GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-14 17:01:50 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000024 ST1000LM014-1EJ164 rev.LVD1 931,51GB Running: tix7ilg6.exe; Driver: C:\Users\Lenovo\AppData\Local\Temp\kxlorpow.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\atiesrxx.exe[868] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2c03177a 4 bytes [03, 2C, FB, 07] .text C:\WINDOWS\system32\atiesrxx.exe[868] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb2c031782 4 bytes [03, 2C, FB, 07] .text C:\WINDOWS\system32\atieclxx.exe[544] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2c03177a 4 bytes [03, 2C, FB, 07] .text C:\WINDOWS\system32\atieclxx.exe[544] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb2c031782 4 bytes [03, 2C, FB, 07] .text C:\WINDOWS\system32\BtwRSupportService.exe[1872] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690 000007fb25f71532 4 bytes [F7, 25, FB, 07] .text C:\WINDOWS\system32\BtwRSupportService.exe[1872] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698 000007fb25f7153a 4 bytes [F7, 25, FB, 07] .text C:\WINDOWS\system32\BtwRSupportService.exe[1872] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246 000007fb25f7165a 4 bytes [F7, 25, FB, 07] .text C:\WINDOWS\Explorer.EXE[2332] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb25f71532 4 bytes [F7, 25, FB, 07] .text C:\WINDOWS\Explorer.EXE[2332] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb25f7153a 4 bytes [F7, 25, FB, 07] .text C:\WINDOWS\Explorer.EXE[2332] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb25f7165a 4 bytes [F7, 25, FB, 07] .text C:\WINDOWS\Explorer.EXE[2332] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2c03177a 4 bytes [03, 2C, FB, 07] .text C:\WINDOWS\Explorer.EXE[2332] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb2c031782 4 bytes [03, 2C, FB, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2996] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb25f71532 4 bytes [F7, 25, FB, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2996] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb25f7153a 4 bytes [F7, 25, FB, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2996] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb25f7165a 4 bytes [F7, 25, FB, 07] .text C:\Windows\RTFTrack.exe[3736] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb25f71532 4 bytes [F7, 25, FB, 07] .text C:\Windows\RTFTrack.exe[3736] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb25f7153a 4 bytes [F7, 25, FB, 07] .text C:\Windows\RTFTrack.exe[3736] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb25f7165a 4 bytes [F7, 25, FB, 07] .text C:\Windows\System32\igfxpers.exe[3836] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2c03177a 4 bytes [03, 2C, FB, 07] .text C:\Windows\System32\igfxpers.exe[3836] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb2c031782 4 bytes [03, 2C, FB, 07] .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4004] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb25f71532 4 bytes [F7, 25, FB, 07] .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4004] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb25f7153a 4 bytes [F7, 25, FB, 07] .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4004] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb25f7165a 4 bytes [F7, 25, FB, 07] .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4004] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2c03177a 4 bytes [03, 2C, FB, 07] .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4004] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb2c031782 4 bytes [03, 2C, FB, 07] .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4004] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fb1c891b32 4 bytes [89, 1C, FB, 07] .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4004] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fb1c891b3a 4 bytes [89, 1C, FB, 07] .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3312] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fb1c891b32 4 bytes [89, 1C, FB, 07] .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3312] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fb1c891b3a 4 bytes [89, 1C, FB, 07] .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3312] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb25f71532 4 bytes [F7, 25, FB, 07] .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3312] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb25f7153a 4 bytes [F7, 25, FB, 07] .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3312] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb25f7165a 4 bytes [F7, 25, FB, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fb2e7f2de0 16 bytes [50, 48, B8, 30, 35, CC, 29, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4756] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2c03177a 4 bytes [03, 2C, FB, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4756] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb2c031782 4 bytes [03, 2C, FB, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fb2e7f2c30 6 bytes [50, 48, B8, 90, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread + 7 000007fb2e7f2c37 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 000007fb2e7f2da0 6 bytes [50, 48, B8, E8, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken + 7 000007fb2e7f2da7 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb2e7f2dc0 6 bytes [50, 48, B8, 64, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 7 000007fb2e7f2dc7 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationFile + 7 000007fb2e7f2dd7 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 7 000007fb2e7f2de7 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fb2e7f2e00 6 bytes [50, 48, B8, B4, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 7 000007fb2e7f2e07 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000007fb2e7f2e50 6 bytes [50, 