GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-01 19:43:34 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST1000DM003-1ER162 rev.CC45 931,51GB Running: phoc47h6.exe; Driver: C:\Users\ARTYST~1\AppData\Local\Temp\kgliiuog.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwReplaceKey + 1525 82E83B55 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EBDBB2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtCreateFile + 6 77A056B6 4 Bytes [28, 04, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtCreateFile + B 77A056BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtMapViewOfSection + 6 77A05D16 4 Bytes [28, 07, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtMapViewOfSection + B 77A05D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenFile + 6 77A05DC6 4 Bytes [68, 04, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenFile + B 77A05DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenProcess + 6 77A05E76 4 Bytes [A8, 05, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenProcess + B 77A05E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenProcessToken + 6 77A05E86 4 Bytes CALL 76A12190 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenProcessToken + B 77A05E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenProcessTokenEx + 6 77A05E96 4 Bytes [A8, 06, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenProcessTokenEx + B 77A05E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenThread + 6 77A05EF6 4 Bytes [68, 05, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenThread + B 77A05EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenThreadToken + 6 77A05F06 4 Bytes [68, 06, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenThreadToken + B 77A05F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenThreadTokenEx + 6 77A05F16 4 Bytes CALL 76A12221 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenThreadTokenEx + B 77A05F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtQueryAttributesFile + 6 77A06026 4 Bytes [A8, 04, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtQueryAttributesFile + B 77A0602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtQueryFullAttributesFile + 6 77A060D6 4 Bytes CALL 76A123DF C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtQueryFullAttributesFile + B 77A060DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtSetInformationFile + 6 77A06726 4 Bytes [28, 05, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtSetInformationFile + B 77A0672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtSetInformationThread + 6 77A06786 4 Bytes [28, 06, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtSetInformationThread + B 77A0678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtUnmapViewOfSection + 6 77A06AA6 4 Bytes [68, 07, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtUnmapViewOfSection + B 77A06AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtCreateFile + 6 77A056B6 4 Bytes [28, 6C, 55, 00] {SUB [EBP+EDX*2+0x0], CH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtCreateFile + B 77A056BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtMapViewOfSection + 6 77A05D16 4 Bytes [28, 6F, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtMapViewOfSection + B 77A05D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenFile + 6 77A05DC6 4 Bytes [68, 6C, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenFile + B 77A05DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcess + 6 77A05E76 4 Bytes [A8, 6D, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcess + B 77A05E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcessToken + 6 77A05E86 4 Bytes CALL 76A0B3F8 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcessToken + B 77A05E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcessTokenEx + 6 77A05E96 4 Bytes [A8, 6E, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcessTokenEx + B 77A05E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThread + 6 77A05EF6 4 Bytes [68, 6D, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThread + B 77A05EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThreadToken + 6 77A05F06 4 Bytes [68, 6E, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThreadToken + B 77A05F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThreadTokenEx + 6 77A05F16 4 Bytes CALL 76A0B489 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThreadTokenEx + B 77A05F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtQueryAttributesFile + 6 77A06026 4 Bytes [A8, 6C, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtQueryAttributesFile + B 77A0602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtQueryFullAttributesFile + 6 77A060D6 4 Bytes CALL 76A0B647 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtQueryFullAttributesFile + B 77A060DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtSetInformationFile + 6 77A06726 4 Bytes [28, 6D, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtSetInformationFile + B 77A0672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtSetInformationThread + 6 77A06786 4 Bytes [28, 6E, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtSetInformationThread + B 77A0678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtUnmapViewOfSection + 6 77A06AA6 4 Bytes [68, 6F, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtUnmapViewOfSection + B 77A06AAB 1 Byte [E2] .