GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-23 16:42:58 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BBFO 232,89GB Running: o0zew1m0.exe; Driver: C:\Users\Matt\AppData\Local\Temp\pxldypow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0x96F6E7F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0x96F6E8B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0x96F6E870] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0x96F6E830] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 221 884E49A4 4 Bytes [F0, E7, F6, 96] {OUT 0xf6, EAX; XCHG ESI, EAX} .text ntkrnlpa.exe!KeSetEvent + 37D 884E4B00 4 Bytes CALL D9A4E1FB .text ntkrnlpa.exe!KeSetEvent + 5DD 884E4D60 4 Bytes CALL A8EFE45B .text ntkrnlpa.exe!KeSetEvent + 619 884E4D9C 4 Bytes CALL 96B4E497 ? C:\Windows\System32\Drivers\dfsc.sys suspicious PE modification ---- User code sections - GMER 2.1 ---- .text C:\Windows\System32\svchost.exe[1288] USER32.dll!GetCursorPos 76CF0B88 5 Bytes JMP 008F000A .text C:\Windows\System32\svchost.exe[1288] USER32.dll!DialogBoxIndirectParamAorW 76D02EB6 5 Bytes JMP 0090000A .text C:\Windows\System32\svchost.exe[1288] ole32.dll!CoCreateInstance 77269F3E 5 Bytes JMP 008E000A .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtCreateFile + 6 7749424A 4 Bytes [28, AC, 64, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtCreateFile + B 7749424F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtMapViewOfSection + 6 7749499A 4 Bytes [28, AF, 64, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtMapViewOfSection + B 7749499F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtOpenFile + 6 77494A2A 4 Bytes [68, AC, 64, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtOpenFile + B 77494A2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtOpenProcess + 6 77494AAA 4 Bytes [A8, AD, 64, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtOpenProcess + B 77494AAF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtOpenProcessToken + 6 77494ABA 4 Bytes CALL 7649AF6C C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtOpenProcessToken + B 77494ABF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtOpenProcessTokenEx + 6 77494ACA 4 Bytes [A8, AE, 64, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtOpenProcessTokenEx + B 77494ACF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtOpenThread + 6 77494B1A 4 Bytes [68, AD, 64, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtOpenThread + B 77494B1F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtOpenThreadToken + 6 77494B2A 4 Bytes [68, AE, 64, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtOpenThreadToken + B 77494B2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtOpenThreadTokenEx + 6 77494B3A 4 Bytes CALL 7649AFED C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtOpenThreadTokenEx + B 77494B3F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtQueryAttributesFile + 6 77494BCA 4 Bytes [A8, AC, 64, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtQueryAttributesFile + B 77494BCF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtQueryFullAttributesFile + 6 77494C7A 4 Bytes CALL 7649B12B C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtQueryFullAttributesFile + B 77494C7F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtSetInformationFile + 6 7749515A 4 Bytes [28, AD, 64, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtSetInformationFile + B 7749515F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtSetInformationThread + 6 774951AA 4 Bytes [28, AE, 64, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtSetInformationThread + B 774951AF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtUnmapViewOfSection + 6 7749544A 4 Bytes [68, AF, 64, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[1932] ntdll.dll!NtUnmapViewOfSection + B 7749544F 1 Byte [E2] .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1996] kernel32.dll!SetUnhandledExceptionFilter 7702A8C5 4 Bytes [C2, 04, 00, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtCreateFile + 6 7749424A 4 Bytes [28, 68, 1E, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtCreateFile + B 7749424F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtMapViewOfSection + 6 7749499A 4 Bytes [28, 6B, 1E, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtMapViewOfSection + B 7749499F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtOpenFile + 6 77494A2A 4 Bytes [68, 68, 1E, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtOpenFile + B 77494A2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtOpenProcess + 6 77494AAA 4 Bytes [A8, 69, 1E, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtOpenProcess + B 77494AAF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtOpenProcessToken + 6 77494ABA 4 Bytes CALL 76496928 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtOpenProcessToken + B 77494ABF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtOpenProcessTokenEx + 6 77494ACA 4 Bytes [A8, 6A, 1E, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtOpenProcessTokenEx + B 77494ACF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtOpenThread + 6 77494B1A 4 Bytes [68, 69, 1E, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtOpenThread + B 77494B1F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtOpenThreadToken + 6 77494B2A 4 Bytes [68, 6A, 1E, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtOpenThreadToken + B 77494B2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtOpenThreadTokenEx + 6 77494B3A 4 Bytes CALL 764969A9 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtOpenThreadTokenEx + B 77494B3F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtQueryAttributesFile + 6 77494BCA 4 Bytes [A8, 68, 1E, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtQueryAttributesFile + B 77494BCF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtQueryFullAttributesFile + 6 77494C7A 4 Bytes CALL 76496AE7 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtQueryFullAttributesFile + B 77494C7F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtSetInformationFile + 6 7749515A 4 Bytes [28, 69, 1E, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtSetInformationFile + B 7749515F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtSetInformationThread + 6 774951AA 4 Bytes [28, 6A, 1E, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtSetInformationThread + B 774951AF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtUnmapViewOfSection + 6 7749544A 4 Bytes [68, 6B, 1E, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[2208] ntdll.dll!NtUnmapViewOfSection + B 