48, B8, 0C, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 7 000007fb2e7f2e57 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 7 000007fb2e7f2e67 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 000007fb2e7f2e90 6 bytes [50, 48, B8, F4, E8, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile + 7 000007fb2e7f2e97 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000007fb2e7f2f30 6 bytes [50, 48, B8, 3C, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 7 000007fb2e7f2f37 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fb2e7f30b0 3 bytes [50, 48, B8] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 4 000007fb2e7f30b4 2 bytes [E7, 56] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 000007fb2e7f3c31 6 bytes [50, 48, B8, 88, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken + 7 000007fb2e7f3c38 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb2e7f3c81 6 bytes [50, 48, B8, C4, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread + 7 000007fb2e7f3c88 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000007fb2e7f3dd1 6 bytes [50, 48, B8, 50, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 7 000007fb2e7f3dd8 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2c03177a 4 bytes [03, 2C, FB, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[340] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb2c031782 4 bytes [03, 2C, FB, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fb2e7f2c30 6 bytes [50, 48, B8, 90, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread + 7 000007fb2e7f2c37 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 000007fb2e7f2da0 6 bytes [50, 48, B8, E8, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken + 7 000007fb2e7f2da7 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb2e7f2dc0 6 bytes [50, 48, B8, 64, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 7 000007fb2e7f2dc7 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationFile + 7 000007fb2e7f2dd7 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 7 000007fb2e7f2de7 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fb2e7f2e00 6 bytes [50, 48, B8, B4, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 7 000007fb2e7f2e07 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000007fb2e7f2e50 6 bytes [50, 48, B8, 0C, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 7 000007fb2e7f2e57 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 7 000007fb2e7f2e67 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 000007fb2e7f2e90 6 bytes [50, 48, B8, F4, E8, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile + 7 000007fb2e7f2e97 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000007fb2e7f2f30 6 bytes [50, 48, B8, 3C, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 7 000007fb2e7f2f37 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fb2e7f30b0 3 bytes [50, 48, B8] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 4 000007fb2e7f30b4 2 bytes [E7, 56] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 000007fb2e7f3c31 6 bytes [50, 48, B8, 88, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken + 7 000007fb2e7f3c38 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb2e7f3c81 6 bytes [50, 48, B8, C4, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread + 7 000007fb2e7f3c88 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000007fb2e7f3dd1 6 bytes [50, 48, B8, 50, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 7 000007fb2e7f3dd8 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2c03177a 4 bytes [03, 2C, FB, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb2c031782 4 bytes [03, 2C, FB, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fb2e7f2c30 6 bytes [50, 48, B8, 90, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread + 7 000007fb2e7f2c37 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 000007fb2e7f2da0 6 bytes [50, 48, B8, E8, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken + 7 000007fb2e7f2da7 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb2e7f2dc0 6 bytes [50, 48, B8, 64, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 7 000007fb2e7f2dc7 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationFile + 7 000007fb2e7f2dd7 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 7 000007fb2e7f2de7 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fb2e7f2e00 6 bytes [50, 48, B8, B4, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 7 000007fb2e7f2e07 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000007fb2e7f2e50 6 bytes [50, 48, B8, 0C, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 7 000007fb2e7f2e57 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 7 000007fb2e7f2e67 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 000007fb2e7f2e90 6 bytes [50, 48, B8, F4, E8, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile + 7 000007fb2e7f2e97 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000007fb2e7f2f30 6 bytes [50, 48, B8, 3C, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 7 000007fb2e7f2f37 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fb2e7f30b0 3 bytes [50, 48, B8] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 4 000007fb2e7f30b4 2 bytes [E7, 56] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 000007fb2e7f3c31 6 bytes [50, 48, B8, 88, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken + 7 000007fb2e7f3c38 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb2e7f3c81 6 bytes [50, 48, B8, C4, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread + 7 000007fb2e7f3c88 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000007fb2e7f3dd1 6 bytes [50, 48, B8, 50, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 7 000007fb2e7f3dd8 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2c03177a 4 bytes [03, 2C, FB, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb2c031782 4 bytes [03, 2C, FB, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fb2e7f2c30 6 bytes [50, 48, B8, 90, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread + 7 000007fb2e7f2c37 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 000007fb2e7f2da0 6 bytes [50, 48, B8, E8, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken + 7 000007fb2e7f2da7 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb2e7f2dc0 6 bytes [50, 48, B8, 64, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 7 000007fb2e7f2dc7 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationFile + 7 000007fb2e7f2dd7 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 7 000007fb2e7f2de7 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fb2e7f2e00 6 bytes [50, 48, B8, B4, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 7 000007fb2e7f2e07 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000007fb2e7f2e50 6 bytes [50, 48, B8, 0C, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 7 000007fb2e7f2e57 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 7 000007fb2e7f2e67 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 000007fb2e7f2e90 6 bytes [50, 48, B8, F4, E8, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile + 7 000007fb2e7f2e97 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000007fb2e7f2f30 6 bytes [50, 48, B8, 3C, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 7 000007fb2e7f2f37 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fb2e7f30b0 3 bytes [50, 48, B8] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 4 000007fb2e7f30b4 2 bytes [E7, 56] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 000007fb2e7f3c31 6 bytes [50, 48, B8, 88, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken + 7 000007fb2e7f3c38 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb2e7f3c81 6 bytes [50, 48, B8, C4, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread + 7 000007fb2e7f3c88 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000007fb2e7f3dd1 6 bytes [50, 48, B8, 50, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 7 000007fb2e7f3dd8 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2c03177a 4 bytes [03, 2C, FB, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb2c031782 4 bytes [03, 2C, FB, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fb2e7f2c30 6 bytes [50, 48, B8, 90, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread + 7 000007fb2e7f2c37 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 000007fb2e7f2da0 6 bytes [50, 48, B8, E8, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken + 7 000007fb2e7f2da7 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb2e7f2dc0 6 bytes [50, 48, B8, 64, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 7 000007fb2e7f2dc7 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationFile + 7 000007fb2e7f2dd7 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 7 000007fb2e7f2de7 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fb2e7f2e00 6 bytes [50, 48, B8, B4, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 7 000007fb2e7f2e07 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000007fb2e7f2e50 6 bytes [50, 48, B8, 0C, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 7 000007fb2e7f2e57 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 7 000007fb2e7f2e67 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 000007fb2e7f2e90 6 bytes [50, 48, B8, F4, E8, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile + 7 000007fb2e7f2e97 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000007fb2e7f2f30 6 bytes [50, 48, B8, 3C, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 7 000007fb2e7f2f37 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fb2e7f30b0 3 bytes [50, 48, B8] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 4 000007fb2e7f30b4 2 bytes [E7, 56] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 000007fb2e7f3c31 6 bytes [50, 48, B8, 88, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken + 7 000007fb2e7f3c38 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb2e7f3c81 6 bytes [50, 48, B8, C4, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread + 7 000007fb2e7f3c88 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000007fb2e7f3dd1 6 bytes [50, 48, B8, 50, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 7 000007fb2e7f3dd8 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2c03177a 4 bytes [03, 2C, FB, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb2c031782 4 bytes [03, 2C, FB, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fb2e7f2c30 6 bytes [50, 48, B8, 90, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread + 7 000007fb2e7f2c37 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 000007fb2e7f2da0 6 bytes [50, 48, B8, E8, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken + 7 000007fb2e7f2da7 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb2e7f2dc0 6 bytes [50, 48, B8, 64, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 7 000007fb2e7f2dc7 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationFile + 7 000007fb2e7f2dd7 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 7 000007fb2e7f2de7 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fb2e7f2e00 6 bytes [50, 48, B8, B4, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 7 000007fb2e7f2e07 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000007fb2e7f2e50 6 bytes [50, 48, B8, 0C, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 7 000007fb2e7f2e57 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 7 000007fb2e7f2e67 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 000007fb2e7f2e90 6 bytes [50, 48, B8, F4, E8, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile + 7 000007fb2e7f2e97 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000007fb2e7f2f30 6 bytes [50, 48, B8, 3C, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 7 000007fb2e7f2f37 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fb2e7f30b0 3 bytes [50, 48, B8] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 