GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-09 22:57:19 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c Samsung_SSD_850_EVO_mSATA_500GB rev.EMT41B6Q 465,76GB Running: kxmg03lg.exe; Driver: C:\Users\S8EF9~1.KOP\AppData\Local\Temp\uxldapog.sys ---- User code sections - GMER 2.2 ---- .text C:\Users\s.kopertowski\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!RtlRealPredecessor + 68 00007ffb6d5713b4 8 bytes {JMP 0xffffffffffffffd0} .text C:\Users\s.kopertowski\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffb6d57148f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\s.kopertowski\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 436 00007ffb6d571654 8 bytes [A0, 6B, BC, 7E, 00, 00, 00, ...] .text C:\Users\s.kopertowski\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 677 00007ffb6d571745 8 bytes [90, 6B, BC, 7E, 00, 00, 00, ...] .text C:\Users\s.kopertowski\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 248 00007ffb6d571848 8 bytes [80, 6B, BC, 7E, 00, 00, 00, ...] .text C:\Users\s.kopertowski\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 944 00007ffb6d571b00 8 bytes [70, 6B, BC, 7E, 00, 00, 00, ...] .text C:\Users\s.kopertowski\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!RtlUnlockModuleSection + 487 00007ffb6d572327 8 bytes [40, 6B, BC, 7E, 00, 00, 00, ...] .text C:\Users\s.kopertowski\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffb6d57243f 8 bytes {JMP 0xffffffffffffffec} .text C:\Users\s.kopertowski\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb6d615260 8 bytes {JMP QWORD [RIP-0xa3766]} .text C:\Users\s.kopertowski\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb6d615560 8 bytes {JMP QWORD [RIP-0xa39f2]} .text C:\Users\s.kopertowski\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb6d6155c0 8 bytes {JMP QWORD [RIP-0xa3f72]} .text C:\Users\s.kopertowski\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb6d615800 8 bytes {JMP QWORD [RIP-0xa3fbe]} .text C:\Users\s.kopertowski\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb6d615960 8 bytes {JMP QWORD [RIP-0xa4221]} .text C:\Users\s.kopertowski\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb6d616730 8 bytes {JMP QWORD [RIP-0xa42f7]} .text C:\Users\s.kopertowski\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb6d616d30 8 bytes {JMP QWORD [RIP-0xa4a0f]} .text C:\Users\s.kopertowski\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb6d617ef0 8 bytes {JMP QWORD [RIP-0xa628f]} .text C:\Users\s.kopertowski\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7924] C:\Windows\system32\wow64cpu.dll!BTCpuProcessInit + 101 0000000067411405 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\s.kopertowski\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7924] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 572 000000006741164c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\s.kopertowski\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7924] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 883 0000000067411783 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\s.kopertowski\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7924] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 30 00000000674117ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\s.kopertowski\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7924] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 87 00000000674117e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\Windows\SYSTEM32\iertutil.dll [7924] entry point in ".rdata" section 000000006e55caf0 ? C:\Windows\SYSTEM32\NTASN1.dll [7924] entry point in ".rdata" section 000000006d35bb10 .text C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE[5128] C:\Windows\SYSTEM32\ntdll.dll!RtlRealPredecessor + 68 00007ffb6d5713b4 8 bytes {JMP 0xffffffffffffffd0} .text C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE[5128] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffb6d57148f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE[5128] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 436 00007ffb6d571654 8 bytes [A0, 6B, 71, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE[5128] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 677 00007ffb6d571745 8 bytes [90, 6B, 71, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE[5128] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 248 00007ffb6d571848 8 bytes [80, 6B, 71, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE[5128] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 944 00007ffb6d571b00 8 bytes [70, 6B, 71, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE[5128] C:\Windows\SYSTEM32\ntdll.dll!RtlUnlockModuleSection + 487 00007ffb6d572327 8 bytes [40, 6B, 71, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE[5128] C:\Windows\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffb6d57243f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE[5128] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb6d615260 8 bytes {JMP QWORD [RIP-0xa3766]} .text C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE[5128] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb6d615560 8 bytes {JMP QWORD [RIP-0xa39f2]} .text C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE[5128] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb6d6155c0 8 bytes {JMP QWORD [RIP-0xa3f72]} .text C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE[5128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb6d615800 8 bytes {JMP QWORD [RIP-0xa3fbe]} .text C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE[5128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb6d615960 8 bytes {JMP QWORD [RIP-0xa4221]} .text C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE[5128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb6d616730 8 bytes {JMP QWORD [RIP-0xa42f7]} .text C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE[5128] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb6d616d30 8 bytes {JMP QWORD [RIP-0xa4a0f]} .text C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE[5128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb6d617ef0 8 bytes {JMP QWORD [RIP-0xa628f]} .text C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE[5128] C:\Windows\system32\wow64cpu.dll!BTCpuProcessInit + 101 0000000067411405 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE[5128] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 572 000000006741164c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE[5128] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 883 0000000067411783 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE[5128] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 30 00000000674117ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE[5128] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 87 00000000674117e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\Windows\SYSTEM32\d3d10_1.dll [5128] entry point in ".rdata" section 00000000675624b0 ? C:\Windows\SYSTEM32\NTASN1.dll [5128] entry point in ".rdata" section 000000006d35bb10 ? C:\Windows\SYSTEM32\iertutil.dll [5128] entry point in ".rdata" section 000000006e55caf0 ? C:\Windows\system32\apphelp.dll [9184] entry point in ".rdata" section 000000006db30380 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!RtlRealPredecessor + 68 00007ffb6d5713b4 8 bytes {JMP 0xffffffffffffffd0} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffb6d57148f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 436 00007ffb6d571654 8 bytes [A0, 6B, FE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 677 00007ffb6d571745 8 bytes [90, 6B, FE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 248 00007ffb6d571848 8 bytes [80, 6B, FE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 944 00007ffb6d571b00 8 bytes [70, 6B, FE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!RtlUnlockModuleSection + 487 00007ffb6d572327 8 bytes [40, 6B, FE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffb6d57243f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb6d615260 8 bytes {JMP QWORD [RIP-0xa3766]} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb6d615560 8 bytes {JMP QWORD [RIP-0xa39f2]} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb6d6155c0 8 bytes {JMP QWORD [RIP-0xa3f72]} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb6d615800 8 bytes {JMP QWORD [RIP-0xa3fbe]} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb6d615960 8 bytes {JMP QWORD [RIP-0xa4221]} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb6d616730 8 bytes {JMP QWORD [RIP-0xa42f7]} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb6d616d30 8 bytes {JMP QWORD [RIP-0xa4a0f]} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb6d617ef0 8 bytes {JMP QWORD [RIP-0xa628f]} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4148] C:\Windows\system32\wow64cpu.dll!BTCpuProcessInit + 101 0000000067411405 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4148] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 572 000000006741164c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4148] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 883 0000000067411783 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4148] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 30 00000000674117ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4148] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 87 00000000674117e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\Windows\system32\apphelp.dll [4148] entry point in ".rdata" section 000000006db30380 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!RtlRealPredecessor + 68 00007ffb6d5713b4 8 bytes {JMP 0xffffffffffffffd0} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffb6d57148f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 436 00007ffb6d571654 8 bytes [A0, 6B, 4B, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 677 00007ffb6d571745 8 bytes [90, 6B, 4B, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 248 00007ffb6d571848 8 bytes [80, 6B, 4B, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 944 00007ffb6d571b00 8 bytes [70, 6B, 4B, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!RtlUnlockModuleSection + 487 00007ffb6d572327 8 bytes [40, 6B, 4B, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffb6d57243f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb6d615260 8 bytes {JMP QWORD [RIP-0xa3766]} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb6d615560 8 bytes {JMP QWORD [RIP-0xa39f2]} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb6d6155c0 8 bytes {JMP QWORD [RIP-0xa3f72]} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb6d615800 8 bytes {JMP QWORD [RIP-0xa3fbe]} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb6d615960 8 bytes {JMP QWORD [RIP-0xa4221]} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb6d616730 8 bytes {JMP QWORD [RIP-0xa42f7]} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb6d616d30 8 bytes {JMP QWORD [RIP-0xa4a0f]} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb6d617ef0 8 bytes {JMP QWORD [RIP-0xa628f]} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3264] C:\Windows\system32\wow64cpu.dll!BTCpuProcessInit + 101 0000000067411405 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3264] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 572 000000006741164c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3264] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 883 0000000067411783 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3264] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 30 00000000674117ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3264] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 87 00000000674117e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\Windows\system32\wbem\wbemsvc.dll [3264] entry point in ".rdata" section 0000000069fd8fa0 ? C:\Windows\SYSTEM32\iertutil.dll [3264] entry point in ".rdata" section 000000006e55caf0 ? C:\Windows\SYSTEM32\ActXPrxy.dll [3264] entry point in ".rdata" section 000000006decbc40 ? C:\Windows\SYSTEM32\apphelp.dll [3264] entry point in ".rdata" section 000000006db30380 ? C:\Windows\system32\mssprxy.dll [3264] entry point in ".rdata" section 0000000056f0a4e0 ? C:\Windows\SYSTEM32\NTASN1.dll [3264] entry point in ".rdata" section 000000006d35bb10 ? C:\Windows\SYSTEM32\srpapi.dll [3264] entry point in ".rdata" section 0000000062982a90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10084] C:\Windows\SYSTEM32\ntdll.dll!RtlRealPredecessor + 68 00007ffb6d5713b4 8 bytes {JMP 0xffffffffffffffd0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10084] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffb6d57148f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10084] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 436 00007ffb6d571654 8 bytes [A0, 6B, A6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10084] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 677 00007ffb6d571745 8 bytes [90, 6B, A6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10084] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 248 00007ffb6d571848 8 bytes [80, 6B, A6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10084] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 944 00007ffb6d571b00 8 bytes [70, 6B, A6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10084] C:\Windows\SYSTEM32\ntdll.dll!RtlUnlockModuleSection + 487 00007ffb6d572327 8 bytes [40, 6B, A6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10084] C:\Windows\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffb6d57243f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10084] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb6d615260 8 bytes {JMP QWORD [RIP-0xa3766]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10084] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb6d615560 8 bytes {JMP QWORD [RIP-0xa39f2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10084] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb6d6155c0 8 bytes {JMP QWORD [RIP-0xa3f72]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb6d615800 8 bytes {JMP QWORD [RIP-0xa3fbe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb6d615960 8 bytes {JMP QWORD [RIP-0xa4221]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb6d616730 8 bytes {JMP QWORD [RIP-0xa42f7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10084] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb6d616d30 8 bytes {JMP QWORD [RIP-0xa4a0f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb6d617ef0 8 bytes {JMP QWORD [RIP-0xa628f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10084] C:\Windows\system32\wow64cpu.dll!BTCpuProcessInit + 101 0000000067411405 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10084] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 572 000000006741164c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10084] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 883 0000000067411783 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10084] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 30 00000000674117ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10084] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 87 00000000674117e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\Windows\system32\apphelp.dll [10084] entry point in ".rdata" section 000000006db30380 ? C:\Windows\SYSTEM32\iertutil.dll [10084] entry point in ".rdata" section 000000006e55caf0 ? C:\Windows\system32\mssprxy.dll [10084] entry point in ".rdata" section 0000000056f0a4e0 ? C:\Windows\SYSTEM32\ActXPrxy.dll [10084] entry point in ".rdata" section 000000006decbc40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!RtlRealPredecessor + 68 00007ffb6d5713b4 8 bytes {JMP 0xffffffffffffffd0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffb6d57148f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 436 00007ffb6d571654 8 bytes [A0, 6B, 9D, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 677 00007ffb6d571745 8 bytes [90, 6B, 9D, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 248 00007ffb6d571848 8 bytes [80, 6B, 9D, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 944 00007ffb6d571b00 8 bytes [70, 6B, 9D, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!RtlUnlockModuleSection + 487 00007ffb6d572327 8 bytes [40, 6B, 9D, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffb6d57243f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb6d615260 8 bytes {JMP QWORD [RIP-0xa3766]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb6d615560 8 bytes {JMP QWORD [RIP-0xa39f2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb6d6155c0 8 bytes {JMP QWORD [RIP-0xa3f72]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb6d615800 8 bytes {JMP QWORD [RIP-0xa3fbe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb6d615960 8 bytes {JMP QWORD [RIP-0xa4221]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb6d616730 8 bytes {JMP QWORD [RIP-0xa42f7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb6d616d30 8 bytes {JMP QWORD [RIP-0xa4a0f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb6d617ef0 8 bytes {JMP QWORD [RIP-0xa628f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1544] C:\Windows\system32\wow64cpu.dll!BTCpuProcessInit + 101 0000000067411405 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1544] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 572 000000006741164c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1544] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 883 0000000067411783 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1544] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 30 00000000674117ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1544] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 87 00000000674117e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\Windows\system32\apphelp.dll [1544] entry point in ".rdata" section 000000006db30380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9040] C:\Windows\SYSTEM32\ntdll.dll!RtlRealPredecessor + 68 00007ffb6d5713b4 8 bytes {JMP 0xffffffffffffffd0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9040] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffb6d57148f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9040] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 436 00007ffb6d571654 8 bytes [A0, 6B, 48, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9040] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 677 00007ffb6d571745 8 bytes [90, 6B, 48, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9040] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 248 00007ffb6d571848 8 bytes [80, 6B, 48, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9040] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 944 00007ffb6d571b00 8 bytes [70, 6B, 48, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9040] C:\Windows\SYSTEM32\ntdll.dll!RtlUnlockModuleSection + 487 00007ffb6d572327 8 bytes [40, 6B, 48, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9040] C:\Windows\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffb6d57243f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9040] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb6d615260 8 bytes {JMP QWORD [RIP-0xa3766]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb6d615560 8 bytes {JMP QWORD [RIP-0xa39f2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9040] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb6d6155c0 8 bytes {JMP QWORD [RIP-0xa3f72]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9040] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb6d615800 8 bytes {JMP QWORD [RIP-0xa3fbe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb6d615960 8 bytes {JMP QWORD [RIP-0xa4221]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb6d616730 8 bytes {JMP QWORD [RIP-0xa42f7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9040] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb6d616d30 8 bytes {JMP QWORD [RIP-0xa4a0f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb6d617ef0 8 bytes {JMP QWORD [RIP-0xa628f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9040] C:\Windows\system32\wow64cpu.dll!BTCpuProcessInit + 101 0000000067411405 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9040] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 572 000000006741164c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9040] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 883 0000000067411783 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9040] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 30 00000000674117ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9040] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 87 00000000674117e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\Windows\system32\apphelp.dll [9040] entry point in ".rdata" section 000000006db30380 ? C:\Windows\SYSTEM32\NTASN1.dll [9040] entry point in ".rdata" section 000000006d35bb10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!RtlRealPredecessor + 68 00007ffb6d5713b4 8 bytes {JMP 0xffffffffffffffd0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffb6d57148f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 436 00007ffb6d571654 8 bytes [A0, 6B, AD, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 677 00007ffb6d571745 8 bytes [90, 6B, AD, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 248 00007ffb6d571848 8 bytes [80, 6B, AD, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 944 00007ffb6d571b00 8 bytes [70, 6B, AD, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!RtlUnlockModuleSection + 487 00007ffb6d572327 8 bytes [40, 6B, AD, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffb6d57243f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb6d615260 8 bytes {JMP QWORD [RIP-0xa3766]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb6d615560 8 bytes {JMP QWORD [RIP-0xa39f2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb6d6155c0 8 bytes {JMP QWORD [RIP-0xa3f72]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb6d615800 8 bytes {JMP QWORD [RIP-0xa3fbe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb6d615960 8 bytes {JMP QWORD [RIP-0xa4221]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb6d616730 8 bytes {JMP QWORD [RIP-0xa42f7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb6d616d30 8 bytes {JMP QWORD [RIP-0xa4a0f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb6d617ef0 8 bytes {JMP QWORD [RIP-0xa628f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6916] C:\Windows\system32\wow64cpu.dll!BTCpuProcessInit + 101 0000000067411405 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6916] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 572 000000006741164c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6916] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 883 0000000067411783 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6916] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 30 00000000674117ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6916] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 87 00000000674117e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\Windows\system32\apphelp.dll [6916] entry point in ".rdata" section 000000006db30380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8648] C:\Windows\SYSTEM32\ntdll.dll!RtlRealPredecessor + 68 00007ffb6d5713b4 8 bytes {JMP 0xffffffffffffffd0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8648] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffb6d57148f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8648] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 436 00007ffb6d571654 8 bytes [A0, 6B, 05, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8648] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 677 00007ffb6d571745 8 bytes [90, 6B, 05, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8648] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 248 00007ffb6d571848 8 bytes [80, 6B, 05, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8648] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 944 00007ffb6d571b00 8 bytes [70, 6B, 05, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8648] C:\Windows\SYSTEM32\ntdll.dll!RtlUnlockModuleSection + 487 00007ffb6d572327 8 bytes [40, 6B, 05, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8648] C:\Windows\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffb6d57243f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8648] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb6d615260 8 bytes {JMP QWORD [RIP-0xa3766]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb6d615560 8 bytes {JMP QWORD [RIP-0xa39f2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8648] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb6d6155c0 8 bytes {JMP QWORD [RIP-0xa3f72]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb6d615800 8 bytes {JMP QWORD [RIP-0xa3fbe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb6d615960 8 bytes {JMP QWORD [RIP-0xa4221]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb6d616730 8 bytes {JMP QWORD [RIP-0xa42f7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8648] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb6d616d30 8 bytes {JMP QWORD [RIP-0xa4a0f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb6d617ef0 8 bytes {JMP QWORD [RIP-0xa628f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8648] C:\Windows\system32\wow64cpu.dll!BTCpuProcessInit + 101 0000000067411405 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8648] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 572 000000006741164c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8648] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 883 0000000067411783 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8648] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 30 00000000674117ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8648] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 87 00000000674117e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\Windows\system32\apphelp.dll [8648] entry point in ".rdata" section 000000006db30380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!RtlRealPredecessor + 68 00007ffb6d5713b4 8 bytes {JMP 0xffffffffffffffd0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffb6d57148f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 436 00007ffb6d571654 8 bytes [A0, 6B, F3, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 677 00007ffb6d571745 8 bytes [90, 6B, F3, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 248 00007ffb6d571848 8 bytes [80, 6B, F3, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 944 00007ffb6d571b00 8 bytes [70, 6B, F3, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!RtlUnlockModuleSection + 487 00007ffb6d572327 8 bytes [40, 6B, F3, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffb6d57243f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb6d615260 8 bytes {JMP QWORD [RIP-0xa3766]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb6d615560 8 bytes {JMP QWORD [RIP-0xa39f2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb6d6155c0 8 bytes {JMP QWORD [RIP-0xa3f72]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb6d615800 8 bytes {JMP QWORD [RIP-0xa3fbe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb6d615960 8 bytes {JMP QWORD [RIP-0xa4221]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb6d616730 8 bytes {JMP QWORD [RIP-0xa42f7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb6d616d30 8 bytes {JMP QWORD [RIP-0xa4a0f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb6d617ef0 8 bytes {JMP QWORD [RIP-0xa628f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\system32\wow64cpu.dll!BTCpuProcessInit + 101 0000000067411405 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 572 000000006741164c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 883 0000000067411783 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 30 00000000674117ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 87 00000000674117e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\Windows\system32\apphelp.dll [7504] entry point in ".rdata" section 000000006db30380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\ntdll.dll!RtlRealPredecessor + 68 00007ffb6d5713b4 8 bytes {JMP 0xffffffffffffffd0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffb6d57148f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 436 00007ffb6d571654 8 bytes [A0, 6B, 7F, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 677 00007ffb6d571745 8 bytes [90, 6B, 7F, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 248 00007ffb6d571848 8 bytes [80, 6B, 7F, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 944 00007ffb6d571b00 8 bytes [70, 6B, 7F, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\ntdll.dll!RtlUnlockModuleSection + 487 00007ffb6d572327 8 bytes [40, 6B, 7F, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffb6d57243f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb6d615260 8 bytes {JMP QWORD [RIP-0xa3766]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb6d615560 8 bytes {JMP QWORD [RIP-0xa39f2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb6d6155c0 8 bytes {JMP QWORD [RIP-0xa3f72]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb6d615800 8 bytes {JMP QWORD [RIP-0xa3fbe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb6d615960 8 bytes {JMP QWORD [RIP-0xa4221]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb6d616730 8 bytes {JMP QWORD [RIP-0xa42f7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb6d616d30 8 bytes {JMP QWORD [RIP-0xa4a0f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb6d617ef0 8 bytes {JMP QWORD [RIP-0xa628f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\system32\wow64cpu.dll!BTCpuProcessInit + 101 0000000067411405 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 572 000000006741164c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 883 0000000067411783 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 30 00000000674117ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 87 00000000674117e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\Windows\system32\apphelp.dll [7160] entry point in ".rdata" section 000000006db30380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9716] C:\Windows\SYSTEM32\ntdll.dll!RtlRealPredecessor + 68 00007ffb6d5713b4 8 bytes {JMP 0xffffffffffffffd0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9716] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffb6d57148f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9716] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 436 00007ffb6d571654 8 bytes [A0, 6B, 53, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9716] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 677 00007ffb6d571745 8 bytes [90, 6B, 53, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9716] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 248 00007ffb6d571848 8 bytes [80, 6B, 53, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9716] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 944 00007ffb6d571b00 8 bytes [70, 6B, 53, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9716] C:\Windows\SYSTEM32\ntdll.dll!RtlUnlockModuleSection + 487 00007ffb6d572327 8 bytes [40, 6B, 53, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9716] C:\Windows\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffb6d57243f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9716] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb6d615260 8 bytes {JMP QWORD [RIP-0xa3766]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb6d615560 8 bytes {JMP QWORD [RIP-0xa39f2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9716] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb6d6155c0 8 bytes {JMP QWORD [RIP-0xa3f72]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb6d615800 8 bytes {JMP QWORD [RIP-0xa3fbe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb6d615960 8 bytes {JMP QWORD [RIP-0xa4221]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb6d616730 8 bytes {JMP QWORD [RIP-0xa42f7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9716] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb6d616d30 8 bytes {JMP QWORD [RIP-0xa4a0f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb6d617ef0 8 bytes {JMP QWORD [RIP-0xa628f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9716] C:\Windows\system32\wow64cpu.dll!BTCpuProcessInit + 101 0000000067411405 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9716] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 572 000000006741164c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9716] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 883 0000000067411783 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9716] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 30 00000000674117ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9716] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 87 00000000674117e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\Windows\system32\apphelp.dll [9716] entry point in ".rdata" section 000000006db30380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8400] C:\Windows\SYSTEM32\ntdll.dll!RtlRealPredecessor + 68 00007ffb6d5713b4 8 bytes {JMP 0xffffffffffffffd0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8400] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffb6d57148f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8400] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 436 00007ffb6d571654 8 bytes [A0, 6B, C7, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8400] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 677 00007ffb6d571745 8 bytes [90, 6B, C7, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8400] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 248 00007ffb6d571848 8 bytes [80, 6B, C7, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8400] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 944 00007ffb6d571b00 8 bytes [70, 6B, C7, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8400] C:\Windows\SYSTEM32\ntdll.dll!RtlUnlockModuleSection + 487 00007ffb6d572327 8 bytes [40, 6B, C7, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8400] C:\Windows\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffb6d57243f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8400] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb6d615260 8 bytes {JMP QWORD [RIP-0xa3766]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb6d615560 8 bytes {JMP QWORD [RIP-0xa39f2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8400] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb6d6155c0 8 bytes {JMP QWORD [RIP-0xa3f72]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb6d615800 8 bytes {JMP QWORD [RIP-0xa3fbe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb6d615960 8 bytes {JMP QWORD [RIP-0xa4221]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb6d616730 8 bytes {JMP QWORD [RIP-0xa42f7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8400] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb6d616d30 8 bytes {JMP QWORD [RIP-0xa4a0f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb6d617ef0 8 bytes {JMP QWORD [RIP-0xa628f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8400] C:\Windows\system32\wow64cpu.dll!BTCpuProcessInit + 101 0000000067411405 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8400] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 572 000000006741164c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8400] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 883 0000000067411783 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8400] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 30 00000000674117ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8400] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 87 00000000674117e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\Windows\system32\apphelp.dll [8400] entry point in ".rdata" section 000000006db30380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[964] C:\Windows\SYSTEM32\ntdll.dll!RtlRealPredecessor + 68 00007ffb6d5713b4 8 bytes {JMP 0xffffffffffffffd0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[964] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffb6d57148f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[964] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 436 00007ffb6d571654 8 bytes [A0, 6B, A9, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[964] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 677 00007ffb6d571745 8 bytes [90, 6B, A9, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[964] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 248 00007ffb6d571848 8 bytes [80, 6B, A9, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[964] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 944 00007ffb6d571b00 8 bytes [70, 6B, A9, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[964] C:\Windows\SYSTEM32\ntdll.dll!RtlUnlockModuleSection + 487 00007ffb6d572327 8 bytes [40, 6B, A9, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[964] C:\Windows\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffb6d57243f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb6d615260 8 bytes {JMP QWORD [RIP-0xa3766]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb6d615560 