GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-30 11:27:05 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 ST1000DM003-1CH162 rev.CC47 931,51GB Running: zbxp3q0q.exe; Driver: C:\Users\Aga\AppData\Local\Temp\uxriapow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Nero\Nero TuneItUp\ServiceProvider.exe[1860] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000755b8791 5 bytes [33, C0, C2, 04, 00] .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 5 bytes JMP 00000000000200a0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Windows\system32\sppsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\sppsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Windows\system32\sppsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\sppsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Windows\system32\sppsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\sppsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\sppsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Windows\system32\sppsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Windows\system32\sppsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\sppsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Windows\system32\sppsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Windows\system32\sppsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\sppsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Windows\system32\SearchIndexer.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\SearchIndexer.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Windows\system32\SearchIndexer.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\SearchIndexer.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Windows\system32\SearchIndexer.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\SearchIndexer.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\SearchIndexer.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Windows\system32\SearchIndexer.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Windows\system32\SearchIndexer.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\SearchIndexer.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Windows\system32\SearchIndexer.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Windows\system32\SearchIndexer.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\SearchIndexer.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Windows\system32\svchost.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\svchost.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Windows\system32\svchost.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\svchost.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Windows\system32\svchost.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\svchost.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\svchost.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Windows\system32\svchost.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Windows\system32\svchost.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\svchost.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Windows\system32\svchost.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Windows\system32\svchost.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\svchost.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 5 bytes JMP 00000000000200a0 .text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\AVG\Av\avgrsa.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\AVG\Av\avgrsa.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\AVG\Av\avgrsa.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 5 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\AVG\Av\avgrsa.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\AVG\Av\avgrsa.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\AVG\Av\avgrsa.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\AVG\Av\avgrsa.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\AVG\Av\avgrsa.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\AVG\Av\avgrsa.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\AVG\Av\avgrsa.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\AVG\Av\avgrsa.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\AVG\Av\avgrsa.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\AVG\Av\avgrsa.exe[4844] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Program Files\BitComet\tools\BitCometService.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess 00000000778efae8 5 bytes JMP 0000000073a230e0 .text C:\Program Files\BitComet\tools\BitCometService.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000778efc60 5 bytes JMP 0000000073a22360 .text C:\Program Files\BitComet\tools\BitCometService.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efe24 5 bytes JMP 0000000073a221f0 .text C:\Program Files\BitComet\tools\BitCometService.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efeb8 5 bytes JMP 0000000073a227a0 .text C:\Program Files\BitComet\tools\BitCometService.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000778eff84 5 bytes JMP 0000000073a22650 .text C:\Program Files\BitComet\tools\BitCometService.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0078 5 bytes JMP 0000000073a22520 .text C:\Program Files\BitComet\tools\BitCometService.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f07ac 5 bytes JMP 0000000073a228e0 .text C:\Program Files\BitComet\tools\BitCometService.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000778f0884 5 bytes JMP 0000000073a22b70 .text C:\Program Files\BitComet\tools\BitCometService.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778f092c 5 bytes JMP 0000000073a22e00 .text C:\Program Files\BitComet\tools\BitCometService.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000778f1088 5 bytes JMP 0000000073a22a30 .text C:\Program Files\BitComet\tools\BitCometService.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000778f1100 5 bytes JMP 0000000073a22cc0 .text C:\Program Files\BitComet\tools\BitCometService.exe[3364] C:\Windows\SysWOW64\ntdll.dll!RtlQueryEnvironmentVariable 000000007790911f 5 bytes JMP 0000000073a22f80 .text C:\Program Files\BitComet\tools\BitCometService.exe[3364] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 000000007798ff31 5 bytes JMP 0000000073a22e90 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess 00000000778efae8 5 bytes JMP 0000000073a230e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000778efc60 5 bytes JMP 0000000073a22360 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efe24 5 bytes JMP 0000000073a221f0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efeb8 5 bytes JMP 0000000073a227a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000778eff84 5 bytes JMP 0000000073a22650 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0078 5 bytes JMP 0000000073a22520 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f07ac 5 bytes JMP 0000000073a228e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000778f0884 5 bytes JMP 0000000073a22b70 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778f092c 5 bytes JMP 0000000073a22e00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000778f1088 5 bytes JMP 0000000073a22a30 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000778f1100 5 bytes JMP 0000000073a22cc0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\SysWOW64\ntdll.dll!RtlQueryEnvironmentVariable 000000007790911f 5 bytes JMP 0000000073a22f80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 000000007798ff31 5 bytes JMP 0000000073a22e90 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5344] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess 00000000778efae8 5 bytes JMP 0000000073a230e0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5344] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000778efc60 5 bytes JMP 0000000073a22360 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5344] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efe24 5 bytes JMP 0000000073a221f0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5344] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efeb8 5 bytes JMP 0000000073a227a0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5344] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000778eff84 