4 000007fb2e7f30b4 2 bytes [E7, 56] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 000007fb2e7f3c31 6 bytes [50, 48, B8, 88, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken + 7 000007fb2e7f3c38 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb2e7f3c81 6 bytes [50, 48, B8, C4, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread + 7 000007fb2e7f3c88 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000007fb2e7f3dd1 6 bytes [50, 48, B8, 50, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 7 000007fb2e7f3dd8 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2c03177a 4 bytes [03, 2C, FB, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb2c031782 4 bytes [03, 2C, FB, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fb2e7f2c30 6 bytes [50, 48, B8, 90, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread + 7 000007fb2e7f2c37 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 000007fb2e7f2da0 6 bytes [50, 48, B8, E8, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken + 7 000007fb2e7f2da7 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb2e7f2dc0 6 bytes [50, 48, B8, 64, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 7 000007fb2e7f2dc7 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationFile + 7 000007fb2e7f2dd7 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 7 000007fb2e7f2de7 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fb2e7f2e00 6 bytes [50, 48, B8, B4, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 7 000007fb2e7f2e07 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000007fb2e7f2e50 6 bytes [50, 48, B8, 0C, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 7 000007fb2e7f2e57 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 7 000007fb2e7f2e67 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 000007fb2e7f2e90 6 bytes [50, 48, B8, F4, E8, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile + 7 000007fb2e7f2e97 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000007fb2e7f2f30 6 bytes [50, 48, B8, 3C, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 7 000007fb2e7f2f37 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fb2e7f30b0 3 bytes [50, 48, B8] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 4 000007fb2e7f30b4 2 bytes [E7, 56] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 000007fb2e7f3c31 6 bytes [50, 48, B8, 88, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken + 7 000007fb2e7f3c38 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb2e7f3c81 6 bytes [50, 48, B8, C4, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread + 7 000007fb2e7f3c88 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000007fb2e7f3dd1 6 bytes [50, 48, B8, 50, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 7 000007fb2e7f3dd8 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2c03177a 4 bytes [03, 2C, FB, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb2c031782 4 bytes [03, 2C, FB, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fb2e7f2c30 6 bytes [50, 48, B8, 90, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread + 7 000007fb2e7f2c37 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 000007fb2e7f2da0 6 bytes [50, 48, B8, E8, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken + 7 000007fb2e7f2da7 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb2e7f2dc0 6 bytes [50, 48, B8, 64, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 7 000007fb2e7f2dc7 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationFile + 7 000007fb2e7f2dd7 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 7 000007fb2e7f2de7 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fb2e7f2e00 6 bytes [50, 48, B8, B4, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 7 000007fb2e7f2e07 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000007fb2e7f2e50 6 bytes [50, 48, B8, 0C, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 7 000007fb2e7f2e57 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 7 000007fb2e7f2e67 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 000007fb2e7f2e90 6 bytes [50, 48, B8, F4, E8, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile + 7 000007fb2e7f2e97 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000007fb2e7f2f30 6 bytes [50, 48, B8, 3C, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 7 000007fb2e7f2f37 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fb2e7f30b0 3 bytes [50, 48, B8] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 4 000007fb2e7f30b4 2 bytes [E7, 56] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 000007fb2e7f3c31 6 bytes [50, 48, B8, 88, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken + 7 000007fb2e7f3c38 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb2e7f3c81 6 bytes [50, 48, B8, C4, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread + 7 000007fb2e7f3c88 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000007fb2e7f3dd1 6 bytes [50, 48, B8, 50, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 7 000007fb2e7f3dd8 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2c03177a 4 bytes [03, 2C, FB, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb2c031782 4 bytes [03, 2C, FB, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fb2e7f2c30 6 bytes [50, 48, B8, 90, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread + 7 000007fb2e7f2c37 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 000007fb2e7f2da0 6 bytes [50, 48, B8, E8, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken + 7 000007fb2e7f2da7 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb2e7f2dc0 6 bytes [50, 48, B8, 64, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 7 000007fb2e7f2dc7 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationFile + 7 000007fb2e7f2dd7 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 7 000007fb2e7f2de7 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fb2e7f2e00 6 bytes [50, 