GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2013-08-11 16:08:16 Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-6 MAXTOR_STM3750330AS rev.MX15 Running: gmer.exe; Driver: C:\Users\PTYLLLO\AppData\Local\Temp\pxliifod.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwAllocateVirtualMemory [0x940C7EC6] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwAlpcConnectPort [0x940CB31A] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwAlpcSendWaitReceivePort [0x940CAE50] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwAssignProcessToJobObject [0x940C895E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwClose [0x940CB928] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwConnectPort [0x940CA1CC] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwCreateFile [0x940C9678] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwCreateKey [0x940CA8C4] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwCreateProcess [0x940C8BB4] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwCreateProcessEx [0x940C8C6A] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwCreateSection [0x940C8F52] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwCreateThread [0x940C7836] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwCreateThreadEx [0x940CBB44] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwDeviceIoControlFile [0x940CAA34] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwDuplicateObject [0x940CED4C] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwFsControlFile [0x940CACEC] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwLoadDriver [0x940C833C] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwMakeTemporaryObject [0x940CB6E8] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwOpenFile [0x940C9420] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwOpenProcess [0x940CE7A4] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwOpenSection [0x940C8D24] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwOpenThread [0x940CEA54] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwProtectVirtualMemory [0x940C7D4A] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwQueueApcThread [0x940C8A86] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwReplaceKey [0x940CB536] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwRequestPort [0x940CA33A] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwRequestWaitReplyPort [0x940C9CCE] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwRestoreKey [0x940CB5C0] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwSecureConnectPort [0x940CA754] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwSetContextThread [0x940C79A6] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwSetSecurityObject [0x940CB490] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwSetSystemInformation [0x940C8500] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwShutdownSystem [0x940CB652] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwSuspendProcess [0x940C7C22] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwSuspendThread [0x940C7AFC] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwSystemDebugControl [0x940C8890] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwTerminateProcess [0x940CE69C] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwTerminateThread [0x940CEF3E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwUnloadDriver [0x940CB77E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwWriteVirtualMemory [0x940C76BA] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8348B9F5 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834C51F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 834CC438 4 Bytes [C6, 7E, 0C, 94] .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 834CC444 4 Bytes [1A, B3, 0C, 94] .text ntkrnlpa.exe!KeRemoveQueueEx + 1143 834CC488 4 Bytes [50, AE, 0C, 94] {PUSH EAX; SCASB ; OR AL, 0x94} .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 834CC498 4 Bytes [5E, 89, 0C, 94] {POP ESI; MOV [ESP+EDX*4], ECX} .text ntkrnlpa.exe!KeRemoveQueueEx + 116F 834CC4B4 4 Bytes [28, B9, 0C, 94] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92C14000, 0x3DBAA0, 0xE8000020] PAGE peauth.sys AA4AFB9B 72 Bytes [0E, C6, FB, 5B, EA, 17, 76, ...] ---- User code sections - GMER 1.0.15 ---- .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, 6C, 08, 01] {SUB [EAX+ECX+0x1], CH} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, 6F, 08, 01] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, 6C, 08, 01] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, 6D, 08, 01] {TEST AL, 0x6d; OR [ECX], AL} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenProcessToken + 6 776F5D9E 4 Bytes CALL 76706610 .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, 6E, 08, 01] {TEST AL, 0x6e; OR [ECX], AL} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, 6D, 08, 01] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, 6E, 08, 01] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenThreadTokenEx + 6 776F5E2E 4 Bytes CALL 767066A1 .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, 6C, 08, 01] {TEST AL, 0x6c; OR [ECX], AL} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtQueryFullAttributesFile + 6 776F5FEE 4 Bytes CALL 7670685F .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, 6D, 08, 01] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, 6E, 08, 01] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, 6F, 08, 01] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, A0, 46, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, A3, 46, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, A0, 46, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, A1, 46, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, A2, 46, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, A1, 46, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, A2, 46, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, A0, 46, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, A1, 46, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, A2, 46, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, A3, 46, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[1044] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, 30, 8C, 00] {SUB [EAX], DH; MOV WORD [EAX], ES} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, 33, 8C, 00] {SUB [EBX], DH; MOV WORD [EAX], ES} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, 30, 8C, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, 31, 8C, 00] {TEST AL, 0x31; MOV WORD [EAX], ES} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, 32, 8C, 00] {TEST AL, 0x32; MOV WORD [EAX], ES} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, 31, 8C, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, 32, 8C, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, 30, 8C, 00] {TEST AL, 0x30; MOV WORD [EAX], ES} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, 31, 8C, 00] {SUB [ECX], DH; MOV WORD [EAX], ES} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, 32, 8C, 00] {SUB [EDX], DH; MOV WORD [EAX], ES} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, 33, 