5 bytes JMP 0000000073a22650 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5344] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0078 5 bytes JMP 0000000073a22520 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5344] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f07ac 5 bytes JMP 0000000073a228e0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5344] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000778f0884 5 bytes JMP 0000000073a22b70 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5344] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778f092c 5 bytes JMP 0000000073a22e00 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5344] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000778f1088 5 bytes JMP 0000000073a22a30 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5344] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000778f1100 5 bytes JMP 0000000073a22cc0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5344] C:\Windows\SysWOW64\ntdll.dll!RtlQueryEnvironmentVariable 000000007790911f 5 bytes JMP 0000000073a22f80 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5344] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 000000007798ff31 5 bytes JMP 0000000073a22e90 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess 00000000778efae8 5 bytes JMP 0000000073a230e0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000778efc60 5 bytes JMP 0000000073a22360 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efe24 5 bytes JMP 0000000073a221f0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efeb8 5 bytes JMP 0000000073a227a0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000778eff84 5 bytes JMP 0000000073a22650 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0078 5 bytes JMP 0000000073a22520 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f07ac 5 bytes JMP 0000000073a228e0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000778f0884 5 bytes JMP 0000000073a22b70 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778f092c 5 bytes JMP 0000000073a22e00 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000778f1088 5 bytes JMP 0000000073a22a30 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000778f1100 5 bytes JMP 0000000073a22cc0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\SysWOW64\ntdll.dll!RtlQueryEnvironmentVariable 000000007790911f 5 bytes JMP 0000000073a22f80 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 000000007798ff31 5 bytes JMP 0000000073a22e90 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077391401 2 bytes JMP 755db263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077391419 2 bytes JMP 755db38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077391431 2 bytes JMP 756590f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007739144a 2 bytes CALL 755b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773914dd 2 bytes JMP 756589ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773914f5 2 bytes JMP 75658bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007739150d 2 bytes JMP 756588e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077391525 2 bytes JMP 75658caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007739153d 2 bytes JMP 755cfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077391555 2 bytes JMP 755d6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007739156d 2 bytes JMP 756591a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077391585 2 bytes JMP 75658d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007739159d 2 bytes JMP 756588a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773915b5 2 bytes JMP 755cfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773915cd 2 bytes JMP 755db324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773916b2 2 bytes JMP 7565906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773916bd 2 bytes JMP 75658839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5196] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess 00000000778efae8 5 bytes JMP 0000000073a230e0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5196] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000778efc60 5 bytes JMP 0000000073a22360 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5196] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efe24 5 bytes JMP 0000000073a221f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5196] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efeb8 5 bytes JMP 0000000073a227a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5196] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000778eff84 5 bytes JMP 0000000073a22650 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5196] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0078 5 bytes JMP 0000000073a22520 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5196] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f07ac 5 bytes JMP 0000000073a228e0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5196] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000778f0884 5 bytes JMP 0000000073a22b70 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5196] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778f092c 5 bytes JMP 0000000073a22e00 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5196] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000778f1088 5 bytes JMP 0000000073a22a30 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5196] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000778f1100 5 bytes JMP 0000000073a22cc0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5196] C:\Windows\SysWOW64\ntdll.dll!RtlQueryEnvironmentVariable 000000007790911f 5 bytes JMP 0000000073a22f80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5196] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 000000007798ff31 5 bytes JMP 0000000073a22e90 .text C:\Windows\System32\svchost.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Windows\System32\svchost.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Windows\System32\svchost.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 5 bytes JMP 00000000000200a0 .text C:\Windows\System32\svchost.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Windows\System32\svchost.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Windows\System32\svchost.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Windows\System32\svchost.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Windows\System32\svchost.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Windows\System32\svchost.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Windows\System32\svchost.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Windows\System32\svchost.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Windows\System32\svchost.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Windows\System32\svchost.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess 00000000778efae8 5 bytes JMP 0000000073a230e0 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000778efc60 5 bytes JMP 0000000073a22360 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efe24 5 bytes JMP 0000000073a221f0 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efeb8 5 bytes JMP 0000000073a227a0 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000778eff84 5 bytes JMP 0000000073a22650 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0078 5 bytes JMP 0000000073a22520 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f07ac 5 bytes JMP 0000000073a228e0 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000778f0884 5 bytes JMP 0000000073a22b70 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778f092c 5 bytes JMP 0000000073a22e00 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000778f1088 5 bytes JMP 0000000073a22a30 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000778f1100 5 bytes JMP 0000000073a22cc0 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3276] C:\Windows\SysWOW64\ntdll.dll!RtlQueryEnvironmentVariable 000000007790911f 5 bytes JMP 0000000073a22f80 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3276] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 000000007798ff31 5 bytes JMP 0000000073a22e90 