48, B8, B4, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 7 000007fb2e7f2e07 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000007fb2e7f2e50 6 bytes [50, 48, B8, 0C, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 7 000007fb2e7f2e57 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 7 000007fb2e7f2e67 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 000007fb2e7f2e90 6 bytes [50, 48, B8, F4, E8, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile + 7 000007fb2e7f2e97 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000007fb2e7f2f30 6 bytes [50, 48, B8, 3C, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 7 000007fb2e7f2f37 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fb2e7f30b0 3 bytes [50, 48, B8] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 4 000007fb2e7f30b4 2 bytes [E7, 56] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 000007fb2e7f3c31 6 bytes [50, 48, B8, 88, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken + 7 000007fb2e7f3c38 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb2e7f3c81 6 bytes [50, 48, B8, C4, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread + 7 000007fb2e7f3c88 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000007fb2e7f3dd1 6 bytes [50, 48, B8, 50, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 7 000007fb2e7f3dd8 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2c03177a 4 bytes [03, 2C, FB, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb2c031782 4 bytes [03, 2C, FB, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fb2e7f2c30 6 bytes [50, 48, B8, 90, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread + 7 000007fb2e7f2c37 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 000007fb2e7f2da0 6 bytes [50, 48, B8, E8, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken + 7 000007fb2e7f2da7 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb2e7f2dc0 6 bytes [50, 48, B8, 64, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 7 000007fb2e7f2dc7 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationFile + 7 000007fb2e7f2dd7 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 7 000007fb2e7f2de7 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fb2e7f2e00 6 bytes [50, 48, B8, B4, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 7 000007fb2e7f2e07 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000007fb2e7f2e50 6 bytes [50, 48, B8, 0C, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 7 000007fb2e7f2e57 15 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 7 000007fb2e7f2e67 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 000007fb2e7f2e90 6 bytes [50, 48, B8, F4, E8, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile + 7 000007fb2e7f2e97 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000007fb2e7f2f30 6 bytes [50, 48, B8, 3C, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 7 000007fb2e7f2f37 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fb2e7f30b0 3 bytes [50, 48, B8] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 4 000007fb2e7f30b4 2 bytes [E7, 56] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 000007fb2e7f3c31 6 bytes [50, 48, B8, 88, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken + 7 000007fb2e7f3c38 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007fb2e7f3c81 6 bytes [50, 48, B8, C4, E9, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread + 7 000007fb2e7f3c88 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000007fb2e7f3dd1 6 bytes [50, 48, B8, 50, EA, 56] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 7 000007fb2e7f3dd8 9 bytes [F7, 07, 00, 00, 48, 89, 04, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2c03177a 4 bytes [03, 2C, FB, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb2c031782 4 bytes [03, 2C, FB, 07] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!?terminate@@YAXXZ] [658b4c000002a385] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!_onexit] [b988558d48e8] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!__dllonexit] [15ff887d8948ff00] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!_unlock] [884d8b4800057dec] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!_lock] [6e0f66a8556e0f66] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!??1type_info@@UEAA@XZ] [4d8948b0458bac5d] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!_initterm] [fd25b0fd18b48a0] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!_amsg_exit] [c8b49a8452bdb5b] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!_XcptFilter] [b4458bc86e0f6624] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!memset] [110ff3c05b0fc06e] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!wcsstr] [244c110ff3282444] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!_ui64tow] [8500057c7915ff20] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!malloc] [8244489410574c0] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!vswprintf_s] [48000001289f8b49] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!_vscwprintf] [68247c896824548d] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!memcmp] [7d2615ff084b8b48] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!memcpy] [43890374c0850005] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!_wcsicmp] [1289f8b4910] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!wcstok_s] [247c897024548d48] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!iswspace] [fd15ff084b8b4870] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!wcstol] [890374c08500057c] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!calloc] [748b44b45d8b1043] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!free] [5d2b7024748b6824] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!memmove_s] [60247c89ef8b44ac] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!memcpy_s] [3b44a87d2bb07d8b] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!_wsplitpath_s] [43297ff33b2d7ff7] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!