GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-07-17 22:43:35 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006e ST950032 rev.0003 465,76GB Running: gmer.exe; Driver: C:\Users\Ania\AppData\Local\Temp\kftcqaog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[828] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000076d49010 4 bytes [C3, 00, 00, 00] .text C:\Windows\AsScrPro.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074f11401 2 bytes JMP 762bb263 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074f11419 2 bytes JMP 762bb38e C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074f11431 2 bytes JMP 763390f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074f1144a 2 bytes CALL 762948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\AsScrPro.exe[1740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074f114dd 2 bytes JMP 763389ea C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074f114f5 2 bytes JMP 76338bc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074f1150d 2 bytes JMP 763388e0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074f11525 2 bytes JMP 76338caa C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074f1153d 2 bytes JMP 762afce8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074f11555 2 bytes JMP 762b6937 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074f1156d 2 bytes JMP 763391a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074f11585 2 bytes JMP 76338d0a C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074f1159d 2 bytes JMP 763388a4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074f115b5 2 bytes JMP 762afd81 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074f115cd 2 bytes JMP 762bb324 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074f116b2 2 bytes JMP 7633906c C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074f116bd 2 bytes JMP 76338839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074f11401 2 bytes JMP 762bb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074f11419 2 bytes JMP 762bb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074f11431 2 bytes JMP 763390f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074f1144a 2 bytes CALL 762948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074f114dd 2 bytes JMP 763389ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074f114f5 2 bytes JMP 76338bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074f1150d 2 bytes JMP 763388e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074f11525 2 bytes JMP 76338caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074f1153d 2 bytes JMP 762afce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074f11555 2 bytes JMP 762b6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074f1156d 2 bytes JMP 763391a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074f11585 2 bytes JMP 76338d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074f1159d 2 bytes JMP 763388a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074f115b5 2 bytes JMP 762afd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074f115cd 2 bytes JMP 762bb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074f116b2 2 bytes JMP 7633906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074f116bd 2 bytes JMP 76338839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074f11401 2 bytes JMP 762bb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2540] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074f11419 2 bytes JMP 762bb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074f11431 2 bytes JMP 763390f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074f1144a 2 bytes CALL 762948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2540] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074f114dd 2 bytes JMP 763389ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074f114f5 2 bytes JMP 76338bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074f1150d 2 bytes JMP 763388e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074f11525 2 bytes JMP 76338caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074f1153d 2 bytes JMP 762afce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2540] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074f11555 2 bytes JMP 762b6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074f1156d 2 bytes JMP 763391a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074f11585 2 bytes JMP 76338d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074f1159d 2 bytes JMP 763388a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074f115b5 2 bytes JMP 762afd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074f115cd 2 bytes JMP 762bb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074f116b2 2 bytes JMP 7633906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074f116bd 2 bytes JMP 76338839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074f11401 2 bytes JMP 762bb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2972] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074f11419 2 bytes JMP 762bb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074f11431 2 bytes JMP 763390f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074f1144a 2 bytes CALL 762948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2972] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074f114dd 2 bytes JMP 763389ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074f114f5 2 bytes JMP 76338bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074f1150d 2 bytes JMP 763388e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074f11525 2 bytes JMP 76338caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074f1153d 2 bytes JMP 762afce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2972] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074f11555 2 bytes JMP 762b6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074f1156d 2 bytes JMP 763391a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074f11585 2 bytes JMP 76338d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074f1159d 2 bytes JMP 763388a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074f115b5 2 bytes JMP 762afd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074f115cd 2 bytes JMP 762bb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074f116b2 2 bytes JMP 7633906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074f116bd 2 bytes JMP 76338839 C:\Windows\syswow64\kernel32.dll ? C:\Windows\system32\mssprxy.dll [2972] entry point in ".rdata" section 0000000072ee71e6 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074f11401 2 bytes JMP 762bb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074f11419 2 bytes JMP 762bb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074f11431 2 bytes JMP 763390f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074f1144a 2 bytes CALL 762948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074f114dd 2 bytes JMP 763389ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074f114f5 2 bytes JMP 76338bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074f1150d 2 bytes JMP 763388e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074f11525 2 bytes JMP 76338caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074f1153d 2 bytes JMP 762afce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074f11555 2 bytes JMP 762b6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074f1156d 2 bytes JMP 763391a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074f11585 2 bytes JMP 76338d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074f1159d 2 bytes JMP 763388a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074f115b5 2 bytes JMP 762afd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074f115cd 2 bytes JMP 762bb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074f116b2 2 bytes JMP 7633906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074f116bd 2 bytes JMP 76338839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bdb0 14 bytes {MOV RAX, 0x7fefa1f30f0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f9bc00 7 bytes [48, B8, F0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f9bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f9bd70 7 bytes [48, B8, 48, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f9bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f9bd90 7 bytes [48, B8, C4, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f9bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f9bda0 7 bytes [48, B8, C4, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f9bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bdb0 7 bytes [48, B8, D0, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f9bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f9bdd0 7 bytes [48, B8, 14, C0, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f9bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f9be20 7 bytes [48, B8, 6C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f9be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f9be30 7 bytes [48, B8, 00, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f9be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f9be60 7 bytes [48, B8, 54, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f9be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f9bf00 7 bytes [48, B8, 9C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f9bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f9c080 7 bytes [48, B8, 18, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f9c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f9caf0 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f32c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f9caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f9cb40 