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2524] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess 00000000778efae8 5 bytes JMP 0000000073a230e0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2524] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000778efc60 5 bytes JMP 0000000073a22360 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2524] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efe24 5 bytes JMP 0000000073a221f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2524] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efeb8 5 bytes JMP 0000000073a227a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2524] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000778eff84 5 bytes JMP 0000000073a22650 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2524] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0078 5 bytes JMP 0000000073a22520 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2524] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f07ac 5 bytes JMP 0000000073a228e0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2524] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000778f0884 5 bytes JMP 0000000073a22b70 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2524] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778f092c 5 bytes JMP 0000000073a22e00 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2524] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000778f1088 5 bytes JMP 0000000073a22a30 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2524] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000778f1100 5 bytes JMP 0000000073a22cc0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2524] C:\Windows\SysWOW64\ntdll.dll!RtlQueryEnvironmentVariable 000000007790911f 5 bytes JMP 0000000073a22f80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2524] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 000000007798ff31 5 bytes JMP 0000000073a22e90 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 5 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 5 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 5 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007773bc00 7 bytes [48, B8, 68, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007773bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007773bd70 7 bytes [48, B8, C0, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007773bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773bd90 7 bytes [48, B8, 3C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007773bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007773bda0 7 bytes [48, B8, 3C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007773bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007773bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007773bdd0 7 bytes [48, B8, 8C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007773bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007773be20 7 bytes [48, B8, E4, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007773be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007773be30 7 bytes [48, B8, 78, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007773be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007773be60 7 bytes [48, B8, CC, F2, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007773be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007773bf00 7 bytes [48, B8, 14, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007773bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007773c080 7 bytes [48, B8, 90, F1, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007773c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007773caf0 7 bytes [48, B8, 60, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007773caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773cb40 7 bytes [48, B8, 9C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007773cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007773cc90 7 bytes [48, B8, 28, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007773cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7060] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007773bc00 7 bytes [48, B8, 68, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007773bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007773bd70 7 bytes [48, B8, C0, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007773bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773bd90 7 bytes [48, B8, 3C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007773bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007773bda0 7 bytes [48, B8, 3C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007773bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007773bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007773bdd0 7 bytes [48, B8, 8C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007773bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007773be20 7 bytes [48, B8, E4, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007773be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007773be30 7 bytes [48, B8, 78, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007773be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007773be60 7 bytes [48, B8, CC, F2, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007773be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007773bf00 7 bytes [48, B8, 14, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007773bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007773c080 7 bytes [48, B8, 90, F1, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007773c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007773caf0 7 bytes [48, B8, 60, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007773caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773cb40 7 bytes [48, B8, 9C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007773cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007773cc90 7 bytes [48, B8, 28, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007773cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007773bc00 7 bytes [48, B8, 68, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007773bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007773bd70 7 bytes [48, B8, C0, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007773bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773bd90 7 bytes [48, B8, 3C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007773bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007773bda0 7 bytes [48, B8, 3C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007773bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007773bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007773bdd0 7 bytes [48, B8, 8C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007773bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007773be20 7 bytes [48, B8, E4, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007773be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007773be30 7 bytes [48, B8, 78, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007773be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007773be60 7 bytes [48, B8, CC, F2, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007773be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007773bf00 7 bytes [48, B8, 14, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007773bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007773c080 7 bytes [48, B8, 90, F1, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007773c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007773caf0 7 bytes [48, B8, 60, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007773caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773cb40 7 bytes [48, B8, 9C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007773cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007773cc90 7 bytes [48, B8, 28, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007773cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007773bc00 7 bytes [48, B8, 68, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007773bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007773bd70 7 bytes [48, B8, C0, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007773bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773bd90 