8C, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, C4, 29, 00] {SUB AH, AL; SUB [EAX], EAX} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, C7, 29, 00] {SUB BH, AL; SUB [EAX], EAX} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, C4, 29, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, C5, 29, 00] {TEST AL, 0xc5; SUB [EAX], EAX} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, C6, 29, 00] {TEST AL, 0xc6; SUB [EAX], EAX} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, C5, 29, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, C6, 29, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, C4, 29, 00] {TEST AL, 0xc4; SUB [EAX], EAX} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, C5, 29, 00] {SUB CH, AL; SUB [EAX], EAX} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, C6, 29, 00] {SUB DH, AL; SUB [EAX], EAX} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, C7, 29, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, D0, 1D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, D3, 1D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, D0, 1D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, D1, 1D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, D2, 1D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, D1, 1D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, D2, 1D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, D0, 1D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, D1, 1D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, D2, 1D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, D3, 1D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, BC, 2A, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, BF, 2A, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, BC, 2A, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, BD, 2A, 00] {TEST AL, 0xbd; SUB AL, [EAX]} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, BE, 2A, 00] {TEST AL, 0xbe; SUB AL, [EAX]} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, BD, 2A, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, BE, 2A, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, BC, 2A, 00] {TEST AL, 0xbc; SUB AL, [EAX]} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, BD, 2A, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, BE, 2A, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, BF, 2A, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, F0, FA, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, F3, FA, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, F0, FA, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, F1, FA, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenProcessToken + 6 776F5D9E 4 Bytes CALL 76705894 .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, F2, FA, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, F1, FA, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, F2, FA, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenThreadTokenEx + 6 776F5E2E 4 Bytes CALL 76705925 .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, F0, FA, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtQueryFullAttributesFile + 6 776F5FEE 4 Bytes CALL 76705AE3 .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, F1, FA, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, F2, FA, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, F3, FA, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, 10, F4, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, 13, F4, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, 10, F4, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, 11, F4, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtOpenProcessToken + 6 776F5D9E 4 Bytes CALL 767051B4 .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, 12, F4, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, 11, F4, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, 12, F4, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtOpenThreadTokenEx + 6 776F5E2E 4 Bytes CALL 76705245 .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, 10, F4, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtQueryFullAttributesFile + 6 776F5FEE 4 Bytes CALL 76705403 .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, 11, F4, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, 12, F4, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, 13, F4, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4152] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, 98, 4E, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, 9B, 4E, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, 98, 4E, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, 99, 4E, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, 9A, 4E, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, 99, 4E, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, 9A, 4E, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, 98, 4E, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, 99, 4E, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, 9A, 4E, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, 9B, 4E, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, 3C, 56, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, 3F, 56, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, 3C, 56, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, 3D, 56, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, 3E, 56, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, 3D, 56, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, 3E, 56, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, 3C, 56, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, 3D, 56, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, 3E, 56, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, 3F, 56, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4472] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, 70, 90, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, 73, 90, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, 70, 90, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, 71, 90, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, 72, 90, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, 71, 90, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, 72, 90, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, 70, 90, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, 71, 90, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, 72, 90, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, 73, 90, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, 38, FD, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, 3B, FD, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, 38, FD, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, 39, FD, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenProcessToken + 6 776F5D9E 4 Bytes CALL 76705ADC .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, 3A, FD, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, 39, FD, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, 3A, FD, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenThreadTokenEx + 6 776F5E2E 4 Bytes CALL 76705B6D .