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[3484] ntdll.dll!NtCreateFile 77A056B0 5 Bytes JMP 60806E2C C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[3484] ntdll.dll!NtFlushBuffersFile 77A05A40 5 Bytes JMP 60806CC7 C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[3484] ntdll.dll!NtQueryFullAttributesFile 77A060D0 5 Bytes JMP 60806EAD C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[3484] ntdll.dll!NtReadFile 77A063A0 5 Bytes JMP 60806BA3 C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[3484] ntdll.dll!NtReadFileScatter 77A063B0 5 Bytes JMP 60806BEC C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[3484] ntdll.dll!NtWriteFile 77A06B50 5 Bytes JMP 60806C35 C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[3484] ntdll.dll!NtWriteFileGather 77A06B60 2 Bytes JMP 60806C7E C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[3484] ntdll.dll!NtWriteFileGather + 3 77A06B63 2 Bytes [E0, E8] {LOOPNZ 0xffffffea} .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[3484] ntdll.dll!LdrLoadDll 77A22576 4 Bytes JMP 64541F42 C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\mozglue.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[3484] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 77B7952E 1 Byte [E9] .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[3484] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 77B7952E 7 Bytes JMP 607CEEC3 C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[3484] kernel32.dll!QueryPerformanceCounter + 13 77B7C535 7 Bytes JMP 607CEE7B C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[3484] kernel32.dll!LoadAppInitDlls + 355 77B7F5F6 7 Bytes JMP 617AE562 C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[3484] USER32.dll!GetWindowInfo 76154B5E 5 Bytes JMP 6118662C C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[3484] GDI32.dll!GetViewportOrgEx + 26C 76A3884B 7 Bytes JMP 607CEEEA C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtCreateFile + 6 77A056B6 4 Bytes [28, 9C, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtCreateFile + B 77A056BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtMapViewOfSection + 6 77A05D16 4 Bytes [28, 9F, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtMapViewOfSection + B 77A05D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenFile + 6 77A05DC6 4 Bytes [68, 9C, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenFile + B 77A05DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenProcess + 6 77A05E76 4 Bytes [A8, 9D, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenProcess + B 77A05E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenProcessToken + 6 77A05E86 4 Bytes CALL 76A12D28 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenProcessToken + B 77A05E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenProcessTokenEx + 6 77A05E96 4 Bytes [A8, 9E, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenProcessTokenEx + B 77A05E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenThread + 6 77A05EF6 4 Bytes [68, 9D, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenThread + B 77A05EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenThreadToken + 6 77A05F06 4 Bytes [68, 9E, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenThreadToken + B 77A05F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenThreadTokenEx + 6 77A05F16 4 Bytes CALL 76A12DB9 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenThreadTokenEx + B 77A05F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtQueryAttributesFile + 6 77A06026 4 Bytes [A8, 9C, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtQueryAttributesFile + B 77A0602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtQueryFullAttributesFile + 6 77A060D6 4 Bytes CALL 76A12F77 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtQueryFullAttributesFile + B 77A060DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtSetInformationFile + 6 77A06726 4 Bytes [28, 9D, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtSetInformationFile + B 77A0672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtSetInformationThread + 6 77A06786 4 Bytes [28, 9E, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtSetInformationThread + B 77A0678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtUnmapViewOfSection + 6 77A06AA6 4 Bytes [68, 9F, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtUnmapViewOfSection + B 77A06AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtCreateFile + 6 77A056B6 4 Bytes [28, 88, E6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtCreateFile + B 77A056BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtMapViewOfSection + 6 77A05D16 4 Bytes [28, 8B, E6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtMapViewOfSection + B 77A05D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenFile + 6 77A05DC6 4 Bytes [68, 88, E6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenFile + B 77A05DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenProcess + 6 77A05E76 4 Bytes [A8, 89, E6, 00] {TEST AL, 0x89; OUT 0x0, AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenProcess + B 77A05E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenProcessToken + 6 77A05E86 4 Bytes CALL 76A14514 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenProcessToken + B 77A05E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenProcessTokenEx + 6 77A05E96 4 Bytes [A8, 8A, E6, 00] {TEST AL, 0x8a; OUT 0x0, AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenProcessTokenEx + B 77A05E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenThread + 6 77A05EF6 4 Bytes [68, 89, E6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenThread + B 77A05EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenThreadToken + 6 77A05F06 4 Bytes [68, 8A, E6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenThreadToken + B 77A05F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenThreadTokenEx + 6 77A05F16 4 Bytes CALL 76A145A5 