7749544F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtCreateFile + 6 7749424A 4 Bytes [28, 84, 7F, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtCreateFile + B 7749424F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtMapViewOfSection + 6 7749499A 4 Bytes [28, 87, 7F, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtMapViewOfSection + B 7749499F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenFile + 6 77494A2A 4 Bytes [68, 84, 7F, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenFile + B 77494A2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenProcess + 6 77494AAA 4 Bytes [A8, 85, 7F, 00] {TEST AL, 0x85; JG 0x4} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenProcess + B 77494AAF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenProcessToken + 6 77494ABA 4 Bytes CALL 7649CA44 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenProcessToken + B 77494ABF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenProcessTokenEx + 6 77494ACA 4 Bytes [A8, 86, 7F, 00] {TEST AL, 0x86; JG 0x4} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenProcessTokenEx + B 77494ACF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenThread + 6 77494B1A 4 Bytes [68, 85, 7F, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenThread + B 77494B1F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenThreadToken + 6 77494B2A 4 Bytes [68, 86, 7F, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenThreadToken + B 77494B2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenThreadTokenEx + 6 77494B3A 4 Bytes CALL 7649CAC5 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenThreadTokenEx + B 77494B3F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtQueryAttributesFile + 6 77494BCA 4 Bytes [A8, 84, 7F, 00] {TEST AL, 0x84; JG 0x4} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtQueryAttributesFile + B 77494BCF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtQueryFullAttributesFile + 6 77494C7A 4 Bytes CALL 7649CC03 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtQueryFullAttributesFile + B 77494C7F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtSetInformationFile + 6 7749515A 4 Bytes [28, 85, 7F, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtSetInformationFile + B 7749515F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtSetInformationThread + 6 774951AA 4 Bytes [28, 86, 7F, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtSetInformationThread + B 774951AF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtUnmapViewOfSection + 6 7749544A 4 Bytes [68, 87, 7F, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtUnmapViewOfSection + B 7749544F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtCreateFile + 6 7749424A 4 Bytes [28, F0, D1, 00] {SUB AL, DH; ROL DWORD [EAX], 0x1} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtCreateFile + B 7749424F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtMapViewOfSection + 6 7749499A 4 Bytes [28, F3, D1, 00] {SUB BL, DH; ROL DWORD [EAX], 0x1} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtMapViewOfSection + B 7749499F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtOpenFile + 6 77494A2A 4 Bytes [68, F0, D1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtOpenFile + B 77494A2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtOpenProcess + 6 77494AAA 4 Bytes [A8, F1, D1, 00] {TEST AL, 0xf1; ROL DWORD [EAX], 0x1} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtOpenProcess + B 77494AAF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtOpenProcessToken + 6 77494ABA 4 Bytes CALL 764A1CB0 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtOpenProcessToken + B 77494ABF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtOpenProcessTokenEx + 6 77494ACA 4 Bytes [A8, F2, D1, 00] {TEST AL, 0xf2; ROL DWORD [EAX], 0x1} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtOpenProcessTokenEx + B 77494ACF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtOpenThread + 6 77494B1A 4 Bytes [68, F1, D1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtOpenThread + B 77494B1F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtOpenThreadToken + 6 77494B2A 4 Bytes [68, F2, D1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtOpenThreadToken + B 77494B2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtOpenThreadTokenEx + 6 77494B3A 4 Bytes CALL 764A1D31 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtOpenThreadTokenEx + B 77494B3F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtQueryAttributesFile + 6 77494BCA 4 Bytes [A8, F0, D1, 00] {TEST AL, 0xf0; ROL DWORD [EAX], 0x1} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtQueryAttributesFile + B 77494BCF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtQueryFullAttributesFile + 6 77494C7A 4 Bytes CALL 764A1E6F C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtQueryFullAttributesFile + B 77494C7F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtSetInformationFile + 6 7749515A 4 Bytes [28, F1, D1, 00] {SUB CL, DH; ROL DWORD [EAX], 0x1} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtSetInformationFile + B 7749515F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtSetInformationThread + 6 774951AA 4 Bytes [28, F2, D1, 00] {SUB DL, DH; ROL DWORD [EAX], 0x1} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtSetInformationThread + B 774951AF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtUnmapViewOfSection + 6 7749544A 4 Bytes [68, F3, D1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3360] ntdll.dll!NtUnmapViewOfSection + B 7749544F 1 Byte [E2] .text C:\Windows\Explorer.EXE[4076] SHELL32.dll!SHFileOperationW 75B368E8 5 Bytes JMP 03B81102 C:\Program Files\Unlocker\UnlockerHook.