7 bytes [48, B8, 3C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007773bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007773bda0 7 bytes [48, B8, 3C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007773bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007773bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007773bdd0 7 bytes [48, B8, 8C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007773bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007773be20 7 bytes [48, B8, E4, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007773be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007773be30 7 bytes [48, B8, 78, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007773be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007773be60 7 bytes [48, B8, CC, F2, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007773be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007773bf00 7 bytes [48, B8, 14, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007773bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007773c080 7 bytes [48, B8, 90, F1, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007773c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007773caf0 7 bytes [48, B8, 60, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007773caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773cb40 7 bytes [48, B8, 9C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007773cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007773cc90 7 bytes [48, B8, 28, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007773cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007773bc00 7 bytes [48, B8, 68, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007773bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007773bd70 7 bytes [48, B8, C0, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007773bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773bd90 7 bytes [48, B8, 3C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007773bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007773bda0 7 bytes [48, B8, 3C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007773bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007773bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007773bdd0 7 bytes [48, B8, 8C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007773bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007773be20 7 bytes [48, B8, E4, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007773be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007773be30 7 bytes [48, B8, 78, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007773be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007773be60 7 bytes [48, B8, CC, F2, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007773be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007773bf00 7 bytes [48, B8, 14, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007773bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007773c080 7 bytes [48, B8, 90, F1, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007773c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007773caf0 7 bytes [48, B8, 60, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007773caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773cb40 7 bytes [48, B8, 9C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007773cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007773cc90 7 bytes [48, B8, 28, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007773cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007773bc00 7 bytes [48, B8, 68, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007773bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007773bd70 7 bytes [48, B8, C0, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007773bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773bd90 7 bytes [48, B8, 3C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007773bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007773bda0 7 bytes [48, B8, 3C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007773bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007773bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007773bdd0 7 bytes [48, B8, 8C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007773bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007773be20 7 bytes [48, B8, E4, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007773be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007773be30 7 bytes [48, B8, 78, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007773be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007773be60 7 bytes [48, B8, CC, F2, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007773be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007773bf00 7 bytes [48, B8, 14, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007773bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007773c080 7 bytes [48, B8, 90, F1, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007773c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007773caf0 7 bytes [48, B8, 60, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007773caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773cb40 7 bytes [48, B8, 9C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007773cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007773cc90 7 bytes [48, B8, 28, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007773cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007773bc00 7 bytes [48, B8, 68, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007773bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007773bd70 7 bytes [48, B8, C0, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007773bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773bd90 7 bytes [48, B8, 3C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007773bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007773bda0 7 bytes [48, B8, 3C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007773bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007773bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007773bdd0 7 bytes [48, B8, 8C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007773bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007773be20 7 bytes [48, B8, E4, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007773be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007773be30 7 bytes [48, B8, 78, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007773be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007773be60 7 bytes [48, B8, CC, F2, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007773be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007773bf00 7 bytes [48, B8, 14, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007773bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007773c080 7 bytes [48, B8, 90, F1, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007773c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007773caf0 7 bytes [48, B8, 60, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007773caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773cb40 7 bytes [48, B8, 9C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007773cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007773cc90 7 bytes [48, B8, 28, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007773cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007773bc00 7 bytes [48, B8, 68, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007773bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007773bd70 7 bytes [48, B8, C0, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007773bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773bd90 7 bytes [48, B8, 3C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007773bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007773bda0 7 bytes [48, B8, 3C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007773bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007773bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007773bdd0 7 bytes [48, B8, 8C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007773bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007773be20 7 bytes [48, B8, E4, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007773be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007773be30 7 bytes [48, B8, 78, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007773be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007773be60 7 bytes [48, B8, CC, F2, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007773be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007773bf00 7 bytes [48, B8, 14, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007773bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007773c080 7 bytes [48, B8, 90, F1, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007773c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007773caf0 7 bytes [48, B8, 60, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007773caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773cb40 7 bytes [48, B8, 9C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007773cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007773cc90 7 bytes [48, B8, 28, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007773cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007773bc00 7 bytes [48, B8, 68, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007773bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007773bd70 7 bytes [48, B8, C0, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007773bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773bd90 7 bytes [48, B8, 3C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007773bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007773bda0 7 bytes [48, B8, 3C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007773bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007773bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007773bdd0 7 bytes [48, B8, 8C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007773bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007773be20 7 bytes [48, B8, E4, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007773be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007773be30 7 bytes [48, B8, 78, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007773be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007773be60 7 bytes [48, B8, CC, F2, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007773be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007773bf00 7 bytes [48, B8, 14, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007773bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007773c080 7 bytes [48, B8, 90, F1, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007773c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007773caf0 7 bytes [48, B8, 60, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007773caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773cb40 7 bytes [48, B8, 9C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007773cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007773cc90 7 bytes [48, B8, 28, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007773cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Windows\system32\taskhost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\taskhost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Windows\system32\taskhost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\taskhost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Windows\system32\taskhost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\taskhost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\taskhost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Windows\system32\taskhost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Windows\system32\taskhost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\taskhost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Windows\system32\taskhost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Windows\system32\taskhost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\taskhost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007773bc00 7 bytes [48, B8, 68, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007773bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007773bd70 7 bytes [48, B8, C0, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007773bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773bd90 7 bytes [48, B8, 3C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007773bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007773bda0 7 bytes [48, B8, 3C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007773bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007773bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007773bdd0 7 bytes [48, B8, 8C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007773bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007773be20 7 bytes [48, B8, E4, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007773be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007773be30 7 bytes [48, B8, 78, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007773be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007773be60 7 bytes [48, B8, CC, F2, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007773be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007773bf00 7 bytes [48, B8, 14, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007773bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007773c080 7 bytes [48, B8, 90, F1, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007773c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007773caf0 7 bytes [48, B8, 60, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007773caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773cb40 7 bytes [48, B8, 9C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007773cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007773cc90 7 bytes [48, B8, 28, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007773cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007773bc00 7 bytes [48, B8, 68, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007773bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007773bd70 7 bytes [48, B8, C0, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007773bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773bd90 7 bytes [48, B8, 3C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007773bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007773bda0 7 bytes [48, B8, 3C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007773bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007773bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007773bdd0 7 bytes [48, B8, 8C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007773bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007773be20 7 bytes [48, B8, E4, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007773be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007773be30 7 bytes [48, B8, 78, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007773be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007773be60 7 bytes [48, B8, CC, F2, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007773be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007773bf00 7 bytes [48, B8, 14, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007773bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007773c080 7 bytes [48, B8, 90, F1, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007773c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007773caf0 7 bytes [48, B8, 60, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007773caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773cb40 7 bytes [48, B8, 9C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007773cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007773cc90 7 bytes [48, B8, 28, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007773cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000777140c0 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007773bc00 7 bytes [48, B8, 68, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007773bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007773bcc0 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007773bd70 7 bytes [48, B8, C0, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007773bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773bd90 