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, 38, FD, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtQueryFullAttributesFile + 6 776F5FEE 4 Bytes CALL 76705D2B .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, 39, FD, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, 3A, FD, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, 3B, FD, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, C8, 2D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, CB, 2D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, C8, 2D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, C9, 2D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, CA, 2D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, C9, 2D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, CA, 2D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, C8, 2D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, C9, 2D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, CA, 2D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, CB, 2D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, F8, 76, 00] {SUB AL, BH; JBE 0x4} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, FB, 76, 00] {SUB BL, BH; JBE 0x4} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, F8, 76, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, F9, 76, 00] {TEST AL, 0xf9; JBE 0x4} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, FA, 76, 00] {TEST AL, 0xfa; JBE 0x4} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, F9, 76, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, FA, 76, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, F8, 76, 00] {TEST AL, 0xf8; JBE 0x4} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, F9, 76, 00] {SUB CL, BH; JBE 0x4} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, FA, 76, 00] {SUB DL, BH; JBE 0x4} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, FB, 76, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5360] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, 24, 08, 01] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, 27, 08, 01] {SUB [EDI], AH; OR [ECX], AL} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, 24, 08, 01] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, 25, 08, 01] {TEST AL, 0x25; OR [ECX], AL} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenProcessToken + 6 776F5D9E 4 Bytes CALL 767065C8 .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, 26, 08, 01] {TEST AL, 0x26; OR [ECX], AL} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, 25, 08, 01] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, 26, 08, 01] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenThreadTokenEx + 6 776F5E2E 4 Bytes CALL 76706659 .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, 24, 08, 01] {TEST AL, 0x24; OR [ECX], AL} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtQueryFullAttributesFile + 6 776F5FEE 4 Bytes CALL 76706817 .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, 25, 08, 01] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, 26, 08, 01] {SUB [ESI], AH; OR [ECX], AL} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, 27, 08, 01] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, 24, 91, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, 27, 91, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, 24, 91, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, 25, 91, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, 26, 91, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, 25, 91, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, 26, 91, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, 24, 91, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, 25, 91, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, 26, 91, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, 27, 91, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, 9C, 66, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, 9F, 66, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, 9C, 66, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, 9D, 66, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, 9E, 66, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, 9D, 66, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, 9E, 66, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, 9C, 66, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, 9D, 66, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, 9E, 66, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, 9F, 66, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5928] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, 8C, 4D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, 8F, 4D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, 8C, 4D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, 8D, 4D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, 8E, 4D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, 8D, 4D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, 8E, 4D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, 8C, 4D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, 8D, 4D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, 8E, 4D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, 8F, 4D, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, 9C, 4A, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, 9F, 4A, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, 9C, 4A, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, 9D, 4A, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, 9E, 4A, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, 9D, 4A, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, 9E, 4A, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, 9C, 4A, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, 9D, 4A, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, 9E, 4A, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, 9F, 4A, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, A8, D2, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, AB, D2, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, A8, D2, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, A9, D2, 00] {TEST AL, 0xa9; ROL BYTE [EAX], CL} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtOpenProcessToken + 6 776F5D9E 4 Bytes CALL 7670304C .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, AA, D2, 00] {TEST AL, 0xaa; ROL BYTE [EAX], CL} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, A9, D2, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, AA, D2, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtOpenThreadTokenEx + 6 776F5E2E 4 Bytes CALL 767030DD .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, A8, D2, 00] {TEST AL, 0xa8; ROL BYTE [EAX], CL} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtQueryFullAttributesFile + 6 776F5FEE 4 Bytes CALL 7670329B .