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtCreateFile + 6 7749424A 4 Bytes [28, 78, 20, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtCreateFile + B 7749424F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtMapViewOfSection + 6 7749499A 4 Bytes [28, 7B, 20, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtMapViewOfSection + B 7749499F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenFile + 6 77494A2A 4 Bytes [68, 78, 20, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenFile + B 77494A2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenProcess + 6 77494AAA 4 Bytes [A8, 79, 20, 00] {TEST AL, 0x79; AND [EAX], AL} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenProcess + B 77494AAF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenProcessToken + 6 77494ABA 4 Bytes CALL 76496B38 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenProcessToken + B 77494ABF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenProcessTokenEx + 6 77494ACA 4 Bytes [A8, 7A, 20, 00] {TEST AL, 0x7a; AND [EAX], AL} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenProcessTokenEx + B 77494ACF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenThread + 6 77494B1A 4 Bytes [68, 79, 20, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenThread + B 77494B1F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenThreadToken + 6 77494B2A 4 Bytes [68, 7A, 20, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenThreadToken + B 77494B2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenThreadTokenEx + 6 77494B3A 4 Bytes CALL 76496BB9 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenThreadTokenEx + B 77494B3F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtQueryAttributesFile + 6 77494BCA 4 Bytes [A8, 78, 20, 00] {TEST AL, 0x78; AND [EAX], AL} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtQueryAttributesFile + B 77494BCF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtQueryFullAttributesFile + 6 77494C7A 4 Bytes CALL 76496CF7 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtQueryFullAttributesFile + B 77494C7F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtSetInformationFile + 6 7749515A 4 Bytes [28, 79, 20, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtSetInformationFile + B 7749515F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtSetInformationThread + 6 774951AA 4 Bytes [28, 7A, 20, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtSetInformationThread + B 774951AF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtUnmapViewOfSection + 6 7749544A 4 Bytes [68, 7B, 20, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtUnmapViewOfSection + B 7749544F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtCreateFile + 6 7749424A 4 Bytes [28, A4, A1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtCreateFile + B 7749424F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtMapViewOfSection + 6 7749499A 4 Bytes [28, A7, A1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtMapViewOfSection + B 7749499F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenFile + 6 77494A2A 4 Bytes [68, A4, A1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenFile + B 77494A2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcess + 6 77494AAA 4 Bytes [A8, A5, A1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcess + B 77494AAF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcessToken + 6 77494ABA 4 Bytes CALL 7649EC64 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcessToken + B 77494ABF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcessTokenEx + 6 77494ACA 4 Bytes [A8, A6, A1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcessTokenEx + B 77494ACF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThread + 6 77494B1A 4 Bytes [68, A5, A1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThread + B 77494B1F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThreadToken + 6 77494B2A 4 Bytes [68, A6, A1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThreadToken + B 77494B2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThreadTokenEx + 6 77494B3A 4 Bytes CALL 7649ECE5 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThreadTokenEx + B 77494B3F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtQueryAttributesFile + 6 77494BCA 4 Bytes [A8, A4, A1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtQueryAttributesFile + B 77494BCF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtQueryFullAttributesFile + 6 77494C7A 4 Bytes CALL 7649EE23 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtQueryFullAttributesFile + B 77494C7F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtSetInformationFile + 6 7749515A 4 Bytes [28, A5, A1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtSetInformationFile + B 7749515F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtSetInformationThread + 6 774951AA 4 Bytes [28, A6, A1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtSetInformationThread + B 774951AF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtUnmapViewOfSection + 6 7749544A 4 Bytes [68, A7, A1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtUnmapViewOfSection + B 7749544F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtCreateFile + 6 7749424A 4 Bytes [28, 50, 9D, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtCreateFile + B 7749424F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtMapViewOfSection + 6 7749499A 4 Bytes [28, 53, 9D, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtMapViewOfSection + B 7749499F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenFile + 6 77494A2A 4 Bytes [68, 50, 9D, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenFile + B 77494A2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenProcess + 6 77494AAA 4 Bytes [A8, 51, 9D, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenProcess + B 77494AAF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenProcessToken + 6 77494ABA 4 Bytes CALL 7649E810 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenProcessToken + B 77494ABF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenProcessTokenEx + 6 77494ACA 4 Bytes [A8, 52, 9D, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenProcessTokenEx + B 77494ACF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenThread + 6 77494B1A 4 Bytes [68, 51, 9D, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenThread + B 77494B1F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenThreadToken + 6 77494B2A 4 Bytes [68, 52, 9D, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenThreadToken + B 77494B2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenThreadTokenEx + 6 77494B3A 4 Bytes CALL 7649E891 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenThreadTokenEx + B 77494B3F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtQueryAttributesFile + 6 77494BCA 4 Bytes [A8, 50, 9D, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtQueryAttributesFile + B 77494BCF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtQueryFullAttributesFile + 6 77494C7A 4 Bytes CALL 7649E9CF C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtQueryFullAttributesFile + B 77494C7F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtSetInformationFile + 6 7749515A 4 Bytes [28, 51, 9D, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtSetInformationFile + B 7749515F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtSetInformationThread + 6 774951AA 4 Bytes [28, 52, 9D, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtSetInformationThread + B 774951AF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtUnmapViewOfSection + 6 7749544A 4 Bytes [68, 53, 9D, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtUnmapViewOfSection + B 7749544F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtCreateFile + 6 7749424A 4 Bytes [28, 7C, E7, 00] {SUB [EDI+0x0], BH} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtCreateFile + B 7749424F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtMapViewOfSection + 6 7749499A 4 Bytes [28, 7F, E7, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtMapViewOfSection + B 7749499F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenFile + 6 77494A2A 4 Bytes [68, 7C, E7, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenFile + B 77494A2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenProcess + 6 77494AAA 4 Bytes [A8, 7D, E7, 00] {TEST AL, 0x7d; OUT 0x0, EAX} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenProcess + B 77494AAF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenProcessToken + 6 77494ABA 4 Bytes CALL 764A323C C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenProcessToken + B 77494ABF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenProcessTokenEx + 6 77494ACA 4 Bytes [A8, 7E, E7, 00] {TEST AL, 0x7e; OUT 0x0, EAX} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenProcessTokenEx + B 77494ACF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenThread + 6 77494B1A 4 Bytes [68, 7D, E7, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenThread + B 77494B1F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenThreadToken + 6 77494B2A 4 Bytes [68, 7E, E7, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenThreadToken + B 77494B2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenThreadTokenEx + 6 77494B3A 4 Bytes CALL 764A32BD C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenThreadTokenEx + B 77494B3F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtQueryAttributesFile + 6 77494BCA 4 Bytes [A8, 7C, E7, 00] {TEST AL, 0x7c; OUT 0x0, EAX} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtQueryAttributesFile + B 77494BCF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtQueryFullAttributesFile + 6 77494C7A 4 Bytes CALL 764A33FB C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtQueryFullAttributesFile + B 77494C7F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtSetInformationFile + 6 7749515A 4 Bytes [28, 7D, E7, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtSetInformationFile + B 7749515F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtSetInformationThread + 6 774951AA 4 Bytes [28, 7E, E7, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtSetInformationThread + B 774951AF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtUnmapViewOfSection + 6 7749544A 4 Bytes [68, 7F, E7, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtUnmapViewOfSection + B 7749544F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtCreateFile + 6 7749424A 4 Bytes [28, 80, 6F, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtCreateFile + B 7749424F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtMapViewOfSection + 6 7749499A 4 Bytes [28, 83, 6F, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtMapViewOfSection + B 7749499F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenFile + 6 77494A2A 4 Bytes [68, 80, 6F, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenFile + B 77494A2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenProcess + 6 77494AAA 4 Bytes [A8, 81, 6F, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenProcess + B 77494AAF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenProcessToken + 6 77494ABA 4 Bytes CALL 7649BA40 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenProcessToken + B 77494ABF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenProcessTokenEx + 6 77494ACA 4 Bytes [A8, 82, 6F, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenProcessTokenEx + B 77494ACF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenThread + 6 77494B1A 4 Bytes [68, 81, 6F, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenThread + B 77494B1F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenThreadToken + 6 77494B2A 4 Bytes [68, 82, 6F, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenThreadToken + B 77494B2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenThreadTokenEx + 6 77494B3A 4 Bytes CALL 7649BAC1 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenThreadTokenEx + B 77494B3F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtQueryAttributesFile + 6 77494BCA 4 Bytes [A8, 80, 6F, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtQueryAttributesFile + B 77494BCF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtQueryFullAttributesFile + 6 77494C7A 4 Bytes CALL 7649BBFF C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtQueryFullAttributesFile + B 77494C7F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtSetInformationFile + 6 7749515A 4 Bytes [28, 81, 6F, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtSetInformationFile + B 7749515F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtSetInformationThread + 6 774951AA 4 Bytes [28, 82, 6F, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtSetInformationThread + B 774951AF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtUnmapViewOfSection + 6 7749544A 4 Bytes [68, 83, 6F, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtUnmapViewOfSection + B 7749544F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5052] CRYPT32.dll!CertDuplicateCRLContext + 5A 754389ED 7 Bytes JMP 005FF630 .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5052] CRYPT32.dll!I_CryptFreeLruCache + 1E1 7543DC4F 7 Bytes JMP 005FF6A0 .