7 bytes [48, B8, 3C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007773bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007773bda0 7 bytes [48, B8, 3C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007773bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007773bdb0 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007773bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007773bdd0 7 bytes [48, B8, 8C, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007773bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007773be20 7 bytes [48, B8, E4, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007773be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007773be30 7 bytes [48, B8, 78, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007773be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007773be60 7 bytes [48, B8, CC, F2, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007773be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773bed0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007773bf00 7 bytes [48, B8, 14, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007773bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773bf30 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773bfb0 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007773c050 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007773c080 7 bytes [48, B8, 90, F1, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007773c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773c500 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773c590 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007773c600 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773cac0 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007773caf0 7 bytes [48, B8, 60, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007773caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773cb10 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773cb40 7 bytes [48, B8, 9C, F3, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007773cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007773cc90 7 bytes [48, B8, 28, F4, 4E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007773cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077792530 5 bytes JMP 0000000000020568 .text C:\Users\Aga\Desktop\zbxp3q0q.exe[8004] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess 00000000778efae8 5 bytes JMP 0000000073a230e0 .text C:\Users\Aga\Desktop\zbxp3q0q.exe[8004] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000778efc60 5 bytes JMP 0000000073a22360 .text C:\Users\Aga\Desktop\zbxp3q0q.exe[8004] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efe24 5 bytes JMP 0000000073a221f0 .text C:\Users\Aga\Desktop\zbxp3q0q.exe[8004] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efeb8 5 bytes JMP 0000000073a227a0 .text C:\Users\Aga\Desktop\zbxp3q0q.exe[8004] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000778eff84 5 bytes JMP 0000000073a22650 .text C:\Users\Aga\Desktop\zbxp3q0q.exe[8004] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0078 5 bytes JMP 0000000073a22520 .text C:\Users\Aga\Desktop\zbxp3q0q.exe[8004] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f07ac 5 bytes JMP 0000000073a228e0 .text C:\Users\Aga\Desktop\zbxp3q0q.exe[8004] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000778f0884 5 bytes JMP 0000000073a22b70 .text C:\Users\Aga\Desktop\zbxp3q0q.exe[8004] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778f092c 5 bytes JMP 0000000073a22e00 .text C:\Users\Aga\Desktop\zbxp3q0q.exe[8004] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000778f1088 5 bytes JMP 0000000073a22a30 .text C:\Users\Aga\Desktop\zbxp3q0q.exe[8004] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000778f1100 5 bytes JMP 0000000073a22cc0 .text C:\Users\Aga\Desktop\zbxp3q0q.exe[8004] C:\Windows\SysWOW64\ntdll.dll!RtlQueryEnvironmentVariable 000000007790911f 5 bytes JMP 0000000073a22f80 .text C:\Users\Aga\Desktop\zbxp3q0q.exe[8004] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 000000007798ff31 5 bytes JMP 0000000073a22e90 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fed7336880] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed7335fc4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed7336868] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fed7336ca4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6168] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed7336860] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fed7336880] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed7335fc4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed7336868] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fed7336ca4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed7336860] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fed7336880] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed7335fc4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed7336868] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fed7336ca4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed7336860] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fed7336880] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed7335fc4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed7336868] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fed7336ca4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5464] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed7336860] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fed7336880] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed7335fc4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed7336868] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fed7336ca4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6264] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed7336860] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fed7336880] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed7335fc4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed7336868] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fed7336ca4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7924] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed7336860] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fed7336880] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed7335fc4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed7336868] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fed7336ca4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8100] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed7336860] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fed7336880] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed7335fc4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed7336868] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fed7336ca4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7400] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed7336860] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fed7336880] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed7335fc4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed7336868] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fed7336ca4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed7336860] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fed7336880] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed7335fc4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed7336868] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fed7336ca4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed7336860] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fed7336880] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed7335fc4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed7336868] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fed7336ca4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed7336860] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll ---- Threads - GMER 2.2 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4020:4224] 000007fefbab2b1c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4020:4236] 000007feeaa88f70 Thread C:\Windows\System32\svchost.exe [5204:5316] 000007fef1db9688 ---- EOF - GMER 2.2 ----