GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-03 21:27:28 Windows 6.2.9200 x64 \Device\Harddisk1\DR1 -> \Device\0000003b Crucial_CT480M500SSD1 rev.MU03 447,13GB Running: GMER.exe; Driver: C:\Users\User\AppData\Local\Temp\awrdipob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb104a4b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb104a4f3c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb104a5216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb104a540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb104a57af 8 bytes [30, 6E, 61, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb104a5964 8 bytes [20, 6E, 61, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb104a5f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb104a5f5e 8 bytes [F0, 6D, 61, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffb10521280 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 00007ffb10521286 8 bytes [50, 04, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb105212a0 8 bytes {JMP QWORD [RIP-0x7b63e]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffb105212d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 6 00007ffb105212d6 8 bytes [40, 04, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb10521420 8 bytes {JMP QWORD [RIP-0x7b525]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffb10521430 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 6 00007ffb10521436 8 bytes [60, 03, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb10521450 8 bytes {JMP QWORD [RIP-0x7bca7]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffb10521480 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 00007ffb10521486 8 bytes [60, 04, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffb10521490 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 00007ffb10521496 8 bytes [D0, 03, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffb10521540 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 6 00007ffb10521546 8 bytes [10, 03, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb10521570 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 00007ffb10521576 8 bytes [A0, 03, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffb10521590 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 00007ffb10521596 8 bytes [80, 03, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffb105215d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 6 00007ffb105215d6 8 bytes [D0, 02, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb10521620 8 bytes {JMP QWORD [RIP-0x7bcc2]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffb10521650 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 6 00007ffb10521656 8 bytes [C0, 02, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffb10521670 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 7 00007ffb10521677 7 bytes [03, 87, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffb105216b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 6 00007ffb105216b6 8 bytes [B0, 03, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffb10521700 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 6 00007ffb10521706 8 bytes [E0, 03, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffb10521860 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 00007ffb10521866 8 bytes [20, 02, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffb10521a50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 00007ffb10521a56 8 bytes [70, 04, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffb10521a80 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 00007ffb10521a86 8 bytes [90, 03, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffb10521ba0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 00007ffb10521ba6 8 bytes [E0, 02, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffb10521bc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 00007ffb10521bc6 8 bytes [40, 03, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffb10521c30 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 6 00007ffb10521c36 8 bytes [80, 02, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffb10521cc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 00007ffb10521cc6 8 bytes [A0, 02, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb10521ce0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 00007ffb10521ce6 8 bytes [C0, 03, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffb10521cf0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 6 00007ffb10521cf6 8 bytes [20, 03, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffb10521da0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 00007ffb10521da7 7 bytes [04, 87, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffb10521dd0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 00007ffb10521dd6 8 bytes [30, 02, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb10521fe0 8 bytes {JMP QWORD [RIP-0x7c088]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffb105220f0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 6 00007ffb105220f6 8 bytes [D0, 01, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffb105221b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 00007ffb105221b6 8 bytes [40, 02, 87, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffb105221e0 4 bytes [FF, 25, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 5 00007ffb105221e5 9 bytes [00, 80, 04, 87, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffb105221f0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffb10522220 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffb10522230 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffb10522290 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffb105222e0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffb10522310 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffb10522320 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffb10522630 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffb10522830 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffb10522840 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb10522860 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffb10522a40 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffb10522a50 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 00007ffb10522a57 7 bytes [02, 87, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffb10522ae0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffb10522b50 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffb10522b60 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffb10522b70 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffb10522c80 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077d713f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077d71583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077d71621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077d71674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077d716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077d716e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4176] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077d71727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb104a4b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb104a4f3c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb104a5216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb104a540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb104a57af 8 bytes [30, 6E, 07, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb104a5964 8 bytes [20, 6E, 07, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb104a5f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb104a5f5e 8 bytes [F0, 6D, 07, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffb10521280 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 00007ffb10521286 8 bytes [50, 04, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb105212a0 8 bytes {JMP QWORD [RIP-0x7b63e]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffb105212d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 6 00007ffb105212d6 8 bytes [40, 04, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb10521420 8 bytes {JMP QWORD [RIP-0x7b525]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffb10521430 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 6 00007ffb10521436 8 bytes [60, 03, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb10521450 8 bytes {JMP QWORD [RIP-0x7bca7]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffb10521480 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 00007ffb10521486 8 bytes [60, 04, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffb10521490 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 00007ffb10521496 8 bytes [D0, 03, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffb10521540 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 6 00007ffb10521546 8 bytes [10, 03, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb10521570 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 00007ffb10521576 8 bytes [A0, 03, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffb10521590 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 00007ffb10521596 8 bytes [80, 03, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffb105215d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 6 00007ffb105215d6 8 bytes [D0, 02, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb10521620 8 bytes {JMP QWORD [RIP-0x7bcc2]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffb10521650 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 6 00007ffb10521656 8 bytes [C0, 02, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffb10521670 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 7 00007ffb10521677 7 bytes [03, F2, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffb105216b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 6 00007ffb105216b6 8 bytes [B0, 03, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffb10521700 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 6 00007ffb10521706 8 bytes [E0, 03, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffb10521860 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 00007ffb10521866 8 bytes [20, 02, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffb10521a50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 00007ffb10521a56 8 bytes [70, 04, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffb10521a80 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 00007ffb10521a86 8 bytes [90, 03, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffb10521ba0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 00007ffb10521ba6 8 bytes [E0, 02, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffb10521bc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 00007ffb10521bc6 8 bytes [40, 03, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffb10521c30 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 6 00007ffb10521c36 8 bytes [80, 02, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffb10521cc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 00007ffb10521cc6 8 bytes [A0, 02, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb10521ce0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 00007ffb10521ce6 8 bytes [C0, 03, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffb10521cf0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 6 00007ffb10521cf6 8 bytes [20, 03, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffb10521da0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 00007ffb10521da7 7 bytes [04, F2, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffb10521dd0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 00007ffb10521dd6 8 bytes [30, 02, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb10521fe0 8 bytes {JMP QWORD [RIP-0x7c088]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffb105220f0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 6 00007ffb105220f6 8 bytes [D0, 01, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffb105221b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 00007ffb105221b6 8 bytes [40, 02, F2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffb105221e0 4 bytes [FF, 25, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 5 00007ffb105221e5 9 bytes [00, 80, 04, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffb105221f0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffb10522220 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffb10522230 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffb10522290 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffb105222e0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffb10522310 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffb10522320 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffb10522630 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffb10522830 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffb10522840 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb10522860 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffb10522a40 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffb10522a50 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 00007ffb10522a57 7 bytes [02, F2, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffb10522ae0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffb10522b50 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffb10522b60 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffb10522b70 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffb10522c80 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077d713f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077d71583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077d71621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077d71674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077d716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077d716e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[5196] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077d71727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb104a4b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb104a4f3c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb104a5216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb104a540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb104a57af 8 bytes [30, 6E, 97, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb104a5964 8 bytes [20, 6E, 97, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb104a5f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb104a5f5e 8 bytes [F0, 6D, 97, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffb10521280 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 00007ffb10521286 8 bytes [50, 04, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb105212a0 8 bytes {JMP QWORD [RIP-0x7b63e]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffb105212d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 6 00007ffb105212d6 8 bytes [40, 04, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb10521420 8 bytes {JMP QWORD [RIP-0x7b525]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffb10521430 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 6 00007ffb10521436 8 bytes [60, 03, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb10521450 8 bytes {JMP QWORD [RIP-0x7bca7]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffb10521480 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 00007ffb10521486 8 bytes [60, 04, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffb10521490 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 00007ffb10521496 8 bytes [D0, 03, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffb10521540 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 6 00007ffb10521546 8 bytes [10, 03, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb10521570 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 00007ffb10521576 8 bytes [A0, 03, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffb10521590 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 00007ffb10521596 8 bytes [80, 03, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffb105215d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 6 00007ffb105215d6 8 bytes [D0, 02, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb10521620 8 bytes {JMP QWORD [RIP-0x7bcc2]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffb10521650 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 6 00007ffb10521656 8 bytes [C0, 02, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffb10521670 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 7 00007ffb10521677 7 bytes [03, 9B, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffb105216b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 6 00007ffb105216b6 8 bytes [B0, 03, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffb10521700 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 6 00007ffb10521706 8 bytes [E0, 03, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffb10521860 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 00007ffb10521866 8 bytes [20, 02, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffb10521a50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 00007ffb10521a56 8 bytes [70, 04, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffb10521a80 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 00007ffb10521a86 8 bytes [90, 03, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffb10521ba0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 00007ffb10521ba6 8 bytes [E0, 02, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffb10521bc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 00007ffb10521bc6 8 bytes [40, 03, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffb10521c30 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 6 00007ffb10521c36 8 bytes [80, 02, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffb10521cc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 00007ffb10521cc6 8 bytes [A0, 02, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb10521ce0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 00007ffb10521ce6 8 bytes [C0, 03, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffb10521cf0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 6 00007ffb10521cf6 8 bytes [20, 03, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffb10521da0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 00007ffb10521da7 7 bytes [04, 9B, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffb10521dd0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 00007ffb10521dd6 8 bytes [30, 02, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb10521fe0 8 bytes {JMP QWORD [RIP-0x7c088]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffb105220f0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 6 00007ffb105220f6 8 bytes [D0, 01, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffb105221b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 00007ffb105221b6 8 bytes [40, 02, 9B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffb105221e0 4 bytes [FF, 25, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 5 00007ffb105221e5 9 bytes [00, 80, 04, 9B, 00, 00, 00, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffb105221f0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffb10522220 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffb10522230 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffb10522290 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffb105222e0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffb10522310 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffb10522320 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffb10522630 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffb10522830 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffb10522840 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb10522860 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffb10522a40 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffb10522a50 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 00007ffb10522a57 7 bytes [02, 9B, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffb10522ae0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffb10522b50 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffb10522b60 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffb10522b70 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffb10522c80 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077d713f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077d71583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077d71621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077d71674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077d716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077d716e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe[6216] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077d71727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb104a4b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb104a4f3c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb104a5216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb104a540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb104a57af 8 bytes [30, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb104a5964 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb104a5f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb104a5f5e 8 bytes [F0, 6D, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffb10521280 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 00007ffb10521286 8 bytes [50, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb105212a0 8 bytes {JMP QWORD [RIP-0x7b63e]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffb105212d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 6 00007ffb105212d6 8 bytes [40, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb10521420 8 bytes {JMP QWORD [RIP-0x7b525]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffb10521430 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 6 00007ffb10521436 8 bytes [60, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb10521450 8 bytes {JMP QWORD [RIP-0x7bca7]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffb10521480 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 00007ffb10521486 8 bytes [60, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffb10521490 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 00007ffb10521496 8 bytes [D0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffb10521540 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 6 00007ffb10521546 8 bytes [10, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb10521570 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 00007ffb10521576 8 bytes [A0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffb10521590 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 00007ffb10521596 8 bytes [80, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffb105215d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 6 00007ffb105215d6 8 bytes [D0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb10521620 8 bytes {JMP QWORD [RIP-0x7bcc2]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffb10521650 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 6 00007ffb10521656 8 bytes [C0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffb10521670 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 7 00007ffb10521677 7 bytes [03, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffb105216b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 6 00007ffb105216b6 8 bytes [B0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffb10521700 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 6 00007ffb10521706 8 bytes [E0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffb10521860 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 00007ffb10521866 8 bytes [20, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffb10521a50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 00007ffb10521a56 8 bytes [70, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffb10521a80 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 00007ffb10521a86 8 bytes [90, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffb10521ba0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 00007ffb10521ba6 8 bytes [E0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffb10521bc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 00007ffb10521bc6 8 bytes [40, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffb10521c30 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 6 00007ffb10521c36 8 bytes [80, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffb10521cc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 00007ffb10521cc6 8 bytes [A0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb10521ce0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 00007ffb10521ce6 8 bytes [C0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffb10521cf0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 6 00007ffb10521cf6 8 bytes [20, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffb10521da0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 00007ffb10521da7 7 bytes [04, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffb10521dd0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 00007ffb10521dd6 8 bytes [30, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb10521fe0 8 bytes {JMP QWORD [RIP-0x7c088]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffb105220f0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 6 00007ffb105220f6 8 bytes [D0, 01, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffb105221b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 00007ffb105221b6 8 bytes [40, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffb105221e0 4 bytes [FF, 25, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 5 00007ffb105221e5 9 bytes [00, 80, 04, 1C, 00, 00, 00, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffb105221f0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffb10522220 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffb10522230 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffb10522290 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffb105222e0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffb10522310 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffb10522320 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffb10522630 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffb10522830 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffb10522840 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb10522860 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffb10522a40 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffb10522a50 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 00007ffb10522a57 7 bytes [02, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffb10522ae0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffb10522b50 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffb10522b60 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffb10522b70 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffb10522c80 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077d713f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077d71583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077d71621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077d71674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077d716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077d716e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe[6888] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077d71727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb104a4b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb104a4f3c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb104a5216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb104a540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb104a57af 8 bytes [30, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb104a5964 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb104a5f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb104a5f5e 8 bytes [F0, 6D, F8, 7F, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffb10521280 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 00007ffb10521286 8 bytes [50, 04, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb105212a0 8 bytes {JMP QWORD [RIP-0x7b63e]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffb105212d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 6 00007ffb105212d6 8 bytes [40, 04, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb10521420 8 bytes {JMP QWORD [RIP-0x7b525]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffb10521430 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 6 00007ffb10521436 8 bytes [60, 03, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb10521450 8 bytes {JMP QWORD [RIP-0x7bca7]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffb10521480 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 00007ffb10521486 8 bytes [60, 04, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffb10521490 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 00007ffb10521496 8 bytes [D0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffb10521540 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 6 00007ffb10521546 8 bytes [10, 03, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb10521570 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 00007ffb10521576 8 bytes [A0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffb10521590 