_vsnwprintf] [44217fd73b76148d] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!wcscspn] [187fc33b4476048d] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!_CxxThrowException] [c22bfa8bcb8bc78b] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!__CxxFrameHandler3] [f8d1c22b99d88b41] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!ceilf] [39ebe88b44c82b41] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!logf] [6e0f66de6e0f4166] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[msvcrt.dll!sqrtf] [db5b0fd66e0f66c7] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[SHLWAPI.dll!PathAddBackslashW] [10881c6c3800040] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[SHLWAPI.dll!PathAppendW] [ccccc3c033010000] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[SHLWAPI.dll!StrCmpIW] [187980cccccccc] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[SHLWAPI.dll!StrStrW] [c380004005b80675] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[SHLWAPI.dll!PathFindFileNameW] [ccccccccccc3c033] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[SHLWAPI.dll!StrFormatByteSizeW] [245c8948cccccccc] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[SHLWAPI.dll!StrCmpW] [798020ec83485710] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[SHLWAPI.dll!StrCmpLogicalW] [80004003b80775d2] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[SHLWAPI.dll!PathRemoveBlanksW] [648348018b4844eb] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[SHLWAPI.dll!AssocQueryKeyW] [3024548d48003024] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[SHLWAPI.dll!PathRemoveExtensionW] [30244c8b484050ff] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[SHLWAPI.dll!AssocCreate] [85480f79c085f88b] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[SHLWAPI.dll!PathFindExtensionW] [52ff118b480674c9] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[SHLWAPI.dll!StrCSpnW] [26e819ebc78b10] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!UnregisterClassA] [8b480674c9854803] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!DialogBoxParamW] [8b48c0331050ff01] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!InsertMenuW] [5f20c4834838245c] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!RemoveMenu] [ccccccccccccccc3] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!GetSubMenu] [8b4c20ec83485340] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!TrackPopupMenu] [30244c8948c933c9] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!SetFocus] [18b491974c9854d] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!SetForegroundWindow] [158d483024448d4c] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!GetForegroundWindow] [ffc98b49fff8c31c] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!GetShellWindow] [854830244c8b4810] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!LoadMenuW] [74c98548c3950fc9] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!DestroyMenu] [8a1052ff118b4806] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!GetMenuItemCount] [ccc35b20c48348c3] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!LoadStringW] [cccccccccccccccc] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!SetMenuDefaultItem] [c74840ec83485740] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!SendMessageW] [48fffffffe202444] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!SetWindowTextW] [80f98b4858245c89] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!SetDlgItemTextW] [4005b80a75001879] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!EndDialog] [8800000082e98000] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!GetDlgItem] [898b480000011891] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!GetWindowLongPtrW] [ff018b4800000110] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!SetWindowLongPtrW] [10cbf837850] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!IsDlgButtonChecked] [8d41c033455e7500] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!UnhookWindowsHookEx] [f61ae8cf8b480250] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!SendDlgItemMessageW] [5024648348ffff] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!CheckDlgButton] [cf8b485024548d48] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!EnableWindow] [c03345000006ffe8] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!ShowWindow] [f5fae8cf8b48d233] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!GetWindowLongW] [4850245c8b48ffff] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!SetWindowLongW] [88ee8cf8b48d38b] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!GetClientRect] [100a7830000] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!GetSystemMetrics] [59be8cf8b4800] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!LoadImageW] [480a74db85489000] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!GetParent] [1050ffcb8b48038b] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!IsChild] [24448b04ebc03390] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!CallNextHookEx] [834858245c8b4850] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!CreateWindowExW] [ccccccccc35f40c4] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!SetWindowPos] [187980cccccccc] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!SetWindowsHookExW] [c380004005b80675] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!GetDC] [c0330000011a9188] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!ReleaseDC] [ccccccccccccccc3] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!GetWindowRect] [5b8067500187980] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!ScreenToClient] [f0918948c3800040] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!SetTimer] [ccccc3c033000000] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!KillTimer] [187980cccccccc] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!PostMessageW] [c380004005b80675] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