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtCreateFile + 6 7749424A 4 Bytes [28, 38, B2, 00] {SUB [EAX], BH; MOV DL, 0x0} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtCreateFile + B 7749424F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtMapViewOfSection + 6 7749499A 4 Bytes [28, 3B, B2, 00] {SUB [EBX], BH; MOV DL, 0x0} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtMapViewOfSection + B 7749499F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenFile + 6 77494A2A 4 Bytes [68, 38, B2, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenFile + B 77494A2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcess + 6 77494AAA 4 Bytes [A8, 39, B2, 00] {TEST AL, 0x39; MOV DL, 0x0} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcess + B 77494AAF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcessToken + 6 77494ABA 4 Bytes CALL 7649FCF8 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcessToken + B 77494ABF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcessTokenEx + 6 77494ACA 4 Bytes [A8, 3A, B2, 00] {TEST AL, 0x3a; MOV DL, 0x0} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcessTokenEx + B 77494ACF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThread + 6 77494B1A 4 Bytes [68, 39, B2, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThread + B 77494B1F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThreadToken + 6 77494B2A 4 Bytes [68, 3A, B2, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThreadToken + B 77494B2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThreadTokenEx + 6 77494B3A 4 Bytes CALL 7649FD79 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThreadTokenEx + B 77494B3F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtQueryAttributesFile + 6 77494BCA 4 Bytes [A8, 38, B2, 00] {TEST AL, 0x38; MOV DL, 0x0} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtQueryAttributesFile + B 77494BCF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtQueryFullAttributesFile + 6 77494C7A 4 Bytes CALL 7649FEB7 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtQueryFullAttributesFile + B 77494C7F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationFile + 6 7749515A 4 Bytes [28, 39, B2, 00] {SUB [ECX], BH; MOV DL, 0x0} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationFile + B 7749515F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationThread + 6 774951AA 4 Bytes [28, 3A, B2, 00] {SUB [EDX], BH; MOV DL, 0x0} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationThread + B 774951AF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtUnmapViewOfSection + 6 7749544A 4 Bytes [68, 3B, B2, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtUnmapViewOfSection + B 7749544F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtCreateFile + 6 7749424A 4 Bytes [28, 34, DB, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtCreateFile + B 7749424F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtMapViewOfSection + 6 7749499A 4 Bytes [28, 37, DB, 00] {SUB [EDI], DH; FILD DWORD [EAX]} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtMapViewOfSection + B 7749499F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenFile + 6 77494A2A 4 Bytes [68, 34, DB, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenFile + B 77494A2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenProcess + 6 77494AAA 4 Bytes [A8, 35, DB, 00] {TEST AL, 0x35; FILD DWORD [EAX]} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenProcess + B 77494AAF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenProcessToken + 6 77494ABA 4 Bytes CALL 764A25F4 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenProcessToken + B 77494ABF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenProcessTokenEx + 6 77494ACA 4 Bytes [A8, 36, DB, 00] {TEST AL, 0x36; FILD DWORD [EAX]} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenProcessTokenEx + B 77494ACF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenThread + 6 77494B1A 4 Bytes [68, 35, DB, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenThread + B 77494B1F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenThreadToken + 6 77494B2A 4 Bytes [68, 36, DB, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenThreadToken + B 77494B2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenThreadTokenEx + 6 77494B3A 4 Bytes CALL 764A2675 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenThreadTokenEx + B 77494B3F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtQueryAttributesFile + 6 77494BCA 4 Bytes [A8, 34, DB, 00] {TEST AL, 0x34; FILD DWORD [EAX]} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtQueryAttributesFile + B 77494BCF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtQueryFullAttributesFile + 6 77494C7A 4 Bytes CALL 764A27B3 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtQueryFullAttributesFile + B 77494C7F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtSetInformationFile + 6 7749515A 4 Bytes [28, 35, DB, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtSetInformationFile + B 7749515F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtSetInformationThread + 6 774951AA 4 Bytes [28, 36, DB, 00] {SUB [ESI], DH; FILD DWORD [EAX]} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtSetInformationThread + B 774951AF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtUnmapViewOfSection + 6 7749544A 4 Bytes [68, 37, DB, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtUnmapViewOfSection + B 7749544F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtCreateFile + 6 7749424A 4 Bytes [28, A8, 3D, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtCreateFile + B 7749424F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtMapViewOfSection + 6 7749499A 4 Bytes [28, AB, 3D, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtMapViewOfSection + B 7749499F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenFile + 6 77494A2A 4 Bytes [68, A8, 3D, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenFile + B 77494A2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenProcess + 6 77494AAA 4 Bytes [A8, A9, 3D, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenProcess + B 77494AAF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenProcessToken + 6 77494ABA 4 Bytes CALL 76498868 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenProcessToken + B 77494ABF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenProcessTokenEx + 6 77494ACA 4 Bytes [A8, AA, 3D, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenProcessTokenEx + B 77494ACF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenThread + 6 77494B1A 4 Bytes [68, A9, 3D, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenThread + B 77494B1F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenThreadToken + 6 77494B2A 4 Bytes [68, AA, 3D, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenThreadToken + B 77494B2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenThreadTokenEx + 6 77494B3A 4 Bytes CALL 764988E9 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenThreadTokenEx + B 77494B3F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtQueryAttributesFile + 6 77494BCA 4 Bytes [A8, A8, 3D, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtQueryAttributesFile + B 77494BCF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtQueryFullAttributesFile + 6 77494C7A 4 Bytes CALL 76498A27 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtQueryFullAttributesFile + B 77494C7F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtSetInformationFile + 6 7749515A 4 Bytes [28, A9, 3D, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtSetInformationFile + B 7749515F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtSetInformationThread + 6 774951AA 4 Bytes [28, AA, 3D, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtSetInformationThread + B 774951AF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtUnmapViewOfSection + 6 7749544A 4 Bytes [68, AB, 3D, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtUnmapViewOfSection + B 7749544F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtCreateFile + 6 7749424A 4 Bytes [28, 00, F6, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtCreateFile + B 7749424F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtMapViewOfSection + 6 7749499A 1 Byte [28] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtMapViewOfSection + 6 7749499A 4 Bytes [28, 03, F6, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtMapViewOfSection + B 7749499F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenFile + 6 77494A2A 4 Bytes [68, 00, F6, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenFile + B 77494A2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenProcess + 6 77494AAA 4 Bytes [A8, 01, F6, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenProcess + B 77494AAF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenProcessToken + 6 77494ABA 4 Bytes CALL 764A40C0 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenProcessToken + B 77494ABF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenProcessTokenEx + 6 77494ACA 4 Bytes [A8, 02, F6, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenProcessTokenEx + B 77494ACF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenThread + 6 77494B1A 4 Bytes [68, 01, F6, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenThread + B 77494B1F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenThreadToken + 6 77494B2A 4 Bytes [68, 02, F6, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenThreadToken + B 77494B2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenThreadTokenEx + 6 77494B3A 4 Bytes CALL 764A4141 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenThreadTokenEx + B 77494B3F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtQueryAttributesFile + 6 77494BCA 4 Bytes [A8, 00, F6, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtQueryAttributesFile + B 77494BCF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtQueryFullAttributesFile + 6 77494C7A 4 Bytes CALL 764A427F C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtQueryFullAttributesFile + B 77494C7F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtSetInformationFile + 6 7749515A 4 Bytes [28, 01, F6, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtSetInformationFile + B 7749515F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtSetInformationThread + 6 774951AA 4 Bytes [28, 02, F6, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtSetInformationThread + B 774951AF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtUnmapViewOfSection + 6 7749544A 1 Byte [68] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtUnmapViewOfSection + 6 7749544A 4 Bytes [68, 03, F6, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtUnmapViewOfSection + B 7749544F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtCreateFile + 6 7749424A 4 Bytes [28, 10, EB, 00] {SUB [EAX], DL; JMP 0x4} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtCreateFile + B 7749424F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtMapViewOfSection + 6 7749499A 4 Bytes [28, 13, EB, 00] {SUB [EBX], DL; JMP 0x4} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtMapViewOfSection + B 7749499F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenFile + 6 77494A2A 4 Bytes [68, 10, EB, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenFile + B 77494A2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcess + 6 77494AAA 4 Bytes [A8, 11, EB, 00] {TEST AL, 0x11; JMP 0x4} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcess + B 77494AAF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcessToken + 6 77494ABA 4 Bytes CALL 764A35D0 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcessToken + B 77494ABF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcessTokenEx + 6 77494ACA 4 Bytes [A8, 12, EB, 00] {TEST AL, 0x12; JMP 0x4} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcessTokenEx + B 77494ACF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThread + 6 77494B1A 4 Bytes [68, 11, EB, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThread + B 77494B1F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThreadToken + 6 77494B2A 4 Bytes [68, 12, EB, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThreadToken + B 77494B2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThreadTokenEx + 6 77494B3A 4 Bytes CALL 764A3651 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThreadTokenEx + B 77494B3F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtQueryAttributesFile + 6 77494BCA 4 Bytes [A8, 10, EB, 00] {TEST AL, 0x10; JMP 0x4} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtQueryAttributesFile + B 77494BCF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtQueryFullAttributesFile + 6 77494C7A 4 Bytes CALL 764A378F C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtQueryFullAttributesFile + B 77494C7F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtSetInformationFile + 6 7749515A 4 Bytes [28, 11, EB, 00] {SUB [ECX], DL; JMP 0x4} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtSetInformationFile + B 7749515F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtSetInformationThread + 6 774951AA 4 Bytes [28, 12, EB, 00] {SUB [EDX], DL; JMP 0x4} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtSetInformationThread + B 774951AF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtUnmapViewOfSection + 6 7749544A 4 Bytes [68, 13, EB, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtUnmapViewOfSection + B 7749544F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtCreateFile + 6 7749424A 4 Bytes [28, 8C, B0, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtCreateFile + B 7749424F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtMapViewOfSection + 6 7749499A 4 Bytes [28, 8F, B0, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtMapViewOfSection + B 7749499F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenFile + 6 77494A2A 4 Bytes [68, 8C, B0, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenFile + B 77494A2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenProcess + 6 77494AAA 4 Bytes [A8, 8D, B0, 00] {TEST AL, 0x8d; MOV AL, 0x0} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenProcess + B 77494AAF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenProcessToken + 6 77494ABA 4 Bytes CALL 7649FB4C C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenProcessToken + B 77494ABF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenProcessTokenEx + 6 77494ACA 4 Bytes [A8, 8E, B0, 00] {TEST AL, 0x8e; MOV AL, 0x0} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenProcessTokenEx + B 77494ACF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenThread + 6 77494B1A 4 Bytes [68, 8D, B0, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenThread + B 77494B1F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenThreadToken + 6 77494B2A 4 Bytes [68, 8E, B0, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenThreadToken + B 77494B2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenThreadTokenEx + 6 77494B3A 4 Bytes CALL 7649FBCD C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenThreadTokenEx + B 77494B3F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtQueryAttributesFile + 6 77494BCA 4 Bytes [A8, 8C, B0, 00] {TEST AL, 0x8c; MOV AL, 0x0} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtQueryAttributesFile + B 77494BCF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtQueryFullAttributesFile + 6 77494C7A 4 Bytes CALL 7649FD0B C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtQueryFullAttributesFile + B 77494C7F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtSetInformationFile + 6 7749515A 4 Bytes [28, 8D, B0, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtSetInformationFile + B 7749515F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtSetInformationThread + 6 774951AA 4 Bytes [28, 8E, B0, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtSetInformationThread + B 774951AF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtUnmapViewOfSection + 6 7749544A 4 Bytes [68, 8F, B0, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtUnmapViewOfSection + B 7749544F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtCreateFile + 6 7749424A 4 Bytes [28, 6C, 88, 00] {SUB [EAX+ECX*4+0x0], CH} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtCreateFile + B 7749424F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtMapViewOfSection + 6 7749499A 4 Bytes [28, 6F, 88, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtMapViewOfSection + B 7749499F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenFile + 6 77494A2A 4 Bytes [68, 6C, 88, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenFile + B 77494A2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcess + 6 77494AAA 4 Bytes [A8, 6D, 88, 00] {TEST AL, 0x6d; MOV [EAX], AL} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcess + B 77494AAF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcessToken + 6 77494ABA 4 Bytes CALL 7649D32C C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcessToken + B 77494ABF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcessTokenEx + 6 77494ACA 4 Bytes [A8, 6E, 88, 00] {TEST AL, 0x6e; MOV [EAX], AL} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcessTokenEx + B 77494ACF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThread + 6 77494B1A 4 Bytes [68, 6D, 88, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThread + B 77494B1F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThreadToken + 6 77494B2A 4 Bytes [68, 6E, 88, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThreadToken + B 77494B2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThreadTokenEx + 6 77494B3A 4 Bytes CALL 7649D3AD C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThreadTokenEx + B 77494B3F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtQueryAttributesFile + 6 77494BCA 4 Bytes [A8, 6C, 88, 00] {TEST AL, 0x6c; MOV [EAX], AL} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtQueryAttributesFile + B 77494BCF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtQueryFullAttributesFile + 6 77494C7A 4 Bytes CALL 7649D4EB C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtQueryFullAttributesFile + B 77494C7F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtSetInformationFile + 6 7749515A 4 Bytes [28, 6D, 88, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtSetInformationFile + B 7749515F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtSetInformationThread + 6 774951AA 4 Bytes [28, 6E, 88, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtSetInformationThread + B 774951AF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtUnmapViewOfSection + 6 7749544A 4 Bytes [68, 6F, 88, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtUnmapViewOfSection + B 7749544F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtCreateFile + 6 7749424A 4 Bytes [28, 88, 1E, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtCreateFile + B 7749424F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtMapViewOfSection + 6 7749499A 4 Bytes [28, 8B, 1E, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtMapViewOfSection + B 7749499F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenFile + 6 77494A2A 4 Bytes [68, 88, 1E, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenFile + B 77494A2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenProcess + 6 77494AAA 4 Bytes [A8, 89, 1E, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenProcess + B 77494AAF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenProcessToken + 6 77494ABA 4 Bytes CALL 76496948 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenProcessToken + B 77494ABF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenProcessTokenEx + 6 77494ACA 4 Bytes [A8, 8A, 1E, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenProcessTokenEx + B 77494ACF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenThread + 6 77494B1A 4 Bytes [68, 89, 1E, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenThread + B 77494B1F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenThreadToken + 6 77494B2A 4 Bytes [68, 8A, 1E, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenThreadToken + B 77494B2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenThreadTokenEx + 6 77494B3A 4 Bytes CALL 764969C9 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenThreadTokenEx + B 77494B3F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtQueryAttributesFile + 6 77494BCA 4 Bytes [A8, 88, 1E, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtQueryAttributesFile + B 77494BCF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtQueryFullAttributesFile + 6 77494C7A 4 Bytes CALL 76496B07 C:\Windows\system32\SHELL32.