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 00007ffb10521596 8 bytes [80, 03, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffb105215d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 6 00007ffb105215d6 8 bytes [D0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb10521620 8 bytes {JMP QWORD [RIP-0x7bcc2]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffb10521650 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 6 00007ffb10521656 8 bytes [C0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffb10521670 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 7 00007ffb10521677 7 bytes [03, 1C, 00, 00, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffb105216b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 6 00007ffb105216b6 8 bytes [B0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffb10521700 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 6 00007ffb10521706 8 bytes [E0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffb10521860 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 00007ffb10521866 8 bytes [20, 02, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffb10521a50 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 00007ffb10521a56 8 bytes [70, 04, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffb10521a80 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 00007ffb10521a86 8 bytes [90, 03, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffb10521ba0 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 00007ffb10521ba6 8 bytes [E0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffb10521bc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 00007ffb10521bc6 8 bytes [40, 03, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffb10521c30 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 6 00007ffb10521c36 8 bytes [80, 02, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffb10521cc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 00007ffb10521cc6 8 bytes [A0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb10521ce0 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 00007ffb10521ce6 8 bytes [C0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffb10521cf0 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 6 00007ffb10521cf6 8 bytes [20, 03, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffb10521da0 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 00007ffb10521da7 7 bytes [04, 1C, 00, 00, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffb10521dd0 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 00007ffb10521dd6 8 bytes [30, 02, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb10521fe0 8 bytes {JMP QWORD [RIP-0x7c088]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffb105220f0 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 6 00007ffb105220f6 8 bytes [D0, 01, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffb105221b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 00007ffb105221b6 8 bytes [40, 02, 1C, 00, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffb105221e0 4 bytes [FF, 25, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 5 00007ffb105221e5 9 bytes [00, 80, 04, 1C, 00, 00, 00, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffb105221f0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffb10522220 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffb10522230 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffb10522290 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffb105222e0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffb10522310 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffb10522320 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffb10522630 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffb10522830 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffb10522840 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb10522860 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffb10522a40 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffb10522a50 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 00007ffb10522a57 7 bytes [02, 1C, 00, 00, 00, 00, 00] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffb10522ae0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffb10522b50 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffb10522b60 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffb10522b70 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffb10522c80 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077d713f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077d71583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077d71621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077d71674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077d716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077d716e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[7072] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077d71727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb104a4b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb104a4f3c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb104a5216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb104a540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb104a57af 8 bytes [30, 6E, A4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb104a5964 8 bytes [20, 6E, A4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb104a5f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb104a5f5e 8 bytes [F0, 6D, A4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffb10521280 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 00007ffb10521286 8 bytes [50, 04, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb105212a0 8 bytes {JMP QWORD [RIP-0x7b63e]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffb105212d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 6 00007ffb105212d6 8 bytes [40, 04, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb10521420 8 bytes {JMP QWORD [RIP-0x7b525]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffb10521430 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 6 00007ffb10521436 8 bytes [60, 03, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb10521450 8 bytes {JMP QWORD [RIP-0x7bca7]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffb10521480 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 00007ffb10521486 8 bytes [60, 04, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffb10521490 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 00007ffb10521496 8 bytes [D0, 03, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffb10521540 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 6 00007ffb10521546 8 bytes [10, 03, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb10521570 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 00007ffb10521576 8 bytes [A0, 03, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffb10521590 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 00007ffb10521596 8 bytes [80, 03, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffb105215d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 6 00007ffb105215d6 8 bytes [D0, 02, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb10521620 8 bytes {JMP QWORD [RIP-0x7bcc2]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffb10521650 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 6 00007ffb10521656 8 bytes [C0, 02, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffb10521670 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 7 00007ffb10521677 7 bytes [03, EA, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffb105216b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 6 00007ffb105216b6 8 bytes [B0, 03, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffb10521700 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 6 00007ffb10521706 8 bytes [E0, 03, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffb10521860 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 00007ffb10521866 8 bytes [20, 02, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffb10521a50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 00007ffb10521a56 8 bytes [70, 04, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffb10521a80 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 00007ffb10521a86 8 bytes [90, 03, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffb10521ba0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 00007ffb10521ba6 8 bytes [E0, 02, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffb10521bc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 00007ffb10521bc6 8 bytes [40, 03, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffb10521c30 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 6 00007ffb10521c36 8 bytes [80, 02, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffb10521cc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 00007ffb10521cc6 8 bytes [A0, 02, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb10521ce0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 00007ffb10521ce6 8 bytes [C0, 03, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffb10521cf0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 6 00007ffb10521cf6 8 bytes [20, 03, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffb10521da0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 00007ffb10521da7 7 bytes [04, EA, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffb10521dd0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 00007ffb10521dd6 8 bytes [30, 02, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb10521fe0 8 bytes {JMP QWORD [RIP-0x7c088]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffb105220f0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 6 00007ffb105220f6 8 bytes [D0, 01, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffb105221b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 00007ffb105221b6 8 bytes [40, 02, EA, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffb105221e0 4 bytes [FF, 25, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 5 00007ffb105221e5 9 bytes [00, 80, 04, EA, 00, 00, 00, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffb105221f0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffb10522220 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffb10522230 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffb10522290 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffb105222e0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffb10522310 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffb10522320 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffb10522630 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffb10522830 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffb10522840 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb10522860 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffb10522a40 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffb10522a50 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 00007ffb10522a57 7 bytes [02, EA, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffb10522ae0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffb10522b50 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffb10522b60 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffb10522b70 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffb10522c80 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077d713f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077d71583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077d71621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077d71674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077d716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077d716e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[7492] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077d71727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb104a4b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb104a4f3c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb104a5216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb104a540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb104a57af 8 bytes [30, 6E, 5A, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb104a5964 8 bytes [20, 6E, 5A, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb104a5f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb104a5f5e 8 bytes [F0, 6D, 5A, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffb10521280 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 00007ffb10521286 8 bytes [50, 04, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb105212a0 8 bytes {JMP QWORD [RIP-0x7b63e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffb105212d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 6 00007ffb105212d6 8 bytes [40, 04, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb10521420 8 bytes {JMP QWORD [RIP-0x7b525]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffb10521430 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 6 00007ffb10521436 8 bytes [60, 03, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb10521450 8 bytes {JMP QWORD [RIP-0x7bca7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffb10521480 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 00007ffb10521486 8 bytes [60, 04, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffb10521490 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 00007ffb10521496 8 bytes [D0, 03, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffb10521540 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 6 00007ffb10521546 8 bytes [10, 03, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb10521570 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 00007ffb10521576 8 bytes [A0, 03, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffb10521590 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 00007ffb10521596 8 bytes [80, 03, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffb105215d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 6 00007ffb105215d6 8 bytes [D0, 02, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb10521620 8 bytes {JMP QWORD [RIP-0x7bcc2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffb10521650 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 6 00007ffb10521656 8 bytes [C0, 02, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffb10521670 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 7 00007ffb10521677 7 bytes [03, 0E, 01, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffb105216b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 6 00007ffb105216b6 8 bytes [B0, 03, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffb10521700 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 6 00007ffb10521706 8 bytes [E0, 03, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffb10521860 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 00007ffb10521866 8 bytes [20, 02, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffb10521a50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 00007ffb10521a56 8 bytes [70, 04, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffb10521a80 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 00007ffb10521a86 8 bytes [90, 03, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffb10521ba0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 00007ffb10521ba6 8 bytes [E0, 02, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffb10521bc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 00007ffb10521bc6 8 bytes [40, 03, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffb10521c30 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 6 00007ffb10521c36 8 bytes [80, 02, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffb10521cc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 00007ffb10521cc6 8 bytes [A0, 02, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb10521ce0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 00007ffb10521ce6 8 bytes [C0, 03, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffb10521cf0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 6 00007ffb10521cf6 8 bytes [20, 03, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffb10521da0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 00007ffb10521da7 7 bytes [04, 0E, 01, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffb10521dd0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 00007ffb10521dd6 8 bytes [30, 02, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb10521fe0 8 bytes {JMP QWORD [RIP-0x7c088]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffb105220f0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 6 00007ffb105220f6 8 bytes [D0, 01, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffb105221b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 00007ffb105221b6 8 bytes [40, 02, 0E, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffb105221e0 4 bytes [FF, 25, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 5 00007ffb105221e5 9 bytes [00, 80, 04, 0E, 01, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffb105221f0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffb10522220 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffb10522230 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffb10522290 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffb105222e0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffb10522310 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffb10522320 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffb10522630 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffb10522830 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffb10522840 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb10522860 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffb10522a40 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffb10522a50 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 00007ffb10522a57 7 bytes [02, 0E, 01, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffb10522ae0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffb10522b50 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffb10522b60 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffb10522b70 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffb10522c80 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077d713f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077d71583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077d71621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077d71674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077d716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077d716e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7356] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077d71727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb104a4b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb104a4f3c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb104a5216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb104a540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb104a57af 8 bytes [30, 6E, 7B, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb104a5964 8 bytes [20, 6E, 7B, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb104a5f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb104a5f5e 8 bytes [F0, 6D, 7B, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffb10521280 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 00007ffb10521286 8 bytes [50, 04, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb105212a0 8 bytes {JMP QWORD [RIP-0x7b63e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffb105212d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 6 00007ffb105212d6 8 bytes [40, 04, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb10521420 8 bytes {JMP QWORD [RIP-0x7b525]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffb10521430 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 6 00007ffb10521436 8 bytes [60, 03, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb10521450 8 bytes {JMP QWORD [RIP-0x7bca7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffb10521480 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 00007ffb10521486 8 bytes [60, 04, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffb10521490 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 00007ffb10521496 8 bytes [D0, 03, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffb10521540 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 6 00007ffb10521546 8 bytes [10, 03, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb10521570 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 00007ffb10521576 8 bytes [A0, 03, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffb10521590 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 00007ffb10521596 8 bytes [80, 03, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffb105215d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 6 00007ffb105215d6 8 bytes [D0, 02, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb10521620 8 bytes {JMP QWORD [RIP-0x7bcc2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffb10521650 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 6 00007ffb10521656 8 bytes [C0, 02, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffb10521670 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 7 00007ffb10521677 7 bytes [03, 96, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffb105216b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 6 00007ffb105216b6 8 bytes [B0, 03, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffb10521700 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 6 00007ffb10521706 8 bytes [E0, 03, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffb10521860 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 00007ffb10521866 8 bytes [20, 02, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffb10521a50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 00007ffb10521a56 8 bytes [70, 04, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffb10521a80 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 00007ffb10521a86 8 bytes [90, 03, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffb10521ba0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 00007ffb10521ba6 8 bytes [E0, 02, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffb10521bc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 00007ffb10521bc6 8 bytes [40, 03, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffb10521c30 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 6 00007ffb10521c36 8 bytes [80, 02, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffb10521cc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 00007ffb10521cc6 8 bytes [A0, 02, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb10521ce0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 00007ffb10521ce6 8 bytes [C0, 03, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffb10521cf0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 6 00007ffb10521cf6 8 bytes [20, 03, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffb10521da0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 00007ffb10521da7 7 bytes [04, 96, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffb10521dd0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 00007ffb10521dd6 8 bytes [30, 02, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb10521fe0 8 bytes {JMP QWORD [RIP-0x7c088]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffb105220f0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 6 00007ffb105220f6 8 bytes [D0, 01, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffb105221b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 00007ffb105221b6 8 bytes [40, 02, 96, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffb105221e0 4 bytes [FF, 25, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 5 00007ffb105221e5 9 bytes [00, 80, 04, 96, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffb105221f0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffb10522220 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffb10522230 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffb10522290 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffb105222e0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffb10522310 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffb10522320 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffb10522630 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffb10522830 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffb10522840 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb10522860 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffb10522a40 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffb10522a50 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 00007ffb10522a57 7 bytes [02, 96, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffb10522ae0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffb10522b50 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffb10522b60 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffb10522b70 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffb10522c80 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077d713f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077d71583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077d71621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077d71674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077d716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077d716e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7480] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077d71727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb104a4b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb104a4f3c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb104a5216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb104a540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb104a57af 8 bytes [30, 6E, 6E, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb104a5964 8 bytes [20, 6E, 6E, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb104a5f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb104a5f5e 8 bytes [F0, 6D, 6E, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffb10521280 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 00007ffb10521286 8 bytes [50, 04, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb105212a0 8 bytes {JMP QWORD [RIP-0x7b63e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffb105212d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 6 00007ffb105212d6 8 bytes [40, 04, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb10521420 8 bytes {JMP QWORD [RIP-0x7b525]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffb10521430 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 6 00007ffb10521436 8 bytes [60, 03, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb10521450 8 bytes {JMP QWORD [RIP-0x7bca7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffb10521480 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 00007ffb10521486 8 bytes [60, 04, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffb10521490 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 00007ffb10521496 8 bytes [D0, 03, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffb10521540 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 6 00007ffb10521546 8 bytes [10, 03, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb10521570 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 00007ffb10521576 8 bytes [A0, 03, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffb10521590 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 00007ffb10521596 8 bytes [80, 03, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffb105215d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 6 00007ffb105215d6 8 bytes [D0, 02, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb10521620 8 bytes {JMP QWORD [RIP-0x7bcc2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffb10521650 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 6 00007ffb10521656 8 bytes [C0, 02, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffb10521670 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 7 00007ffb10521677 7 bytes [03, B5, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffb105216b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 6 00007ffb105216b6 8 bytes [B0, 03, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffb10521700 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 6 00007ffb10521706 8 bytes [E0, 03, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffb10521860 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 00007ffb10521866 8 bytes [20, 02, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffb10521a50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 00007ffb10521a56 8 bytes [70, 04, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffb10521a80 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 00007ffb10521a86 8 bytes [90, 03, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffb10521ba0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 00007ffb10521ba6 8 bytes [E0, 02, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffb10521bc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 00007ffb10521bc6 8 bytes [40, 03, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffb10521c30 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 6 00007ffb10521c36 8 bytes [80, 02, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffb10521cc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 