!GetDlgCtrlID] [bb8b81a74d285] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!DestroyIcon] [8300001388b84100] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!GetWindowTextW] [8189c0450f4102fa] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!CopyImage] [81c70aeb00000104] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!GetSysColor] [271000000104] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!GetCursorPos] [ccccccccccc3c033] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!GetClassInfoW] [7fffbffc25c01bd8] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!LoadCursorW] [ccccc38000400505] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!RegisterClassW] [75d28548cccccccc] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!FindWindowW] [80c380004003b806] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!GetWindow] [4005b80675001879] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!GetClassNameW] [b800228348c38000] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!GetWindowThreadProcessId] [ccccccc300000001] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!SendMessageTimeoutW] [75d28548cccccccc] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!SwitchToThisWindow] [80c380004003b806] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!GetLastActivePopup] [4005b80675001879] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!DestroyWindow] [c0330102c6c38000] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!RegisterClipboardFormatW] [ccccccccccccccc3] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[USER32.dll!GetMenuItemInfoW] [83485708245c8948] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdiplusShutdown] [ff118b480674c985] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdiplusStartup] [8b4827ebc38b1052] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipDrawImageRectRectI] [e8f84f8d48402454] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipSetInterpolationMode] [244c8b48000000c4] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipSetCompositingMode] [8b480674c9854838] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipCreateBitmapFromScan0] [5ebc0331050ff01] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipDrawPieI] [5c8b4880070057b8] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipFillPieI] [c35f20c483483024] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipDrawEllipseI] [cccccccccccccccc] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipCreateBitmapFromHBITMAP] [83485708245c8948] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipFree] [382464834820ec] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipAlloc] [8548f98b48ca8b4c] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipCloneImage] [8d4c028b486574d2] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipDisposeImage] [d876158d48382444] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipSaveImageToStream] [4810ffc98b49fff8] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipGetImageEncodersSize] [74c9854838244c8b] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipGetImageEncoders] [24548d48018b4847] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipCreateBitmapFromStream] [c085d88b1850ff40] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipGetImageWidth] [4838244c8b481479] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipGetImageHeight] [ff118b480674c985] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipGetImageGraphicsContext] [8b4827ebc38b1052] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipDeleteGraphics] [e8f84f8d48402454] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipCreateBitmapFromGraphics] [244c8b480000002c] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipDrawImageRect] [8b480674c9854838] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipCreateHBITMAPFromBitmap] [5ebc0331050ff01] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipCreateFromHDC] [5c8b4880070057b8] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipCreateSolidFill] [c35f20c483483024] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipDeleteBrush] [cccccccccccccccc] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipFillRectangleI] [57565518245c8948] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipCreatePen1] [5741564155415441] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipDeletePen] [ec8148d0246c8d48] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipSetSolidFillColor] [25058b4800000130] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipDrawLineI] [8948c433480004ad] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipDrawArcI] [898b48f98b4c2845] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipCreatePath] [48da8b48000000e8] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipDeletePath] [ffa8558d48985589] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipAddPathArcI] [49ff3300057a8b15] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipGetPathLastPoint] [840f00000128bf39] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipSetClipRectI] [a8458d4c000002c7] IAT C:\WINDOWS\Explorer.EXE[2332] @ C:\WINDOWS\system32\wpdshext.dll[gdiplus.dll!GdipFillEllipseI] [e8d38b48c04d8d48] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fb6e4e0030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] @ C:\WINDOWS\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] @ C:\WINDOWS\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] @ C:\WINDOWS\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] @ C:\WINDOWS\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] @ C:\WINDOWS\system32\ole32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6\COMCTL32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6\COMCTL32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3132] @ C:\WINDOWS\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fb003e5484] C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fb6e4e0030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] @ C:\WINDOWS\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] @ C:\WINDOWS\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] @ C:\WINDOWS\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] @ C:\WINDOWS\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] @ C:\WINDOWS\system32\ole32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6\COMCTL32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6\COMCTL32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] @ C:\WINDOWS\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fb003e5484] C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fb6e4e0030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] @ C:\WINDOWS\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] @ C:\WINDOWS\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] @ C:\WINDOWS\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] @ C:\WINDOWS\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] @ C:\WINDOWS\system32\ole32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6\COMCTL32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6\COMCTL32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2500] @ C:\WINDOWS\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fb003e5484] C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fb6e4e0030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] @ C:\WINDOWS\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] @ C:\WINDOWS\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] @ C:\WINDOWS\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] @ C:\WINDOWS\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] @ C:\WINDOWS\system32\ole32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6\COMCTL32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6\COMCTL32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1808] @ C:\WINDOWS\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fb003e5484] C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fb6e4e0030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] @ C:\WINDOWS\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] @ C:\WINDOWS\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] @ C:\WINDOWS\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] @ C:\WINDOWS\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] @ C:\WINDOWS\system32\ole32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6\COMCTL32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6\COMCTL32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3032] @ C:\WINDOWS\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fb003e5484] C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fb6e4e0030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] @ C:\WINDOWS\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] @ C:\WINDOWS\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] @ C:\WINDOWS\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] @ C:\WINDOWS\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] @ C:\WINDOWS\system32\ole32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6\COMCTL32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6\COMCTL32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1016] @ C:\WINDOWS\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fb003e5484] C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fb6e4e0030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] @ C:\WINDOWS\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] @ C:\WINDOWS\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] @ C:\WINDOWS\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] @ C:\WINDOWS\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] @ C:\WINDOWS\system32\ole32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6\COMCTL32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6\COMCTL32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] @ C:\WINDOWS\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fb003e5484] C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fb6e4e0030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] @ C:\WINDOWS\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] @ C:\WINDOWS\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] @ C:\WINDOWS\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] @ C:\WINDOWS\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] @ C:\WINDOWS\system32\ole32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6\COMCTL32.dll[GDI32.dll!GetStockObject] [7fb6e4e0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6\COMCTL32.dll[USER32.dll!RegisterClassW] [7fb6da50030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4688] @ C:\WINDOWS\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fb003e5484] C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1640] @ C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\PepperFlash\pepflashplayer.dll[KERNEL32.dll!CreateNamedPipeW] [7fb6dfa0030] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [540:564] fffff960008605e8 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [2504:2508] 00000000004ee86e Thread C:\WINDOWS\SYSTEM32\ntdll.dll [2504:2872] 0000000074ff304c Thread C:\WINDOWS\SysWOW64\msiexec.exe [3828:3848] 000000007ed8392e Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3936:3956] 00000000008fa56e Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3936:3644] 0000000073ad97fe Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3936:2808] 000000006a6faec5 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3936:3040] 0000000074ff304c ---- Processes - GMER 2.1 ---- Process C:\Users\Lenovo\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe (*** suspicious ***) @ C:\Users\Lenovo\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [1620] (Microsoft® Volume Shadow Copy Service/Microsoft Corporation)(2015-06-23 10:32:02) 0000000000400000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----