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, A9, D2, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, AA, D2, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, AB, D2, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6792] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, 10, 55, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, 13, 55, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, 10, 55, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, 11, 55, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, 12, 55, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, 11, 55, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, 12, 55, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, 10, 55, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, 11, 55, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, 12, 55, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, 13, 55, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, 40, 89, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, 43, 89, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, 40, 89, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, 41, 89, 00] {TEST AL, 0x41; MOV [EAX], EAX} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, 42, 89, 00] {TEST AL, 0x42; MOV [EAX], EAX} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, 41, 89, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, 42, 89, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, 40, 89, 00] {TEST AL, 0x40; MOV [EAX], EAX} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, 41, 89, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, 42, 89, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, 43, 89, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, BC, C2, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, BF, C2, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, BC, C2, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, BD, C2, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtOpenProcessToken + 6 776F5D9E 4 Bytes CALL 76702060 .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, BE, C2, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, BD, C2, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, BE, C2, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtOpenThreadTokenEx + 6 776F5E2E 4 Bytes CALL 767020F1 .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, BC, C2, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtQueryFullAttributesFile + 6 776F5FEE 4 Bytes CALL 767022AF .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, BD, C2, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, BE, C2, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, BF, C2, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7136] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, D0, C0, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, D3, C0, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, D0, C0, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, D1, C0, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtOpenProcessToken + 6 776F5D9E 4 Bytes CALL 76701E74 .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, D2, C0, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, D1, C0, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, D2, C0, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtOpenThreadTokenEx + 6 776F5E2E 4 Bytes CALL 76701F05 .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, D0, C0, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtQueryFullAttributesFile + 6 776F5FEE 4 Bytes CALL 767020C3 .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, D1, C0, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, D2, C0, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, D3, C0, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7260] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, 78, 63, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, 7B, 63, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, 78, 63, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, 79, 63, 00] {TEST AL, 0x79; ARPL [EAX], AX} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, 7A, 63, 00] {TEST AL, 0x7a; ARPL [EAX], AX} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, 79, 63, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, 7A, 63, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, 78, 63, 00] {TEST AL, 0x78; ARPL [EAX], AX} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, 79, 63, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, 7A, 63, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, 7B, 63, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7524] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, C0, 3B, 00] {SUB AL, AL; CMP EAX, [EAX]} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, C3, 3B, 00] {SUB BL, AL; CMP EAX, [EAX]} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, C0, 3B, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, C1, 3B, 00] {TEST AL, 0xc1; CMP EAX, [EAX]} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, C2, 3B, 00] {TEST AL, 0xc2; CMP EAX, [EAX]} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, C1, 3B, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, C2, 3B, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, C0, 3B, 00] {TEST AL, 0xc0; CMP EAX, [EAX]} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, C1, 3B, 00] {SUB CL, AL; CMP EAX, [EAX]} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, C2, 3B, 00] {SUB DL, AL; CMP EAX, [EAX]} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, C3, 3B, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7592] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, 0C, D5, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, 0F, D5, 00] {SUB [EDI], CL; AAD 0x0} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, 0C, D5, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, 0D, D5, 00] {TEST AL, 0xd; AAD 0x0} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtOpenProcessToken + 6 776F5D9E 4 Bytes CALL 767032B0 .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, 0E, D5, 00] {TEST AL, 0xe; AAD 0x0} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, 0D, D5, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, 0E, D5, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtOpenThreadTokenEx + 6 776F5E2E 4 Bytes CALL 76703341 .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, 0C, D5, 00] {TEST AL, 0xc; AAD 0x0} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtQueryFullAttributesFile + 6 776F5FEE 4 Bytes CALL 767034FF .