00007ffb10521cc6 8 bytes [A0, 02, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb10521ce0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 00007ffb10521ce6 8 bytes [C0, 03, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffb10521cf0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 6 00007ffb10521cf6 8 bytes [20, 03, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffb10521da0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 00007ffb10521da7 7 bytes [04, B5, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffb10521dd0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 00007ffb10521dd6 8 bytes [30, 02, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb10521fe0 8 bytes {JMP QWORD [RIP-0x7c088]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffb105220f0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 6 00007ffb105220f6 8 bytes [D0, 01, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffb105221b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 00007ffb105221b6 8 bytes [40, 02, B5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffb105221e0 4 bytes [FF, 25, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 5 00007ffb105221e5 9 bytes [00, 80, 04, B5, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffb105221f0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffb10522220 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffb10522230 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffb10522290 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffb105222e0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffb10522310 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffb10522320 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffb10522630 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffb10522830 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffb10522840 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb10522860 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffb10522a40 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffb10522a50 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 00007ffb10522a57 7 bytes [02, B5, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffb10522ae0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffb10522b50 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffb10522b60 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffb10522b70 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffb10522c80 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077d713f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077d71583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077d71621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077d71674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077d716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077d716e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077d71727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb104a4b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb104a4f3c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb104a5216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb104a540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb104a57af 8 bytes [30, 6E, 56, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb104a5964 8 bytes [20, 6E, 56, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb104a5f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb104a5f5e 8 bytes [F0, 6D, 56, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffb10521280 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 00007ffb10521286 8 bytes [50, 04, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb105212a0 8 bytes {JMP QWORD [RIP-0x7b63e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffb105212d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 6 00007ffb105212d6 8 bytes [40, 04, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb10521420 8 bytes {JMP QWORD [RIP-0x7b525]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffb10521430 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 6 00007ffb10521436 8 bytes [60, 03, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb10521450 8 bytes {JMP QWORD [RIP-0x7bca7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffb10521480 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 00007ffb10521486 8 bytes [60, 04, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffb10521490 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 00007ffb10521496 8 bytes [D0, 03, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffb10521540 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 6 00007ffb10521546 8 bytes [10, 03, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb10521570 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 00007ffb10521576 8 bytes [A0, 03, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffb10521590 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 00007ffb10521596 8 bytes [80, 03, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffb105215d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 6 00007ffb105215d6 8 bytes [D0, 02, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb10521620 8 bytes {JMP QWORD [RIP-0x7bcc2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffb10521650 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 6 00007ffb10521656 8 bytes [C0, 02, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffb10521670 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 7 00007ffb10521677 7 bytes [03, C7, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffb105216b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 6 00007ffb105216b6 8 bytes [B0, 03, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffb10521700 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 6 00007ffb10521706 8 bytes [E0, 03, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffb10521860 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 00007ffb10521866 8 bytes [20, 02, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffb10521a50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 00007ffb10521a56 8 bytes [70, 04, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffb10521a80 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 00007ffb10521a86 8 bytes [90, 03, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffb10521ba0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 00007ffb10521ba6 8 bytes [E0, 02, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffb10521bc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 00007ffb10521bc6 8 bytes [40, 03, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffb10521c30 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 6 00007ffb10521c36 8 bytes [80, 02, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffb10521cc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 00007ffb10521cc6 8 bytes [A0, 02, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb10521ce0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 00007ffb10521ce6 8 bytes [C0, 03, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffb10521cf0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 6 00007ffb10521cf6 8 bytes [20, 03, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffb10521da0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 00007ffb10521da7 7 bytes [04, C7, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffb10521dd0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 00007ffb10521dd6 8 bytes [30, 02, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb10521fe0 8 bytes {JMP QWORD [RIP-0x7c088]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffb105220f0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 6 00007ffb105220f6 8 bytes [D0, 01, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffb105221b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 00007ffb105221b6 8 bytes [40, 02, C7, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffb105221e0 4 bytes [FF, 25, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 5 00007ffb105221e5 9 bytes [00, 80, 04, C7, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffb105221f0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffb10522220 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffb10522230 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffb10522290 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffb105222e0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffb10522310 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffb10522320 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffb10522630 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffb10522830 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffb10522840 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb10522860 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffb10522a40 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffb10522a50 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 00007ffb10522a57 7 bytes [02, C7, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffb10522ae0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffb10522b50 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffb10522b60 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffb10522b70 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffb10522c80 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077d713f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077d71583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077d71621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077d71674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077d716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077d716e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3704] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077d71727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb104a4b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb104a4f3c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb104a5216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb104a540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb104a57af 8 bytes [30, 6E, 05, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb104a5964 8 bytes [20, 6E, 05, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb104a5f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb104a5f5e 8 bytes [F0, 6D, 05, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffb10521280 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 00007ffb10521286 8 bytes [50, 04, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb105212a0 8 bytes {JMP QWORD [RIP-0x7b63e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffb105212d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 6 00007ffb105212d6 8 bytes [40, 04, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb10521420 8 bytes {JMP QWORD [RIP-0x7b525]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffb10521430 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 6 00007ffb10521436 8 bytes [60, 03, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb10521450 8 bytes {JMP QWORD [RIP-0x7bca7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffb10521480 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 00007ffb10521486 8 bytes [60, 04, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffb10521490 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 00007ffb10521496 8 bytes [D0, 03, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffb10521540 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 6 00007ffb10521546 8 bytes [10, 03, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb10521570 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 00007ffb10521576 8 bytes [A0, 03, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffb10521590 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 00007ffb10521596 8 bytes [80, 03, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffb105215d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 6 00007ffb105215d6 8 bytes [D0, 02, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb10521620 8 bytes {JMP QWORD [RIP-0x7bcc2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffb10521650 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 6 00007ffb10521656 8 bytes [C0, 02, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffb10521670 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 7 00007ffb10521677 7 bytes [03, 7E, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffb105216b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 6 00007ffb105216b6 8 bytes [B0, 03, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffb10521700 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 6 00007ffb10521706 8 bytes [E0, 03, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffb10521860 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 00007ffb10521866 8 bytes [20, 02, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffb10521a50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 00007ffb10521a56 8 bytes [70, 04, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffb10521a80 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 00007ffb10521a86 8 bytes [90, 03, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffb10521ba0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 00007ffb10521ba6 8 bytes [E0, 02, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffb10521bc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 00007ffb10521bc6 8 bytes [40, 03, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffb10521c30 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 6 00007ffb10521c36 8 bytes [80, 02, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffb10521cc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 00007ffb10521cc6 8 bytes [A0, 02, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb10521ce0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 00007ffb10521ce6 8 bytes [C0, 03, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffb10521cf0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 6 00007ffb10521cf6 8 bytes [20, 03, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffb10521da0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 00007ffb10521da7 7 bytes [04, 7E, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffb10521dd0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 00007ffb10521dd6 8 bytes [30, 02, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb10521fe0 8 bytes {JMP QWORD [RIP-0x7c088]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffb105220f0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 6 00007ffb105220f6 8 bytes [D0, 01, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffb105221b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 00007ffb105221b6 8 bytes [40, 02, 