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtQueryFullAttributesFile + B 77494C7F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtSetInformationFile + 6 7749515A 4 Bytes [28, 89, 1E, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtSetInformationFile + B 7749515F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtSetInformationThread + 6 774951AA 4 Bytes [28, 8A, 1E, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtSetInformationThread + B 774951AF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtUnmapViewOfSection + 6 7749544A 4 Bytes [68, 8B, 1E, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtUnmapViewOfSection + B 7749544F 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74157817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741AA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7415BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7414F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7414E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74188395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7415DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7414FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7414FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [741DCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7417C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7414D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74146853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7414687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74152AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8f73a698]<< 8f73a698 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ca34780] 8ca34780 Trace 3 CLASSPNP.SYS[90bab8b3] -> nt!IofCallDriver -> [0x8f5ee678] 8f5ee678 Trace \Driver\00001629[0x8f70d568] -> IRP_MJ_CREATE -> 0x8f73a698 8f73a698 ---- Processes - GMER 2.1 ---- Process C:\Windows\System32\svchost.exe (*** hidden *** ) 1288 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b2faf4 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b2faf4@001d289138a8 0x72 0xE2 0xF4 0x5B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b2faf4@0019c0d67293 0x3D 0x3D 0x24 0x6D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b2faf4@001ca48d9469 0x9A 0xC1 0x69 0x86 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b2faf4@002376a0be21 0x30 0x72 0x61 0xBF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b2faf4@6c23b9da3477 0xE4 0x3B 0xC4 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b2faf4@9c4a7b2fc11e 0xDA 0xDF 0x48 0x16 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b2faf4@8451819e6b12 0xE5 0x4E 0xA1 0xBF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0A 0x93 0xD2 0x3F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Users\Public\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9E 0xF1 0xF6 0xFE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9A 0x7C 0x30 0x98 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x88 0x14 0x36 0x15 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x98 0xDA 0x30 0x54 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xCC 0xFE 0x1F 0xEE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xCC 0xFE 0x1F 0xEE ... Reg HKLM\SYSTEM\ControlSet029\Services\BTHPORT\Parameters\Keys\001e37b2faf4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet029\Services\BTHPORT\Parameters\Keys\001e37b2faf4@001d289138a8 0x72 0xE2 0xF4 0x5B ... Reg HKLM\SYSTEM\ControlSet029\Services\BTHPORT\Parameters\Keys\001e37b2faf4@0019c0d67293 0x3D 0x3D 0x24 0x6D ... Reg HKLM\SYSTEM\ControlSet029\Services\BTHPORT\Parameters\Keys\001e37b2faf4@001ca48d9469 0x9A 0xC1 0x69 0x86 ... Reg HKLM\SYSTEM\ControlSet029\Services\BTHPORT\Parameters\Keys\001e37b2faf4@002376a0be21 0x30 0x72 0x61 0xBF ... Reg HKLM\SYSTEM\ControlSet029\Services\BTHPORT\Parameters\Keys\001e37b2faf4@6c23b9da3477 0xE4 0x3B 0xC4 0xA3 ... Reg HKLM\SYSTEM\ControlSet029\Services\BTHPORT\Parameters\Keys\001e37b2faf4@9c4a7b2fc11e 0xDA 0xDF 0x48 0x16 ... Reg HKLM\SYSTEM\ControlSet029\Services\BTHPORT\Parameters\Keys\001e37b2faf4@8451819e6b12 0xE5 0x4E 0xA1 0xBF ... Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0A 0x93 0xD2 0x3F ... Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Users\Public\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9E 0xF1 0xF6 0xFE ... Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9A 0x7C 0x30 0x98 ... Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x88 0x14 0x36 0x15 ... Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x98 0xDA 0x30 0x54 ... Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xCC 0xFE 0x1F 0xEE ... Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xCC 0xFE 0x1F 0xEE ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.1”\OpenWithProgids@1\x201d_auto_file Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C1B660E6-E8EF-A4E4-5670-8BFD8DAD09A3} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C1B660E6-E8EF-A4E4-5670-8BFD8DAD09A3}@papealdndiihnkeagacepekbmblekfjd 0x6B 0x61 0x6E 0x63 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C1B660E6-E8EF-A4E4-5670-8BFD8DAD09A3}@abjekkindoodjgjjoefbllmkdcfoiclaeo 0x6A 0x61 0x6A 0x64 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.1 ---- File C:\Program Files\Windows Defender\pl-PL\MpAsDesc.dll.mui 49152 bytes executable File C:\Program Files\Windows Defender\pl-PL\MpEvMsg.dll.mui 23552 bytes executable File C:\Program Files\Windows Defender\pl-PL\MsMpRes.dll.mui 69632 bytes executable File C:\Windows\$NtUninstallKB62280$\3438722373 0 bytes File C:\Windows\$NtUninstallKB62280$\485945278 0 bytes File C:\Windows\$NtUninstallKB62280$\485945278\@ 2048 bytes File C:\Windows\$NtUninstallKB62280$\485945278\Desktop.ini 4608 bytes File C:\Windows\$NtUninstallKB62280$\485945278\L 0 bytes File C:\Windows\$NtUninstallKB62280$\485945278\L\00000004.@ 804 bytes File C:\Windows\$NtUninstallKB62280$\485945278\L\201d3dde 73 bytes File C:\Windows\$NtUninstallKB62280$\485945278\L\6715e287 69 bytes File C:\Windows\$NtUninstallKB62280$\485945278\L\76603ac3 2416 bytes File C:\Windows\$NtUninstallKB62280$\485945278\L\qnbwvoto 75264 bytes File C:\Windows\$NtUninstallKB62280$\485945278\U 0 bytes File C:\Windows\$NtUninstallKB62280$\485945278\U\00000004.@ 2048 bytes File C:\Windows\$NtUninstallKB62280$\485945278\U\00000008.@ 1024 bytes File C:\Windows\$NtUninstallKB62280$\485945278\U\000000cb.@ 1632 bytes File C:\Windows\$NtUninstallKB62280$\485945278\U\80000000.@ 11776 bytes File C:\Windows\$NtUninstallKB62280$\485945278\U\80000032.@ 90624 bytes ---- EOF - GMER 2.1 ----