8 bytes {JMP QWORD [RIP-0xa39f2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb6d6155c0 8 bytes {JMP QWORD [RIP-0xa3f72]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb6d615800 8 bytes {JMP QWORD [RIP-0xa3fbe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb6d615960 8 bytes {JMP QWORD [RIP-0xa4221]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb6d616730 8 bytes {JMP QWORD [RIP-0xa42f7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb6d616d30 8 bytes {JMP QWORD [RIP-0xa4a0f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb6d617ef0 8 bytes {JMP QWORD [RIP-0xa628f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[964] C:\Windows\system32\wow64cpu.dll!BTCpuProcessInit + 101 0000000067411405 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[964] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 572 000000006741164c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[964] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 883 0000000067411783 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[964] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 30 00000000674117ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[964] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 87 00000000674117e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\Windows\system32\apphelp.dll [964] entry point in ".rdata" section 000000006db30380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7620] C:\Windows\SYSTEM32\ntdll.dll!RtlRealPredecessor + 68 00007ffb6d5713b4 8 bytes {JMP 0xffffffffffffffd0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7620] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffb6d57148f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7620] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 436 00007ffb6d571654 8 bytes [A0, 6B, 41, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7620] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 677 00007ffb6d571745 8 bytes [90, 6B, 41, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7620] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 248 00007ffb6d571848 8 bytes [80, 6B, 41, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7620] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 944 00007ffb6d571b00 8 bytes [70, 6B, 41, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7620] C:\Windows\SYSTEM32\ntdll.dll!RtlUnlockModuleSection + 487 00007ffb6d572327 8 bytes [40, 6B, 41, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7620] C:\Windows\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffb6d57243f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7620] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb6d615260 8 bytes {JMP QWORD [RIP-0xa3766]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb6d615560 8 bytes {JMP QWORD [RIP-0xa39f2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7620] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb6d6155c0 8 bytes {JMP QWORD [RIP-0xa3f72]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb6d615800 8 bytes {JMP QWORD [RIP-0xa3fbe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb6d615960 8 bytes {JMP QWORD [RIP-0xa4221]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb6d616730 8 bytes {JMP QWORD [RIP-0xa42f7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7620] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb6d616d30 8 bytes {JMP QWORD [RIP-0xa4a0f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb6d617ef0 8 bytes {JMP QWORD [RIP-0xa628f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7620] C:\Windows\system32\wow64cpu.dll!BTCpuProcessInit + 101 0000000067411405 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7620] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 572 000000006741164c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7620] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 883 0000000067411783 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7620] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 30 00000000674117ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7620] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 87 00000000674117e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\Windows\system32\apphelp.dll [7620] entry point in ".rdata" section 000000006db30380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\SYSTEM32\ntdll.dll!RtlRealPredecessor + 68 00007ffb6d5713b4 8 bytes {JMP 0xffffffffffffffd0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffb6d57148f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 436 00007ffb6d571654 8 bytes [A0, 6B, 24, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 677 00007ffb6d571745 8 bytes [90, 6B, 24, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 248 00007ffb6d571848 8 bytes [80, 6B, 24, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 944 00007ffb6d571b00 8 bytes [70, 6B, 24, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\SYSTEM32\ntdll.dll!RtlUnlockModuleSection + 487 00007ffb6d572327 8 bytes [40, 6B, 24, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffb6d57243f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb6d615260 8 bytes {JMP QWORD [RIP-0xa3766]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb6d615560 8 bytes {JMP QWORD [RIP-0xa39f2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb6d6155c0 8 bytes {JMP QWORD [RIP-0xa3f72]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb6d615800 8 bytes {JMP QWORD [RIP-0xa3fbe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb6d615960 8 bytes {JMP QWORD [RIP-0xa4221]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb6d616730 8 bytes {JMP QWORD [RIP-0xa42f7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb6d616d30 8 bytes {JMP QWORD [RIP-0xa4a0f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb6d617ef0 8 bytes {JMP QWORD [RIP-0xa628f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\system32\wow64cpu.dll!BTCpuProcessInit + 101 0000000067411405 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 572 000000006741164c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 883 0000000067411783 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 30 00000000674117ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 87 