7E, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffb105221e0 4 bytes [FF, 25, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 5 00007ffb105221e5 9 bytes [00, 80, 04, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffb105221f0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffb10522220 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffb10522230 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffb10522290 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffb105222e0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffb10522310 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffb10522320 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffb10522630 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffb10522830 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffb10522840 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb10522860 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffb10522a40 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffb10522a50 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 00007ffb10522a57 7 bytes [02, 7E, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffb10522ae0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffb10522b50 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffb10522b60 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffb10522b70 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffb10522c80 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077d713f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077d71583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077d71621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077d71674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077d716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077d716e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077d71727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb104a4b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb104a4f3c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb104a5216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb104a540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb104a57af 8 bytes [30, 6E, D5, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb104a5964 8 bytes [20, 6E, D5, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb104a5f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb104a5f5e 8 bytes [F0, 6D, D5, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffb10521280 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 00007ffb10521286 8 bytes [50, 04, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb105212a0 8 bytes {JMP QWORD [RIP-0x7b63e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffb105212d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 6 00007ffb105212d6 8 bytes [40, 04, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb10521420 8 bytes {JMP QWORD [RIP-0x7b525]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffb10521430 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 6 00007ffb10521436 8 bytes [60, 03, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb10521450 8 bytes {JMP QWORD [RIP-0x7bca7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffb10521480 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 00007ffb10521486 8 bytes [60, 04, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffb10521490 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 00007ffb10521496 8 bytes [D0, 03, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffb10521540 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 6 00007ffb10521546 8 bytes [10, 03, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb10521570 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 00007ffb10521576 8 bytes [A0, 03, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffb10521590 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 00007ffb10521596 8 bytes [80, 03, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffb105215d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 6 00007ffb105215d6 8 bytes [D0, 02, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb10521620 8 bytes {JMP QWORD [RIP-0x7bcc2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffb10521650 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 6 00007ffb10521656 8 bytes [C0, 02, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffb10521670 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 7 00007ffb10521677 7 bytes [03, C8, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffb105216b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 6 00007ffb105216b6 8 bytes [B0, 03, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffb10521700 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 6 00007ffb10521706 8 bytes [E0, 03, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffb10521860 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 00007ffb10521866 8 bytes [20, 02, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffb10521a50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 00007ffb10521a56 8 bytes [70, 04, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffb10521a80 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 00007ffb10521a86 8 bytes [90, 03, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffb10521ba0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 00007ffb10521ba6 8 bytes [E0, 02, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffb10521bc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 00007ffb10521bc6 8 bytes [40, 03, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffb10521c30 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 6 00007ffb10521c36 8 bytes [80, 02, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffb10521cc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 00007ffb10521cc6 8 bytes [A0, 02, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb10521ce0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 00007ffb10521ce6 8 bytes [C0, 03, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffb10521cf0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 6 00007ffb10521cf6 8 bytes [20, 03, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffb10521da0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 00007ffb10521da7 7 bytes [04, C8, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffb10521dd0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 00007ffb10521dd6 8 bytes [30, 02, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb10521fe0 8 bytes {JMP QWORD [RIP-0x7c088]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffb105220f0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 6 00007ffb105220f6 8 bytes [D0, 01, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffb105221b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 00007ffb105221b6 8 bytes [40, 02, C8, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffb105221e0 4 bytes [FF, 25, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 5 00007ffb105221e5 9 bytes [00, 80, 04, C8, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffb105221f0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffb10522220 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffb10522230 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffb10522290 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffb105222e0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffb10522310 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffb10522320 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffb10522630 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffb10522830 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffb10522840 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb10522860 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffb10522a40 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffb10522a50 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 00007ffb10522a57 7 bytes [02, C8, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffb10522ae0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffb10522b50 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffb10522b60 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffb10522b70 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffb10522c80 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077d713f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077d71583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077d71621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077d71674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077d716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077d716e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4844] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077d71727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb104a4b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb104a4f3c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb104a5216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb104a540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb104a57af 8 bytes [30, 6E, ED, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb104a5964 8 bytes [20, 6E, ED, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb104a5f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb104a5f5e 8 bytes [F0, 6D, ED, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffb10521280 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 00007ffb10521286 8 bytes [50, 04, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb105212a0 8 bytes {JMP QWORD [RIP-0x7b63e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffb105212d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 6 00007ffb105212d6 8 bytes [40, 04, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb10521420 8 bytes {JMP QWORD [RIP-0x7b525]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffb10521430 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 6 00007ffb10521436 8 bytes [60, 03, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb10521450 8 bytes {JMP QWORD [RIP-0x7bca7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffb10521480 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 00007ffb10521486 8 bytes [60, 04, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffb10521490 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 00007ffb10521496 8 bytes [D0, 03, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffb10521540 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 6 00007ffb10521546 8 bytes [10, 03, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb10521570 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 00007ffb10521576 8 bytes [A0, 03, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffb10521590 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 00007ffb10521596 8 bytes [80, 03, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffb105215d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 6 00007ffb105215d6 8 bytes [D0, 02, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb10521620 8 bytes {JMP QWORD [RIP-0x7bcc2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffb10521650 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 6 00007ffb10521656 8 bytes [C0, 02, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffb10521670 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 7 00007ffb10521677 7 bytes [03, 8B, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffb105216b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 6 00007ffb105216b6 8 bytes [B0, 03, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffb10521700 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 6 00007ffb10521706 8 bytes [E0, 03, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffb10521860 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 00007ffb10521866 8 bytes [20, 02, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffb10521a50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 00007ffb10521a56 8 bytes [70, 04, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffb10521a80 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 00007ffb10521a86 8 bytes [90, 03, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffb10521ba0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 00007ffb10521ba6 8 bytes [E0, 02, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffb10521bc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 00007ffb10521bc6 8 bytes [40, 03, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffb10521c30 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 6 00007ffb10521c36 8 bytes [80, 02, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffb10521cc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 00007ffb10521cc6 8 bytes [A0, 02, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb10521ce0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 00007ffb10521ce6 8 bytes [C0, 03, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffb10521cf0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 6 00007ffb10521cf6 8 bytes [20, 03, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffb10521da0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 00007ffb10521da7 7 bytes [04, 8B, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffb10521dd0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 00007ffb10521dd6 8 bytes [30, 02, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb10521fe0 8 bytes {JMP QWORD [RIP-0x7c088]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffb105220f0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 6 00007ffb105220f6 8 bytes [D0, 01, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffb105221b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 00007ffb105221b6 8 bytes [40, 02, 8B, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffb105221e0 4 bytes [FF, 25, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 5 00007ffb105221e5 9 bytes [00, 80, 04, 8B, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffb105221f0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffb10522220 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffb10522230 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffb10522290 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffb105222e0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffb10522310 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffb10522320 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffb10522630 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffb10522830 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffb10522840 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb10522860 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffb10522a40 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffb10522a50 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 00007ffb10522a57 7 bytes [02, 