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, 0D, D5, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, 0E, D5, 00] {SUB [ESI], CL; AAD 0x0} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, 0F, D5, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7756] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, 80, 58, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, 83, 58, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, 80, 58, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, 81, 58, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, 82, 58, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, 81, 58, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, 82, 58, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, 80, 58, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, 81, 58, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, 82, 58, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, 83, 58, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7884] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, D4, 38, 00] {SUB AH, DL; CMP [EAX], AL} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, D7, 38, 00] {SUB BH, DL; CMP [EAX], AL} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, D4, 38, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, D5, 38, 00] {TEST AL, 0xd5; CMP [EAX], AL} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, D6, 38, 00] {TEST AL, 0xd6; CMP [EAX], AL} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, D5, 38, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, D6, 38, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, D4, 38, 00] {TEST AL, 0xd4; CMP [EAX], AL} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, D5, 38, 00] {SUB CH, DL; CMP [EAX], AL} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, D6, 38, 00] {SUB DH, DL; CMP [EAX], AL} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, D7, 38, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[7964] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtCreateFile + 6 776F55CE 4 Bytes [28, BC, C4, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtCreateFile + B 776F55D3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtMapViewOfSection + 6 776F5C2E 4 Bytes [28, BF, C4, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtMapViewOfSection + B 776F5C33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtOpenFile + 6 776F5CDE 4 Bytes [68, BC, C4, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtOpenFile + B 776F5CE3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtOpenProcess + 6 776F5D8E 4 Bytes [A8, BD, C4, 00] {TEST AL, 0xbd; LES EAX, DWORD [EAX]} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtOpenProcess + B 776F5D93 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtOpenProcessToken + 6 776F5D9E 4 Bytes CALL 76702260 .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtOpenProcessToken + B 776F5DA3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtOpenProcessTokenEx + 6 776F5DAE 4 Bytes [A8, BE, C4, 00] {TEST AL, 0xbe; LES EAX, DWORD [EAX]} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtOpenProcessTokenEx + B 776F5DB3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtOpenThread + 6 776F5E0E 4 Bytes [68, BD, C4, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtOpenThread + B 776F5E13 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtOpenThreadToken + 6 776F5E1E 4 Bytes [68, BE, C4, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtOpenThreadToken + B 776F5E23 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtOpenThreadTokenEx + 6 776F5E2E 4 Bytes CALL 767022F1 .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtOpenThreadTokenEx + B 776F5E33 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtQueryAttributesFile + 6 776F5F3E 4 Bytes [A8, BC, C4, 00] {TEST AL, 0xbc; LES EAX, DWORD [EAX]} .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtQueryAttributesFile + B 776F5F43 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtQueryFullAttributesFile + 6 776F5FEE 4 Bytes CALL 767024AF .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtQueryFullAttributesFile + B 776F5FF3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtSetInformationFile + 6 776F663E 4 Bytes [28, BD, C4, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtSetInformationFile + B 776F6643 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtSetInformationThread + 6 776F669E 4 Bytes [28, BE, C4, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtSetInformationThread + B 776F66A3 1 Byte [E2] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtUnmapViewOfSection + 6 776F69BE 4 Bytes [68, BF, C4, 00] .text C:\Users\PTYLLLO\AppData\Local\Google\Chrome\Application\chrome.exe[8136] ntdll.dll!NtUnmapViewOfSection + B 776F69C3 1 Byte [E2] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[2140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [721F24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [721D562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [721D56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [721F2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [721E85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [721E4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [721E5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [721E51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [721E6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [721E8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [721E8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [721E90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [721EE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [721E4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Podw Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Podw@FormKeyword 0x48 0x50 0x5F 0x50 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Podw@ResourceNameID @hpzstw71.dll,6645 Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Podw Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Podw@FormKeyword 0x48 0x50 0x5F 0x42 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Podw@ResourceNameID @hpzstw71.dll,6237 Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Podw (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Podw@FormKeyword 0x48 0x50 0x5F 0x50 ... Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Podw@ResourceNameID @hpzstw71.dll,6645 Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Podw (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Podw@FormKeyword 0x48 0x50 0x5F 0x42 ... Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Podw@ResourceNameID @hpzstw71.dll,6237 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 350F9F6B53B6776862A06175AF79DBBA063B1A7951E428B0EF7E344D76F5411FA9AB5073EDC8B42478A8A7F5FA6E4A8A219FB9D508CD54C40F28508D2F14DD6C3602CF1B89BA22E1D6DAD01CD71AD0E908B21C85F687AE6C92BDE0D81E0CF4B39FE24AF8FDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB3452A6A0AC4980AC79338EDD5E5BE2F6E6677D5F78F64C201F08511325060A164CEA9F1F8CEE313EAC2F6737F0529FC004BD53249D4D0CBE0CA9663528A48ED6C740406F4E3F9D0FDCEDF11953F5B27F8775DA9401AD6B551472240724C54E226FAFB650A9D28CFE48465C53432B61F83798D4119C4679540516118EA2E4721D7349738E5C91DF869C44A097CD69E51B6452E1516E3CEABF73F79BA735F44880C650CB49285B1C3451A99D69051C20EAA5FD0C5D7B2795B0B53514016E5A3F9A23BD79F54F026C2B9F6A16237EA1918054AE3C14C7927653669C2D9D66EC6D4C843B19DA9B4B1EA104302FEF534D62058F29C3A560FEADE7652E81D3B9FA0B0B2A2AAC145A70A3603E55F451A3665C373868D49AD1E0004156A28C4D0646F560971D1A91DB2013C7566B541C8EA7EF6D7598884A2F9FD2499E64AD8B70012EE717DAAA97F3FCA54893B6A0F8B9BFAE0CB09AD8631017B3FB6C902BDE2 Reg HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Otw Reg HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Otw Reg HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Otw@ C:\Program Files\CCleaner\ccleaner.exe ---- EOF - GMER 1.0.15 ----