7 bytes [48, B8, 24, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f9cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f9cc90 7 bytes [48, B8, B0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f9cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f9bc00 7 bytes [48, B8, F0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f9bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f9bd70 7 bytes [48, B8, 48, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f9bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f9bd90 7 bytes [48, B8, C4, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f9bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f9bda0 7 bytes [48, B8, C4, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f9bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bdb0 7 bytes [48, B8, D0, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f9bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f9bdd0 7 bytes [48, B8, 14, C0, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f9bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f9be20 7 bytes [48, B8, 6C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f9be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f9be30 7 bytes [48, B8, 00, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f9be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f9be60 7 bytes [48, B8, 54, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f9be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f9bf00 7 bytes [48, B8, 9C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f9bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f9c080 7 bytes [48, B8, 18, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f9c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f9caf0 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f32c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f9caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f9cb40 7 bytes [48, B8, 24, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f9cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f9cc90 7 bytes [48, B8, B0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f9cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074f11401 2 bytes JMP 762bb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4864] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074f11419 2 bytes JMP 762bb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074f11431 2 bytes JMP 763390f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074f1144a 2 bytes CALL 762948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4864] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074f114dd 2 bytes JMP 763389ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074f114f5 2 bytes JMP 76338bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074f1150d 2 bytes JMP 763388e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074f11525 2 bytes JMP 76338caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074f1153d 2 bytes JMP 762afce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4864] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074f11555 2 bytes JMP 762b6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074f1156d 2 bytes JMP 763391a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074f11585 2 bytes JMP 76338d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074f1159d 2 bytes JMP 763388a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074f115b5 2 bytes JMP 762afd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074f115cd 2 bytes JMP 762bb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074f116b2 2 bytes JMP 7633906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074f116bd 2 bytes JMP 76338839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f9bc00 7 bytes [48, B8, F0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f9bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f9bd70 7 bytes [48, B8, 48, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f9bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f9bd90 7 bytes [48, B8, C4, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f9bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f9bda0 7 bytes [48, B8, C4, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f9bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bdb0 7 bytes [48, B8, D0, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f9bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f9bdd0 7 bytes [48, B8, 14, C0, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f9bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f9be20 7 bytes [48, B8, 6C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f9be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f9be30 7 bytes [48, B8, 00, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f9be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f9be60 7 bytes [48, B8, 54, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f9be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f9bf00 7 bytes [48, B8, 9C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f9bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f9c080 7 bytes [48, B8, 18, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f9c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f9caf0 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f32c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f9caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f9cb40 7 bytes [48, B8, 24, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f9cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f9cc90 7 bytes [48, B8, B0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f9cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f9bc00 7 bytes [48, B8, F0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f9bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f9bd70 7 bytes [48, B8, 48, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f9bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f9bd90 7 bytes [48, B8, C4, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f9bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f9bda0 7 bytes [48, B8, C4, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f9bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bdb0 7 bytes [48, B8, D0, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f9bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f9bdd0 7 bytes [48, B8, 14, C0, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f9bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f9be20 7 bytes [48, B8, 6C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f9be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f9be30 7 bytes [48, B8, 00, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f9be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f9be60 7 bytes [48, B8, 54, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f9be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f9bf00 7 bytes [48, B8, 9C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f9bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f9c080 7 bytes [48, B8, 18, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f9c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f9caf0 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f32c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f9caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f9cb40 7 bytes [48, B8, 24, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f9cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f9cc90 7 bytes [48, B8, B0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f9cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f9bc00 7 bytes [48, B8, F0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f9bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f9bd70 7 bytes [48, B8, 48, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f9bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f9bd90 7 bytes [48, B8, C4, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f9bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f9bda0 7 bytes [48, B8, C4, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f9bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bdb0 7 bytes [48, B8, D0, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f9bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f9bdd0 7 bytes [48, B8, 14, C0, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f9bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f9be20 7 bytes [48, B8, 6C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f9be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f9be30 7 bytes [48, B8, 00, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f9be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f9be60 7 bytes [48, B8, 54, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f9be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f9bf00 7 bytes [48, B8, 9C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f9bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f9c080 7 bytes [48, B8, 18, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f9c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f9caf0 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f32c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f9caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f9cb40 7 bytes [48, B8, 24, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f9cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f9cc90 7 bytes [48, B8, B0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f9cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f9bc00 7 bytes [48, B8, F0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f9bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f9bd70 7 bytes [48, B8, 48, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f9bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f9bd90 7 bytes [48, B8, C4, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f9bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f9bda0 7 bytes [48, B8, C4, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f9bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bdb0 7 bytes [48, B8, D0, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f9bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f9bdd0 7 bytes [48, B8, 14, C0, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f9bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f9be20 7 bytes [48, B8, 6C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f9be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f9be30 7 bytes [48, B8, 00, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f9be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f9be60 7 bytes [48, B8, 54, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f9be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f9bf00 7 bytes [48, B8, 9C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f9bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f9c080 7 bytes [48, B8, 18, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f9c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f9caf0 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f32c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f9caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f9cb40 7 bytes [48, B8, 24, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f9cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f9cc90 7 bytes [48, B8, B0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f9cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f9bc00 7 bytes [48, B8, F0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f9bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f9bd70 7 bytes [48, B8, 48, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f9bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f9bd90 7 bytes [48, B8, C4, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f9bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f9bda0 7 bytes [48, B8, C4, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f9bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bdb0 7 bytes [48, B8, D0, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f9bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f9bdd0 7 bytes [48, B8, 14, C0, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f9bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f9be20 7 bytes [48, B8, 6C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f9be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f9be30 7 bytes [48, B8, 00, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f9be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f9be60 7 bytes [48, B8, 54, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f9be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f9bf00 7 bytes [48, B8, 9C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f9bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f9c080 7 bytes [48, B8, 18, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f9c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f9caf0 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f32c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f9caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f9cb40 7 bytes [48, B8, 24, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f9cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f9cc90 7 bytes [48, B8, B0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f9cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f9bc00 7 bytes [48, B8, F0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f9bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f9bd70 7 bytes [48, B8, 48, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f9bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f9bd90 7 bytes [48, B8, C4, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f9bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f9bda0 7 bytes [48, B8, C4, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f9bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bdb0 7 bytes [48, B8, D0, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f9bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f9bdd0 7 bytes [48, B8, 14, C0, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f9bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f9be20 7 bytes [48, B8, 6C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f9be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f9be30 7 bytes [48, B8, 00, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f9be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f9be60 7 bytes [48, B8, 54, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f9be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f9bf00 7 bytes [48, B8, 9C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f9bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f9c080 7 bytes [48, B8, 18, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f9c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f9caf0 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f32c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f9caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f9cb40 7 bytes [48, B8, 24, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f9cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f9cc90 7 bytes [48, B8, B0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f9cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f9bc00 7 bytes [48, B8, F0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f9bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f9bd70 7 bytes [48, B8, 48, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f9bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f9bd90 7 bytes [48, B8, C4, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f9bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f9bda0 7 bytes [48, B8, C4, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f9bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bdb0 7 bytes [48, B8, D0, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f9bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f9bdd0 7 bytes [48, B8, 14, C0, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f9bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f9be20 7 bytes [48, B8, 6C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f9be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f9be30 7 bytes [48, B8, 00, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f9be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f9be60 7 bytes [48, B8, 54, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f9be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f9bf00 7 bytes [48, B8, 9C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f9bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f9c080 7 bytes [48, B8, 18, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f9c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f9caf0 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f32c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f9caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f9cb40 7 bytes [48, B8, 24, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f9cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f9cc90 7 bytes [48, B8, B0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f9cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f9bc00 7 bytes [48, B8, F0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f9bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f9bd70 7 bytes [48, B8, 48, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f9bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f9bd90 7 bytes [48, B8, C4, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f9bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f9bda0 7 bytes [48, B8, C4, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f9bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bdb0 7 bytes [48, B8, D0, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f9bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f9bdd0 7 bytes [48, B8, 14, C0, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f9bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f9be20 7 bytes [48, B8, 6C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f9be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f9be30 7 bytes [48, B8, 00, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f9be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f9be60 7 bytes [48, B8, 54, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f9be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f9bf00 7 bytes [48, B8, 9C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f9bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f9c080 7 bytes [48, B8, 18, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f9c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f9caf0 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f32c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f9caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f9cb40 7 bytes [48, B8, 24, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f9cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f9cc90 7 bytes [48, B8, B0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f9cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f9bc00 7 bytes [48, B8, F0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f9bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f9bd70 7 bytes [48, B8, 48, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f9bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f9bd90 7 bytes [48, B8, C4, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f9bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f9bda0 7 bytes [48, B8, C4, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f9bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bdb0 7 bytes [48, B8, D0, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f9bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f9bdd0 7 bytes [48, B8, 14, C0, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f9bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f9be20 7 bytes [48, B8, 6C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f9be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f9be30 7 bytes [48, B8, 00, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f9be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f9be60 7 bytes [48, B8, 54, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f9be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f9bf00 7 bytes [48, B8, 9C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f9bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f9c080 7 bytes [48, B8, 18, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f9c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f9caf0 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f32c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f9caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f9cb40 7 bytes [48, B8, 24, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f9cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f9cc90 7 bytes [48, B8, B0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f9cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f9bc00 7 bytes [48, B8, F0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f9bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f9bd70 7 bytes [48, B8, 48, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f9bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f9bd90 7 bytes [48, B8, C4, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f9bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f9bda0 7 bytes [48, B8, C4, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f9bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bdb0 7 bytes [48, B8, D0, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f9bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f9bdd0 7 bytes [48, B8, 14, C0, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f9bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f9be20 7 bytes [48, B8, 6C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f9be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f9be30 7 bytes [48, B8, 00, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f9be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f9be60 7 bytes [48, B8, 54, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f9be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f9bf00 7 bytes [48, B8, 9C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f9bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f9c080 7 bytes [48, B8, 18, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f9c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f9caf0 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f32c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f9caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f9cb40 7 bytes [48, B8, 24, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f9cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f9cc90 7 bytes [48, B8, B0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f9cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f9bc00 7 bytes [48, B8, F0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f9bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f9bd70 7 bytes [48, B8, 48, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f9bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f9bd90 7 bytes [48, B8, C4, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f9bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f9bda0 7 bytes [48, B8, C4, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f9bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bdb0 7 bytes [48, B8, D0, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f9bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f9bdd0 7 bytes [48, B8, 14, C0, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f9bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f9be20 7 bytes [48, B8, 6C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f9be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f9be30 7 bytes [48, B8, 00, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f9be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f9be60 7 bytes [48, B8, 54, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f9be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f9bf00 7 bytes [48, B8, 9C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f9bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f9c080 7 bytes [48, B8, 18, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f9c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f9caf0 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f32c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f9caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f9cb40 7 bytes [48, B8, 24, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f9cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f9cc90 7 bytes [48, B8, B0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f9cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f9bc00 7 bytes [48, B8, F0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f9bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f9bd70 7 bytes [48, B8, 48, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f9bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f9bd90 7 bytes [48, B8, C4, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f9bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f9bda0 7 bytes [48, B8, C4, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f9bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bdb0 7 bytes [48, B8, D0, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f9bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f9bdd0 7 bytes [48, B8, 14, C0, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f9bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f9be20 7 bytes [48, B8, 6C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f9be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f9be30 7 bytes [48, B8, 00, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f9be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f9be60 7 bytes [48, B8, 54, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f9be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f9bf00 7 bytes [48, B8, 9C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f9bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f9c080 7 bytes [48, B8, 18, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f9c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f9caf0 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f32c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f9caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f9cb40 7 bytes [48, B8, 24, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f9cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f9cc90 7 bytes [48, B8, B0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f9cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f9bc00 7 bytes [48, B8, F0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f9bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f9bd70 7 bytes [48, B8, 48, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f9bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f9bd90 7 bytes [48, B8, C4, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f9bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f9bda0 7 bytes [48, B8, C4, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f9bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bdb0 7 bytes [48, B8, D0, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f9bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f9bdd0 7 bytes [48, B8, 14, C0, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f9bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f9be20 7 bytes [48, B8, 6C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f9be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f9be30 7 bytes [48, B8, 00, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f9be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f9be60 7 bytes [48, B8, 54, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f9be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f9bf00 7 bytes [48, B8, 9C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f9bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f9c080 7 bytes [48, B8, 18, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f9c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f9caf0 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f32c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f9caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f9cb40 7 bytes [48, B8, 24, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f9cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f9cc90 7 bytes [48, B8, B0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f9cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f9bc00 