8B, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffb10522ae0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffb10522b50 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffb10522b60 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffb10522b70 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffb10522c80 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077d713f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077d71583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077d71621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077d71674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077d716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077d716e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1412] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077d71727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb104a4b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb104a4f3c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb104a5216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb104a540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb104a57af 8 bytes [30, 6E, 22, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb104a5964 8 bytes [20, 6E, 22, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb104a5f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb104a5f5e 8 bytes [F0, 6D, 22, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffb10521280 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 00007ffb10521286 8 bytes [50, 04, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb105212a0 8 bytes {JMP QWORD [RIP-0x7b63e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffb105212d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 6 00007ffb105212d6 8 bytes [40, 04, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb10521420 8 bytes {JMP QWORD [RIP-0x7b525]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffb10521430 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 6 00007ffb10521436 8 bytes [60, 03, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb10521450 8 bytes {JMP QWORD [RIP-0x7bca7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffb10521480 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 00007ffb10521486 8 bytes [60, 04, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffb10521490 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 00007ffb10521496 8 bytes [D0, 03, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffb10521540 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 6 00007ffb10521546 8 bytes [10, 03, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb10521570 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 00007ffb10521576 8 bytes [A0, 03, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffb10521590 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 00007ffb10521596 8 bytes [80, 03, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffb105215d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 6 00007ffb105215d6 8 bytes [D0, 02, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb10521620 8 bytes {JMP QWORD [RIP-0x7bcc2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffb10521650 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 6 00007ffb10521656 8 bytes [C0, 02, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffb10521670 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 7 00007ffb10521677 7 bytes [03, 15, 01, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffb105216b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 6 00007ffb105216b6 8 bytes [B0, 03, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffb10521700 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 6 00007ffb10521706 8 bytes [E0, 03, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffb10521860 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 00007ffb10521866 8 bytes [20, 02, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffb10521a50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 00007ffb10521a56 8 bytes [70, 04, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffb10521a80 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 00007ffb10521a86 8 bytes [90, 03, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffb10521ba0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 00007ffb10521ba6 8 bytes [E0, 02, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffb10521bc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 00007ffb10521bc6 8 bytes [40, 03, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffb10521c30 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 6 00007ffb10521c36 8 bytes [80, 02, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffb10521cc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 00007ffb10521cc6 8 bytes [A0, 02, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb10521ce0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 00007ffb10521ce6 8 bytes [C0, 03, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffb10521cf0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 6 00007ffb10521cf6 8 bytes [20, 03, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffb10521da0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 00007ffb10521da7 7 bytes [04, 15, 01, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffb10521dd0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 00007ffb10521dd6 8 bytes [30, 02, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb10521fe0 8 bytes {JMP QWORD [RIP-0x7c088]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffb105220f0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 6 00007ffb105220f6 8 bytes [D0, 01, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffb105221b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 00007ffb105221b6 8 bytes [40, 02, 15, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffb105221e0 4 bytes [FF, 25, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 5 00007ffb105221e5 9 bytes [00, 80, 04, 15, 01, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffb105221f0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffb10522220 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffb10522230 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffb10522290 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffb105222e0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffb10522310 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffb10522320 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffb10522630 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffb10522830 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffb10522840 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb10522860 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffb10522a40 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffb10522a50 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 00007ffb10522a57 7 bytes [02, 15, 01, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffb10522ae0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffb10522b50 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffb10522b60 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffb10522b70 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffb10522c80 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077d713f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077d71583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077d71621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077d71674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077d716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077d716e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077d71727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffb10521280 5 bytes JMP 00007ffb90650450 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffb105212d0 5 bytes JMP 00007ffb90650440 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffb10521430 5 bytes JMP 00007ffb90650360 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffb10521480 5 bytes JMP 00007ffb90650460 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffb10521490 5 bytes JMP 00007ffb906503d0 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffb10521540 5 bytes JMP 00007ffb90650310 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb10521570 5 bytes JMP 00007ffb906503a0 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffb10521590 5 bytes JMP 00007ffb90650380 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffb105215d0 5 bytes JMP 00007ffb906502d0 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffb10521650 5 bytes JMP 00007ffb906502c0 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffb10521670 1 byte JMP 00007ffb90650300 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 00007ffb10521672 3 bytes {JMP 0xffffffff8012ec90} .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffb105216b0 5 bytes JMP 00007ffb906503b0 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffb10521700 5 bytes JMP 00007ffb906503e0 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffb10521860 5 bytes JMP 00007ffb90650220 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffb10521a50 5 bytes JMP 00007ffb90650470 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffb10521a80 5 bytes JMP 00007ffb90650390 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffb10521ba0 5 bytes JMP 00007ffb906502e0 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffb10521bc0 5 bytes JMP 00007ffb90650340 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffb10521c30 5 bytes JMP 00007ffb90650280 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffb10521cc0 5 bytes JMP 00007ffb906502a0 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb10521ce0 5 bytes JMP 00007ffb906503c0 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffb10521cf0 5 bytes JMP 00007ffb90650320 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffb10521da0 5 bytes JMP 00007ffb90650400 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffb10521dd0 5 bytes JMP 00007ffb90650230 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffb105220f0 5 bytes JMP 00007ffb906501d0 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffb105221b0 1 byte JMP 00007ffb90650240 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00007ffb105221b2 3 bytes {JMP 0xffffffff8012e090} .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffb105221e0 5 bytes JMP 00007ffb90650480 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffb105221f0 5 bytes JMP 00007ffb90650490 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffb10522220 5 bytes JMP 00007ffb906502f0 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffb10522230 5 bytes JMP 00007ffb90650350 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffb10522290 5 bytes JMP 00007ffb90650290 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffb105222e0 5 bytes JMP 00007ffb906502b0 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffb10522310 5 bytes JMP 00007ffb90650370 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffb10522320 5 bytes JMP 00007ffb90650330 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffb10522630 5 bytes JMP 00007ffb90650430 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffb10522830 5 bytes JMP 00007ffb90650250 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffb10522840 5 bytes JMP 00007ffb90650260 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb10522860 1 byte JMP 00007ffb906503f0 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00007ffb10522862 3 bytes {JMP 0xffffffff8012db90} .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffb10522a40 5 bytes JMP 00007ffb906501e0 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffb10522a50 5 bytes JMP 00007ffb90650200 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffb10522ae0 5 bytes JMP 00007ffb906501f0 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffb10522b50 5 bytes JMP 00007ffb90650410 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffb10522b60 5 bytes JMP 00007ffb90650420 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffb10522b70 5 bytes JMP 00007ffb90650210 .text C:\Windows\system32\AUDIODG.EXE[4048] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffb10522c80 5 bytes JMP 00007ffb90650270 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb104a4b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb104a4f3c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb104a5216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb104a540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb104a57af 8 bytes [30, 6E, 32, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb104a5964 8 bytes [20, 6E, 32, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb104a5f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb104a5f5e 8 bytes [F0, 6D, 32, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffb10521280 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 00007ffb10521286 8 bytes [50, 04, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb105212a0 8 bytes {JMP QWORD [RIP-0x7b63e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffb105212d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 6 00007ffb105212d6 8 bytes [40, 04, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb10521420 8 bytes {JMP QWORD [RIP-0x7b525]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffb10521430 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 6 00007ffb10521436 8 bytes [60, 03, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb10521450 8 bytes {JMP QWORD [RIP-0x7bca7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffb10521480 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 00007ffb10521486 8 bytes [60, 04, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffb10521490 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 00007ffb10521496 8 bytes [D0, 03, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffb10521540 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 6 00007ffb10521546 8 bytes [10, 03, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb10521570 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 00007ffb10521576 8 bytes [A0, 03, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffb10521590 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 00007ffb10521596 8 bytes [80, 03, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffb105215d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 6 00007ffb105215d6 8 bytes [D0, 02, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb10521620 8 bytes {JMP QWORD [RIP-0x7bcc2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffb10521650 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 6 00007ffb10521656 8 bytes [C0, 02, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffb10521670 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 