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenThreadTokenEx + B 77A05F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtQueryAttributesFile + 6 77A06026 4 Bytes [A8, 88, E6, 00] {TEST AL, 0x88; OUT 0x0, AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtQueryAttributesFile + B 77A0602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtQueryFullAttributesFile + 6 77A060D6 4 Bytes CALL 76A14763 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtQueryFullAttributesFile + B 77A060DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtSetInformationFile + 6 77A06726 4 Bytes [28, 89, E6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtSetInformationFile + B 77A0672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtSetInformationThread + 6 77A06786 4 Bytes [28, 8A, E6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtSetInformationThread + B 77A0678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtUnmapViewOfSection + 6 77A06AA6 4 Bytes [68, 8B, E6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtUnmapViewOfSection + B 77A06AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtCreateFile + 6 77A056B6 4 Bytes [28, 28, 34, 00] {SUB [EAX], CH; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtCreateFile + B 77A056BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtMapViewOfSection + 6 77A05D16 4 Bytes [28, 2B, 34, 00] {SUB [EBX], CH; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtMapViewOfSection + B 77A05D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenFile + 6 77A05DC6 4 Bytes [68, 28, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenFile + B 77A05DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenProcess + 6 77A05E76 4 Bytes [A8, 29, 34, 00] {TEST AL, 0x29; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenProcess + B 77A05E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenProcessToken + 6 77A05E86 4 Bytes CALL 76A092B4 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenProcessToken + B 77A05E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenProcessTokenEx + 6 77A05E96 4 Bytes [A8, 2A, 34, 00] {TEST AL, 0x2a; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenProcessTokenEx + B 77A05E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenThread + 6 77A05EF6 4 Bytes [68, 29, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenThread + B 77A05EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenThreadToken + 6 77A05F06 4 Bytes [68, 2A, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenThreadToken + B 77A05F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenThreadTokenEx + 6 77A05F16 4 Bytes CALL 76A09345 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenThreadTokenEx + B 77A05F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtQueryAttributesFile + 6 77A06026 4 Bytes [A8, 28, 34, 00] {TEST AL, 0x28; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtQueryAttributesFile + B 77A0602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtQueryFullAttributesFile + 6 77A060D6 4 Bytes CALL 76A09503 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtQueryFullAttributesFile + B 77A060DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtSetInformationFile + 6 77A06726 4 Bytes [28, 29, 34, 00] {SUB [ECX], CH; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtSetInformationFile + B 77A0672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtSetInformationThread + 6 77A06786 4 Bytes [28, 2A, 34, 00] {SUB [EDX], CH; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtSetInformationThread + B 77A0678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtUnmapViewOfSection + 6 77A06AA6 4 Bytes [68, 2B, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtUnmapViewOfSection + B 77A06AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtCreateFile + 6 77A056B6 4 Bytes [28, 94, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtCreateFile + B 77A056BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtMapViewOfSection + 6 77A05D16 4 Bytes [28, 97, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtMapViewOfSection + B 77A05D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenFile + 6 77A05DC6 4 Bytes [68, 94, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenFile + B 77A05DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenProcess + 6 77A05E76 4 Bytes [A8, 95, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenProcess + B 77A05E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenProcessToken + 6 77A05E86 4 Bytes CALL 76A10B20 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenProcessToken + B 77A05E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenProcessTokenEx + 6 77A05E96 4 Bytes [A8, 96, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenProcessTokenEx + B 77A05E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenThread + 6 77A05EF6 4 Bytes [68, 95, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenThread + B 77A05EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenThreadToken + 6 77A05F06 4 Bytes [68, 96, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenThreadToken + B 77A05F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenThreadTokenEx + 6 77A05F16 4 Bytes CALL 76A10BB1 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenThreadTokenEx + B 77A05F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtQueryAttributesFile + 6 77A06026 4 Bytes [A8, 94, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtQueryAttributesFile + B 77A0602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtQueryFullAttributesFile + 6 77A060D6 4 Bytes CALL 76A10D6F C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtQueryFullAttributesFile + B 77A060DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtSetInformationFile + 6 77A06726 4 Bytes [28, 95, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtSetInformationFile + B 77A0672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtSetInformationThread + 6 77A06786 4 Bytes [28, 96, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtSetInformationThread + B 77A0678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtUnmapViewOfSection + 6 77A06AA6 4 Bytes [68, 97, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtUnmapViewOfSection + B 77A06AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtMapViewOfSection + 6 77A05D16 4 Bytes [18, 20, DB, 77] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtMapViewOfSection + B 77A05D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtCreateFile + 6 77A056B6 4 Bytes [28, CC, 21, 00] {SUB AH, CL; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtCreateFile + B 77A056BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtMapViewOfSection + 6 77A05D16 4 Bytes [28, CF, 21, 00] {SUB BH, CL; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtMapViewOfSection + B 77A05D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenFile + 6 77A05DC6 4 Bytes [68, CC, 21, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenFile + B 77A05DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcess + 6 77A05E76 4 Bytes [A8, CD, 21, 00] {TEST AL, 0xcd; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcess + B 77A05E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcessToken + 6 77A05E86 4 Bytes CALL 76A08058 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcessToken + B 77A05E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcessTokenEx + 6 77A05E96 4 Bytes [A8, CE, 21, 00] {TEST AL, 0xce; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcessTokenEx + B 77A05E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThread + 6 77A05EF6 4 Bytes [68, CD, 21, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThread + B 77A05EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThreadToken + 6 77A05F06 4 Bytes [68, CE, 21, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThreadToken + B 77A05F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThreadTokenEx + 6 77A05F16 4 Bytes CALL 76A080E9 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThreadTokenEx + B 77A05F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtQueryAttributesFile + 6 77A06026 4 Bytes [A8, CC, 21, 00] {TEST AL, 0xcc; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtQueryAttributesFile + B 77A0602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtQueryFullAttributesFile + 6 77A060D6 4 Bytes CALL 76A082A7 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtQueryFullAttributesFile + B 77A060DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtSetInformationFile + 6 77A06726 4 Bytes [28, CD, 21, 00] {SUB CH, CL; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtSetInformationFile + B 77A0672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtSetInformationThread + 6 77A06786 4 Bytes [28, CE, 21, 00] {SUB DH, CL; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtSetInformationThread + B 77A0678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtUnmapViewOfSection + 6 77A06AA6 4 Bytes [68, CF, 21, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtUnmapViewOfSection + B 77A06AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtCreateFile + 6 77A056B6 4 Bytes [28, 0C, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtCreateFile + B 77A056BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtMapViewOfSection + 6 77A05D16 4 Bytes [28, 0F, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtMapViewOfSection + B 77A05D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenFile + 6 77A05DC6 4 Bytes [68, 0C, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenFile + B 77A05DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcess + 6 77A05E76 4 Bytes [A8, 0D, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcess + B 77A05E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcessToken + 6 77A05E86 4 Bytes CALL 76A0AE98 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcessToken + B 77A05E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcessTokenEx + 6 77A05E96 4 Bytes [A8, 0E, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcessTokenEx + B 77A05E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThread + 6 77A05EF6 4 Bytes [68, 0D, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThread + B 77A05EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThreadToken + 6 77A05F06 4 Bytes [68, 0E, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThreadToken + B 77A05F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThreadTokenEx + 6 77A05F16 4 Bytes CALL 76A0AF29 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThreadTokenEx + B 77A05F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtQueryAttributesFile + 6 77A06026 4 Bytes [A8, 0C, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtQueryAttributesFile + B 77A0602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtQueryFullAttributesFile + 6 77A060D6 4 Bytes CALL 76A0B0E7 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtQueryFullAttributesFile + B 77A060DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtSetInformationFile + 6 77A06726 4 Bytes [28, 0D, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtSetInformationFile + B 77A0672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtSetInformationThread + 6 77A06786 4 Bytes [28, 0E, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtSetInformationThread + B 77A0678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtUnmapViewOfSection + 6 77A06AA6 4 Bytes [68, 0F, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtUnmapViewOfSection + B 77A06AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtCreateFile + 6 77A056B6 4 Bytes [28, 94, 47, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtCreateFile + B 77A056BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtMapViewOfSection + 6 77A05D16 4 Bytes [28, 97, 47, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtMapViewOfSection + B 77A05D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenFile + 6 77A05DC6 4 Bytes [68, 94, 47, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenFile + B 77A05DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenProcess + 6 77A05E76 4 Bytes [A8, 95, 47, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenProcess + B 77A05E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenProcessToken + 6 77A05E86 4 Bytes CALL 76A0A620 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenProcessToken + B 77A05E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenProcessTokenEx + 6 77A05E96 4 Bytes [A8, 96, 47, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenProcessTokenEx + B 77A05E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenThread + 6 77A05EF6 4 Bytes [68, 95, 47, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenThread + B 77A05EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenThreadToken + 6 77A05F06 4 Bytes [68, 96, 47, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenThreadToken + B 77A05F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenThreadTokenEx + 6 77A05F16 4 Bytes CALL 76A0A6B1 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenThreadTokenEx + B 77A05F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtQueryAttributesFile + 6 77A06026 4 Bytes [A8, 94, 47, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtQueryAttributesFile + B 77A0602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtQueryFullAttributesFile + 6 77A060D6 4 Bytes CALL 76A0A86F C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtQueryFullAttributesFile + B 77A060DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtSetInformationFile + 6 77A06726 4 Bytes [28, 95, 47, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtSetInformationFile + B 77A0672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtSetInformationThread + 6 77A06786 4 Bytes [28, 96, 47, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtSetInformationThread + B 77A0678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtUnmapViewOfSection + 6 77A06AA6 4 Bytes [68, 97, 47, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtUnmapViewOfSection + B 77A06AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtCreateFile + 6 77A056B6 4 Bytes [28, 8C, E6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtCreateFile + B 77A056BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtMapViewOfSection + 6 77A05D16 4 Bytes [28, 8F, E6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtMapViewOfSection + B 77A05D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenFile + 6 77A05DC6 4 Bytes [68, 8C, E6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenFile + B 77A05DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenProcess + 6 77A05E76 4 Bytes [A8, 8D, E6, 00] {TEST AL, 0x8d; OUT 0x0, AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenProcess + B 77A05E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenProcessToken + 6 77A05E86 4 Bytes CALL 76A14518 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenProcessToken + B 77A05E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenProcessTokenEx + 6 77A05E96 4 Bytes [A8, 8E, E6, 00] {TEST AL, 0x8e; OUT 0x0, AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenProcessTokenEx + B 77A05E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenThread + 6 77A05EF6 4 Bytes [68, 8D, E6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenThread + B 77A05EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenThreadToken + 6 77A05F06 4 Bytes [68, 8E, E6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenThreadToken + B 77A05F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenThreadTokenEx + 6 77A05F16 4 Bytes CALL 76A145A9 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenThreadTokenEx + B 77A05F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtQueryAttributesFile + 6 77A06026 4 Bytes [A8, 8C, E6, 00] {TEST AL, 0x8c; OUT 0x0, AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtQueryAttributesFile + B 77A0602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtQueryFullAttributesFile + 6 77A060D6 4 Bytes CALL 76A14767 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtQueryFullAttributesFile + B 77A060DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtSetInformationFile + 6 77A06726 4 Bytes [28, 8D, E6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtSetInformationFile + B 77A0672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtSetInformationThread + 6 77A06786 4 Bytes [28, 8E, E6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtSetInformationThread + B 77A0678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtUnmapViewOfSection + 6 77A06AA6 4 Bytes [68, 8F, E6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtUnmapViewOfSection + B 77A06AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtCreateFile + 6 77A056B6 4 Bytes [28, 60, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtCreateFile + B 77A056BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtMapViewOfSection + 6 77A05D16 4 Bytes [28, 63, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtMapViewOfSection + B 