7 bytes [48, B8, F0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f9bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f9bd70 7 bytes [48, B8, 48, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f9bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f9bd90 7 bytes [48, B8, C4, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f9bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f9bda0 7 bytes [48, B8, C4, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f9bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bdb0 7 bytes [48, B8, D0, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f9bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f9bdd0 7 bytes [48, B8, 14, C0, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f9bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f9be20 7 bytes [48, B8, 6C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f9be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f9be30 7 bytes [48, B8, 00, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f9be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f9be60 7 bytes [48, B8, 54, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f9be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f9bf00 7 bytes [48, B8, 9C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f9bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f9c080 7 bytes [48, B8, 18, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f9c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f9caf0 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f32c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f9caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f9cb40 7 bytes [48, B8, 24, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f9cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f9cc90 7 bytes [48, B8, B0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f9cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f9bc00 7 bytes [48, B8, F0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f9bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f9bd70 7 bytes [48, B8, 48, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f9bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f9bd90 7 bytes [48, B8, C4, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f9bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f9bda0 7 bytes [48, B8, C4, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f9bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bdb0 7 bytes [48, B8, D0, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f9bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f9bdd0 7 bytes [48, B8, 14, C0, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f9bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f9be20 7 bytes [48, B8, 6C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f9be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f9be30 7 bytes [48, B8, 00, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f9be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f9be60 7 bytes [48, B8, 54, BE, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f9be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f9bf00 7 bytes [48, B8, 9C, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f9bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f9c080 7 bytes [48, B8, 18, BD, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f9c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f9caf0 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f32c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f9caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f9cb40 7 bytes [48, B8, 24, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f9cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f9cc90 7 bytes [48, B8, B0, BF, 32, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f9cc98 6 bytes {ADD [RAX], AL; JMP RAX} ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feddd5aef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddd5a630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddd5aee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feddd5b31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3376] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feddd5aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feddd5aef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddd5a630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddd5aee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feddd5b31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feddd5aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4848] @ C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\PepperFlash\pepflashplayer.dll[KERNEL32.dll!CreateNamedPipeW] [b6d3002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5156] @ C:\Users\Ania\AppData\Local\Google\Chrome\User Data\PepperFlash\22.0.0.209\pepflashplayer.dll[KERNEL32.dll!CreateNamedPipeW] [b6d3002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feddd5aef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddd5a630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddd5aee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feddd5b31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feddd5aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feddd5aef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddd5a630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddd5aee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feddd5b31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2336] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feddd5aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feddd5aef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddd5a630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddd5aee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feddd5b31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feddd5aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feddd5aef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddd5a630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddd5aee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feddd5b31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2456] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feddd5aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feddd5aef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddd5a630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddd5aee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feddd5b31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6248] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feddd5aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feddd5aef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddd5a630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddd5aee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feddd5b31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feddd5aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feddd5aef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddd5a630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddd5aee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feddd5b31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6268] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feddd5aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feddd5aef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddd5a630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddd5aee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feddd5b31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[136] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feddd5aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feddd5aef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddd5a630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddd5aee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feddd5b31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5988] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feddd5aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feddd5aef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddd5a630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddd5aee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feddd5b31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4736] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feddd5aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feddd5aef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddd5a630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddd5aee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feddd5b31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feddd5aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feddd5aef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddd5a630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddd5aee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feddd5b31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feddd5aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5260:4184] 0000000075067587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5260:4132] 00000000692b9946 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5260:4956] 0000000077181697 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5260:4732] 0000000077187ad8 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5260:4536] 0000000077187ad8 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5260:4144] 0000000077187ad8 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68526b69 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68526b69 (not active ControlSet) ---- EOF - GMER 2.2 ----