7 00007ffb10521677 7 bytes [03, 64, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffb105216b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 6 00007ffb105216b6 8 bytes [B0, 03, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffb10521700 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 6 00007ffb10521706 8 bytes [E0, 03, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffb10521860 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 00007ffb10521866 8 bytes [20, 02, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffb10521a50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 00007ffb10521a56 8 bytes [70, 04, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffb10521a80 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 00007ffb10521a86 8 bytes [90, 03, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffb10521ba0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 00007ffb10521ba6 8 bytes [E0, 02, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffb10521bc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 00007ffb10521bc6 8 bytes [40, 03, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffb10521c30 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 6 00007ffb10521c36 8 bytes [80, 02, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffb10521cc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 00007ffb10521cc6 8 bytes [A0, 02, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb10521ce0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 00007ffb10521ce6 8 bytes [C0, 03, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffb10521cf0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 6 00007ffb10521cf6 8 bytes [20, 03, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffb10521da0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 00007ffb10521da7 7 bytes [04, 64, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffb10521dd0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 00007ffb10521dd6 8 bytes [30, 02, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb10521fe0 8 bytes {JMP QWORD [RIP-0x7c088]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffb105220f0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 6 00007ffb105220f6 8 bytes [D0, 01, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffb105221b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 00007ffb105221b6 8 bytes [40, 02, 64, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffb105221e0 4 bytes [FF, 25, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 5 00007ffb105221e5 9 bytes [00, 80, 04, 64, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffb105221f0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffb10522220 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffb10522230 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffb10522290 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffb105222e0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffb10522310 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffb10522320 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffb10522630 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffb10522830 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffb10522840 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb10522860 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffb10522a40 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffb10522a50 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 00007ffb10522a57 7 bytes [02, 64, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffb10522ae0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffb10522b50 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffb10522b60 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffb10522b70 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffb10522c80 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077d713f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077d71583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077d71621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077d71674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077d716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077d716e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7668] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077d71727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb104a4b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb104a4f3c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb104a5216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb104a540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb104a57af 8 bytes [30, 6E, B8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb104a5964 8 bytes [20, 6E, B8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb104a5f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb104a5f5e 8 bytes [F0, 6D, B8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffb10521280 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 00007ffb10521286 8 bytes [50, 04, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb105212a0 8 bytes {JMP QWORD [RIP-0x7b63e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffb105212d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 6 00007ffb105212d6 8 bytes [40, 04, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb10521420 8 bytes {JMP QWORD [RIP-0x7b525]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffb10521430 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 6 00007ffb10521436 8 bytes [60, 03, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb10521450 8 bytes {JMP QWORD [RIP-0x7bca7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffb10521480 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 00007ffb10521486 8 bytes [60, 04, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffb10521490 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 00007ffb10521496 8 bytes [D0, 03, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffb10521540 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 6 00007ffb10521546 8 bytes [10, 03, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb10521570 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 00007ffb10521576 8 bytes [A0, 03, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffb10521590 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 00007ffb10521596 8 bytes [80, 03, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffb105215d0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 6 00007ffb105215d6 8 bytes [D0, 02, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb10521620 8 bytes {JMP QWORD [RIP-0x7bcc2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffb10521650 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 6 00007ffb10521656 8 bytes [C0, 02, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffb10521670 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 7 00007ffb10521677 7 bytes [03, BF, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffb105216b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 6 00007ffb105216b6 8 bytes [B0, 03, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffb10521700 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 6 00007ffb10521706 8 bytes [E0, 03, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffb10521860 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 00007ffb10521866 8 bytes [20, 02, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffb10521a50 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 00007ffb10521a56 8 bytes [70, 04, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffb10521a80 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 00007ffb10521a86 8 bytes [90, 03, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffb10521ba0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 00007ffb10521ba6 8 bytes [E0, 02, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffb10521bc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 00007ffb10521bc6 8 bytes [40, 03, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffb10521c30 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 6 00007ffb10521c36 8 bytes [80, 02, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffb10521cc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 00007ffb10521cc6 8 bytes [A0, 02, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb10521ce0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 00007ffb10521ce6 8 bytes [C0, 03, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffb10521cf0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 6 00007ffb10521cf6 8 bytes [20, 03, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffb10521da0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 7 00007ffb10521da7 7 bytes [04, BF, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffb10521dd0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 00007ffb10521dd6 8 bytes [30, 02, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb10521fe0 8 bytes {JMP QWORD [RIP-0x7c088]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffb105220f0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 6 00007ffb105220f6 8 bytes [D0, 01, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffb105221b0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 00007ffb105221b6 8 bytes [40, 02, BF, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffb105221e0 4 bytes [FF, 25, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 5 00007ffb105221e5 9 bytes [00, 80, 04, BF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffb105221f0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffb10522220 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffb10522230 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffb10522290 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffb105222e0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffb10522310 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffb10522320 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffb10522630 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffb10522830 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffb10522840 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb10522860 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffb10522a40 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffb10522a50 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 7 00007ffb10522a57 7 bytes [02, BF, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffb10522ae0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffb10522b50 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffb10522b60 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffb10522b70 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffb10522c80 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077d713f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077d71583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077d71621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077d71674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077d716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077d716e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4504] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077d71727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb104a4b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb104a4f3c 8 bytes [60, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb104a5216 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb104a540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb104a57af 8 bytes [30, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb104a5964 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb104a5f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb104a5f5e 8 bytes [F0, 6D, F8, 7F, 00, 00, 00, ...] .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb105212a0 8 bytes {JMP QWORD [RIP-0x7baf7]} .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb10521420 8 bytes {JMP QWORD [RIP-0x7bac2]} .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb10521450 8 bytes {JMP QWORD [RIP-0x7c51a]} .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb10521570 8 bytes {JMP QWORD [RIP-0x7c167]} .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb10521620 8 bytes {JMP QWORD [RIP-0x7c410]} .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb10521ce0 8 bytes {JMP QWORD [RIP-0x7bd88]} .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb10521fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]} .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb10522860 8 bytes {JMP QWORD [RIP-0x7cbfe]} .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077d713f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077d71583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077d71621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077d71674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077d716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077d716e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Desktop\Sprzątanie\GMER.exe[7644] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077d71727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[5412] @ C:\Windows\system32\RPCRT4.dll[ntdll.dll!NtAlpcConnectPortEx] [77274d70] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\prremote.dll ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [808:832] fffff960009022d0 Thread C:\Windows\SYSTEM32\ntdll.dll [1744:1748] 0000000001341b2b Thread C:\Windows\SYSTEM32\ntdll.dll [1744:2980] 00000000726fc640 Thread C:\Windows\SYSTEM32\ntdll.dll [1744:3116] 000000006cf27b0f Thread C:\Windows\SYSTEM32\ntdll.dll [1744:3120] 000000006cf27b0f Thread C:\Windows\SYSTEM32\ntdll.dll [1744:3124] 000000006cf27b0f Thread C:\Windows\SYSTEM32\ntdll.dll [1744:3184] 000000006cd903b0 Thread C:\Windows\SYSTEM32\ntdll.dll [1744:3204] 000000006cf27b0f Thread C:\Windows\SYSTEM32\ntdll.dll [1744:3208] 000000006cf27b0f Thread C:\Windows\SYSTEM32\ntdll.dll [1744:3216] 000000006ab57310 Thread C:\Windows\SYSTEM32\ntdll.dll [1744:3220] 000000006ab57310 Thread C:\Windows\SYSTEM32\ntdll.dll [1744:3224] 000000006abf1130 Thread C:\Windows\SYSTEM32\ntdll.dll [1744:3232] 000000006ab29b70 Thread C:\Windows\SYSTEM32\ntdll.dll [1744:3956] 0000000073a9cf40 Thread C:\Windows\SYSTEM32\ntdll.dll [1744:2780] 0000000050392ece Thread C:\Windows\SYSTEM32\ntdll.dll [1744:3488] 0000000050392ece Thread C:\Windows\SYSTEM32\ntdll.dll [1744:2120] 000000006cf27b0f Thread C:\Windows\SYSTEM32\ntdll.dll [1744:3564] 000000006cf27b0f Thread C:\Windows\SYSTEM32\ntdll.dll [1744:3552] 0000000050392ece Thread C:\Windows\SYSTEM32\ntdll.dll [1744:3568] 0000000050392ece Thread C:\Windows\SysWOW64\rundll32.exe [5464:5892] 0000000077a8d7e0 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk1\DR1 unknown MBR code ---- EOF - GMER 2.1 ----