77A05D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenFile + 6 77A05DC6 4 Bytes [68, 60, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenFile + B 77A05DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenProcess + 6 77A05E76 4 Bytes [A8, 61, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenProcess + B 77A05E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenProcessToken + 6 77A05E86 4 Bytes CALL 76A06BEC C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenProcessToken + B 77A05E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenProcessTokenEx + 6 77A05E96 4 Bytes [A8, 62, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenProcessTokenEx + B 77A05E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenThread + 6 77A05EF6 4 Bytes [68, 61, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenThread + B 77A05EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenThreadToken + 6 77A05F06 4 Bytes [68, 62, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenThreadToken + B 77A05F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenThreadTokenEx + 6 77A05F16 4 Bytes CALL 76A06C7D C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenThreadTokenEx + B 77A05F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtQueryAttributesFile + 6 77A06026 4 Bytes [A8, 60, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtQueryAttributesFile + B 77A0602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtQueryFullAttributesFile + 6 77A060D6 4 Bytes CALL 76A06E3B C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtQueryFullAttributesFile + B 77A060DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtSetInformationFile + 6 77A06726 4 Bytes [28, 61, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtSetInformationFile + B 77A0672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtSetInformationThread + 6 77A06786 4 Bytes [28, 62, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtSetInformationThread + B 77A0678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtUnmapViewOfSection + 6 77A06AA6 4 Bytes [68, 63, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtUnmapViewOfSection + B 77A06AAB 1 Byte [E2] ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Hi-Rez Studios\HiPatchService.exe 0xC8 0x18 0xE4 0xF8 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0xBC 0x83 0xD5 0xA5 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe 0xAF 0xC2 0xEA 0x7C ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Hi-Rez Studios\HirezLauncherUI.exe 0xDB 0x1C 0x2E 0x7E ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\sdiagnhost.exe 0xC5 0x6E 0xC3 0x9C ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe 0x13 0x54 0x87 0x9F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Master\EasyClicker\EasyClicker Pro 1.3v.exe 0x63 0xA0 0x69 0xE2 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\artystav2\AppData\Roaming\Riot Games\League of Legends\prerequisites\DXSETUP.exe 0x86 0xD2 0x82 0x29 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\_CommonRedist\DirectX\Jun2010\DXSETUP.exe 0x55 0xCC 0x87 0x33 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\CdRom0\DirectX\DXSETUP.exe 0x0D 0x5F 0x8B 0xB7 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\hh.exe 0x9A 0x34 0x22 0xE9 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Hi-Rez Studios\HiPatchSelfUpdateWindow.exe 0xC5 0xE7 0x66 0x26 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\directx_installer\dxsetup.exe 0x6C 0x91 0x5E 0x05 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\artystav2\Desktop\osu!install.exe 0xC1 0xBF 0x15 0xCF ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\artystav2\AppData\Local\osu!\osu!.exe 0xDD 0xBB 0x4B 0x6C ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\artystav2\Desktop\FRST.exe 0xB3 0x24 0xFA 0x6E ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe 0xAB 0xCF 0xE0 0xB8 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\MSI\MSITrigger\MSI_Trigger_Service.exe 0xE2 0x9C 0xC8 0xF9 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Razer\RzWizard\RzWizardService.exe 0x00 0x8D 0x14 0x15 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0x43 0x15 0x24 0xA3 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Razer\Razer Services\GSS\GameScannerService.exe 0x8D 0xF3 0x3B 0xFB ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Razer\Synapse\RzSynapse.exe 0x20 0x52 0xF4 0xFC ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe 0xFE 0x87 0x11 0x0C ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTModernUI.exe 0x2B 0x98 0xBE 0x5D ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\rundll32.exe 0xDB 0x06 0x4A 0xB2 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\msiexec.exe 0x46 0x71 0x5B 0xCD ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\artystav2\Desktop\LeagueofLegends_EUNE_Installer_9_15_2014.exe 0x29 0x9E 0x03 0x02 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe 0x34 0xEC 0x64 0xBE ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_option1.exe 0x75 0xCE 0xCE 0x74 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_option2.exe 0x2E 0x8A 0x8F 0xE9 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\artystav2\Desktop\FortiClientInstaller.exe 0x34 0x2B 0x9D 0xD8 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\artystav2\AppData\Local\osu!\osu!.exe 0x95 0x13 0x03 0xA5 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\artystav2\Desktop\FRST.exe 0xB8 0x3B 0x33 0x72 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\artystav2\Desktop\phoc47h6.exe 0x85 0x02 0x55 0x11 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\ProgramData\Razer\Synapse\RzStats\RzStats.exe 0x04 0xEA 0x94 0x60 ... ---- EOF - GMER 2.1 ----