {TEST AL, 0x86; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [68, 85, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [68, 86, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, 84, 1C, 00] {TEST AL, 0x84; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, 85, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationThread + 6 7714669E 4 Bytes [28, 86, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [68, 87, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, D4, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtMapViewOfSection + 6 77145C2E 4 Bytes [28, D7, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, D4, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [A8, D5, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [A8, D6, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [68, D5, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [68, D6, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, D4, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, D5, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtSetInformationThread + 6 7714669E 4 Bytes [28, D6, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [68, D7, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, 78, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtMapViewOfSection + 6 77145C2E 4 Bytes [28, 7B, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, 78, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [A8, 79, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [A8, 7A, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [68, 79, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [68, 7A, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, 78, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, 79, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtSetInformationThread + 6 7714669E 4 Bytes [28, 7A, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [68, 7B, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4352] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, 28, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtMapViewOfSection + 6 77145C2E 4 Bytes [28, 2B, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, 28, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [A8, 29, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [A8, 2A, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [68, 29, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [68, 2A, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, 28, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, 29, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtSetInformationThread + 6 7714669E 4 Bytes [28, 2A, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [68, 2B, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4400] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, 68, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtMapViewOfSection + 6 77145C2E 4 Bytes [28, 6B, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, 68, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [A8, 69, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [A8, 6A, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [68, 69, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [68, 6A, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, 68, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, 69, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtSetInformationThread + 6 7714669E 4 Bytes [28, 6A, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [68, 6B, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, 3C, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtMapViewOfSection + 6 77145C2E 4 Bytes [28, 3F, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, 3C, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [A8, 3D, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [A8, 3E, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [68, 3D, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [68, 3E, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, 3C, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, 3D, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtSetInformationThread + 6 7714669E 4 Bytes [28, 3E, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [68, 3F, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, 5C, 20, 00] {SUB [EAX+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtMapViewOfSection + 6 77145C2E 4 Bytes [28, 5F, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, 5C, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [A8, 5D, 20, 00] {TEST AL, 0x5d; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [A8, 5E, 20, 00] {TEST AL, 0x5e; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [68, 5D, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [68, 5E, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, 5C, 20, 00] {TEST AL, 0x5c; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, 5D, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtSetInformationThread + 6 7714669E 4 Bytes [28, 5E, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [68, 5F, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5144] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, 20, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtMapViewOfSection + 6 77145C2E 4 Bytes [28, 23, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, 20, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [A8, 21, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [A8, 22, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [68, 21, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [68, 22, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, 20, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, 21, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtSetInformationThread + 6 7714669E 4 Bytes [28, 22, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [68, 23, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, 34, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtMapViewOfSection + 6 77145C2E 4 Bytes [28, 37, 34, 00] {SUB [EDI], DH; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, 34, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [A8, 35, 34, 00] {TEST AL, 0x35; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [A8, 36, 34, 00] {TEST AL, 0x36; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [68, 35, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [68, 36, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, 34, 34, 00] {TEST AL, 0x34; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, 35, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtSetInformationThread + 6 7714669E 4 Bytes [28, 36, 34, 00] {SUB [ESI], DH; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [68, 37, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5248] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, 1C, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtMapViewOfSection + 6 77145C2E 4 Bytes [28, 1F, D5, 00] {SUB [EDI], BL; AAD 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, 1C, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [A8, 1D, D5, 00] {TEST AL, 0x1d; AAD 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [A8, 1E, D5, 00] {TEST AL, 0x1e; AAD 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [68, 1D, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [68, 1E, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, 1C, D5, 00] {TEST AL, 0x1c; AAD 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, 1D, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtSetInformationThread + 6 7714669E 4 Bytes [28, 1E, D5, 00] {SUB [ESI], BL; AAD 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [68, 1F, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5300] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, D8, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtMapViewOfSection + 6 77145C2E 4 Bytes [28, DB, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, D8, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [A8, D9, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [A8, DA, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [68, D9, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [68, DA, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, D8, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, D9, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtSetInformationThread + 6 7714669E 4 Bytes [28, DA, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [68, DB, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5352] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, C0, 32, 00] {SUB AL, AL; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtMapViewOfSection + 6 77145C2E 4 Bytes [28, C3, 32, 00] {SUB BL, AL; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, C0, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [A8, C1, 32, 00] {TEST AL, 0xc1; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [A8, C2, 32, 00] {TEST AL, 0xc2; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [68, C1, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [68, C2, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, C0, 32, 00] {TEST AL, 0xc0; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, C1, 32, 00] {SUB CL, AL; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtSetInformationThread + 6 7714669E 4 Bytes [28, C2, 32, 00] {SUB DL, AL; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [68, C3, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, 18, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtMapViewOfSection + 6 77145C2E 4 Bytes [28, 1B, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, 18, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [A8, 19, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [A8, 1A, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [68, 19, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [68, 1A, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, 18, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, 19, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtSetInformationThread + 6 7714669E 4 Bytes [28, 1A, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [68, 1B, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, 18, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtMapViewOfSection + 6 77145C2E 4 Bytes [28, 1B, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, 18, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [A8, 19, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [A8, 1A, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [68, 19, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [68, 1A, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, 18, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, 19, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtSetInformationThread + 6 7714669E 4 Bytes [28, 1A, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [68, 1B, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, A0, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtMapViewOfSection + 6 77145C2E 4 Bytes [28, A3, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, A0, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [A8, A1, 84, 00] {TEST AL, 0xa1; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [A8, A2, 84, 00] {TEST AL, 0xa2; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [68, A1, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [68, A2, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, A0, 84, 00] {TEST AL, 0xa0; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, A1, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtSetInformationThread + 6 7714669E 4 Bytes [28, A2, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [68, A3, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, 30, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtMapViewOfSection + 6 77145C2E 4 Bytes [28, 33, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, 30, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [A8, 31, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [A8, 32, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [68, 31, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [68, 32, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, 30, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, 31, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtSetInformationThread + 6 7714669E 4 Bytes [28, 32, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [68, 33, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, 68, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtMapViewOfSection + 6 77145C2E 4 Bytes [28, 6B, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, 68, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [A8, 69, 13, 00] {TEST AL, 0x69; ADC EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [A8, 6A, 13, 00] {TEST AL, 0x6a; ADC EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [68, 69, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [68, 6A, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, 68, 13, 00] {TEST AL, 0x68; ADC EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, 69, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationThread + 6 7714669E 4 Bytes [28, 6A, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [68, 6B, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, 38, 53, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtMapViewOfSection + 6 77145C2E 4 Bytes [28, 3B, 53, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, 38, 53, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [A8, 39, 53, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [A8, 3A, 53, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [68, 39, 53, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [68, 3A, 53, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, 38, 53, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, 39, 53, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtSetInformationThread + 6 7714669E 4 Bytes [28, 3A, 53, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [68, 3B, 53, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, 90, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtMapViewOfSection + 6 77145C2E 4 Bytes [28, 93, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, 90, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [A8, 91, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [A8, 92, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [68, 91, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [68, 92, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, 90, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, 91, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtSetInformationThread + 6 7714669E 4 Bytes [28, 92, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [68, 93, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5920] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, 9C, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtMapViewOfSection + 6 77145C2E 4 Bytes [28, 9F, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, 9C, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [A8, 9D, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [A8, 9E, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [68, 9D, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [68, 9E, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, 9C, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, 9D, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtSetInformationThread + 6 7714669E 4 Bytes [28, 9E, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [68, 9F, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [72F524CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [72F3562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [72F356EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [72F52546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [72F485AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [72F44D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [72F45105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [72F451DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [72F46707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [72F48301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [72F48850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [72F490B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [72F4E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [72F44C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE7 0x2C 0x76 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE7 0x2C 0x76 0x80 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... ---- EOF - GMER 2.1 ----