00000000674117e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\Windows\system32\apphelp.dll [6776] entry point in ".rdata" section 000000006db30380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!RtlRealPredecessor + 68 00007ffb6d5713b4 8 bytes {JMP 0xffffffffffffffd0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffb6d57148f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 436 00007ffb6d571654 8 bytes [A0, 6B, 1F, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 677 00007ffb6d571745 8 bytes [90, 6B, 1F, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 248 00007ffb6d571848 8 bytes [80, 6B, 1F, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 944 00007ffb6d571b00 8 bytes [70, 6B, 1F, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!RtlUnlockModuleSection + 487 00007ffb6d572327 8 bytes [40, 6B, 1F, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffb6d57243f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb6d615260 8 bytes {JMP QWORD [RIP-0xa3766]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb6d615560 8 bytes {JMP QWORD [RIP-0xa39f2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb6d6155c0 8 bytes {JMP QWORD [RIP-0xa3f72]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb6d615800 8 bytes {JMP QWORD [RIP-0xa3fbe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb6d615960 8 bytes {JMP QWORD [RIP-0xa4221]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb6d616730 8 bytes {JMP QWORD [RIP-0xa42f7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb6d616d30 8 bytes {JMP QWORD [RIP-0xa4a0f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb6d617ef0 8 bytes {JMP QWORD [RIP-0xa628f]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6528] C:\Windows\system32\wow64cpu.dll!BTCpuProcessInit + 101 0000000067411405 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6528] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 572 000000006741164c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6528] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 883 0000000067411783 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6528] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 30 00000000674117ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6528] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 87 00000000674117e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\Windows\system32\apphelp.dll [6528] entry point in ".rdata" section 000000006db30380 .text C:\Users\s.kopertowski\Desktop\virus\kxmg03lg.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlRealPredecessor + 68 00007ffb6d5713b4 8 bytes {JMP 0xffffffffffffffd0} .text C:\Users\s.kopertowski\Desktop\virus\kxmg03lg.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffb6d57148f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\s.kopertowski\Desktop\virus\kxmg03lg.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 436 00007ffb6d571654 8 bytes [A0, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\s.kopertowski\Desktop\virus\kxmg03lg.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlpMergeSecurityAttributeInformation + 677 00007ffb6d571745 8 bytes [90, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\s.kopertowski\Desktop\virus\kxmg03lg.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 248 00007ffb6d571848 8 bytes [80, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\s.kopertowski\Desktop\virus\kxmg03lg.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 944 00007ffb6d571b00 8 bytes [70, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\s.kopertowski\Desktop\virus\kxmg03lg.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlUnlockModuleSection + 487 00007ffb6d572327 8 bytes [40, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\s.kopertowski\Desktop\virus\kxmg03lg.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffb6d57243f 8 bytes {JMP 0xffffffffffffffec} .text C:\Users\s.kopertowski\Desktop\virus\kxmg03lg.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb6d615260 8 bytes {JMP QWORD [RIP-0xa3766]} .text C:\Users\s.kopertowski\Desktop\virus\kxmg03lg.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb6d615560 8 bytes {JMP QWORD [RIP-0xa39f2]} .text C:\Users\s.kopertowski\Desktop\virus\kxmg03lg.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb6d6155c0 8 bytes {JMP QWORD [RIP-0xa3f72]} .text C:\Users\s.kopertowski\Desktop\virus\kxmg03lg.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb6d615800 8 bytes {JMP QWORD [RIP-0xa3fbe]} .text C:\Users\s.kopertowski\Desktop\virus\kxmg03lg.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb6d615960 8 bytes {JMP QWORD [RIP-0xa4221]} .text C:\Users\s.kopertowski\Desktop\virus\kxmg03lg.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb6d616730 8 bytes {JMP QWORD [RIP-0xa42f7]} .text C:\Users\s.kopertowski\Desktop\virus\kxmg03lg.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb6d616d30 8 bytes {JMP QWORD [RIP-0xa4a0f]} .text C:\Users\s.kopertowski\Desktop\virus\kxmg03lg.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb6d617ef0 8 bytes {JMP QWORD [RIP-0xa628f]} .text C:\Users\s.kopertowski\Desktop\virus\kxmg03lg.exe[4344] C:\Windows\system32\wow64cpu.dll!BTCpuProcessInit + 101 0000000067411405 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\s.kopertowski\Desktop\virus\kxmg03lg.exe[4344] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 572 000000006741164c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\s.kopertowski\Desktop\virus\kxmg03lg.exe[4344] C:\Windows\system32\wow64cpu.dll!BTCpuGetBopCode + 883 0000000067411783 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\s.kopertowski\Desktop\virus\kxmg03lg.exe[4344] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 30 00000000674117ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\s.kopertowski\Desktop\virus\kxmg03lg.exe[4344] C:\Windows\system32\wow64cpu.dll!BTCpuResetToConsistentState + 87 00000000674117e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\Windows\system32\apphelp.dll [4344] entry point in ".rdata" section 000000006db30380 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\Explorer.EXE[5084] @ C:\Windows\system32\RPCRT4.dll[ntdll.dll!NtAlpcConnectPortEx] [663a64f0] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\prremote.dll