GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-20 17:41:05 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 GOODRAM rev.SAFM22.3 223,57GB Running: s74fm3d3.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kwnyrpod.sys ---- Kernel code sections - GMER 2.2 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007735bdb0 14 bytes {MOV RAX, 0x7feeec32f54; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007735bc00 7 bytes [48, B8, B4, C4, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007735bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007735bd70 7 bytes [48, B8, 28, C5, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007735bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735bd90 7 bytes [48, B8, D4, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007735bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007735bda0 7 bytes [48, B8, D8, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007735bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007735bdb0 7 bytes [48, B8, 98, C3, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007735bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007735bdd0 7 bytes [48, B8, 04, C4, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007735bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007735be20 7 bytes [48, B8, 98, C5, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007735be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007735be30 7 bytes [48, B8, 10, C9, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007735be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007735be60 7 bytes [48, B8, 7C, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007735be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007735bf00 7 bytes [48, B8, B0, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007735bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007735c080 7 bytes [48, B8, 08, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007735c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007735caf0 7 bytes [48, B8, F8, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007735caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735cb40 7 bytes [48, B8, B0, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007735cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007735cc90 7 bytes [48, B8, C4, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007735cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007735bc00 7 bytes [48, B8, B4, C4, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007735bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007735bd70 7 bytes [48, B8, 28, C5, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007735bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735bd90 7 bytes [48, B8, D4, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007735bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007735bda0 7 bytes [48, B8, D8, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007735bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007735bdb0 7 bytes [48, B8, 98, C3, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007735bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007735bdd0 7 bytes [48, B8, 04, C4, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007735bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007735be20 7 bytes [48, B8, 98, C5, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007735be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007735be30 7 bytes [48, B8, 10, C9, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007735be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007735be60 7 bytes [48, B8, 7C, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007735be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007735bf00 7 bytes [48, B8, B0, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007735bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007735c080 7 bytes [48, B8, 08, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007735c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007735caf0 7 bytes [48, B8, F8, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007735caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735cb40 7 bytes [48, B8, B0, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007735cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007735cc90 7 bytes [48, B8, C4, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007735cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007735bc00 7 bytes [48, B8, B4, C4, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007735bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007735bd70 7 bytes [48, B8, 28, C5, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007735bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735bd90 7 bytes [48, B8, D4, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007735bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007735bda0 7 bytes [48, B8, D8, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007735bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007735bdb0 7 bytes [48, B8, 98, C3, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007735bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007735bdd0 7 bytes [48, B8, 04, C4, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007735bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007735be20 7 bytes [48, B8, 98, C5, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007735be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007735be30 7 bytes [48, B8, 10, C9, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007735be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007735be60 7 bytes [48, B8, 7C, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007735be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007735bf00 7 bytes [48, B8, B0, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007735bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007735c080 7 bytes [48, B8, 08, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007735c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007735caf0 7 bytes [48, B8, F8, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007735caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735cb40 7 bytes [48, B8, B0, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007735cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007735cc90 7 bytes [48, B8, C4, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007735cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007735bc00 7 bytes [48, B8, B4, C4, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007735bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007735bd70 7 bytes [48, B8, 28, C5, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007735bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735bd90 7 bytes [48, B8, D4, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007735bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007735bda0 7 bytes [48, B8, D8, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007735bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007735bdb0 7 bytes [48, B8, 98, C3, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007735bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007735bdd0 7 bytes [48, B8, 04, C4, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007735bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007735be20 7 bytes [48, B8, 98, C5, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007735be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007735be30 7 bytes [48, B8, 10, C9, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007735be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007735be60 7 bytes [48, B8, 7C, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007735be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007735bf00 7 bytes [48, B8, B0, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007735bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007735c080 7 bytes [48, B8, 08, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007735c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007735caf0 7 bytes [48, B8, F8, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007735caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735cb40 7 bytes [48, B8, B0, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007735cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007735cc90 7 bytes [48, B8, C4, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007735cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007735bc00 7 bytes [48, B8, B4, C4, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007735bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007735bd70 7 bytes [48, B8, 28, C5, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007735bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735bd90 7 bytes [48, B8, D4, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007735bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007735bda0 7 bytes [48, B8, D8, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007735bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007735bdb0 7 bytes [48, B8, 98, C3, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007735bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007735bdd0 7 bytes [48, B8, 04, C4, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007735bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007735be20 7 bytes [48, B8, 98, C5, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007735be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007735be30 7 bytes [48, B8, 10, C9, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007735be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007735be60 7 bytes [48, B8, 7C, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007735be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007735bf00 7 bytes [48, B8, B0, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007735bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007735c080 7 bytes [48, B8, 08, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007735c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007735caf0 7 bytes [48, B8, F8, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007735caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735cb40 7 bytes [48, B8, B0, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007735cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007735cc90 7 bytes [48, B8, C4, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007735cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007735bc00 7 bytes [48, B8, B4, C4, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007735bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007735bd70 7 bytes [48, B8, 28, C5, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007735bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735bd90 7 bytes [48, B8, D4, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007735bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007735bda0 7 bytes [48, B8, D8, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007735bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007735bdb0 7 bytes [48, B8, 98, C3, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007735bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007735bdd0 7 bytes [48, B8, 04, C4, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007735bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007735be20 7 bytes [48, B8, 98, C5, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007735be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007735be30 7 bytes [48, B8, 10, C9, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007735be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007735be60 7 bytes [48, B8, 7C, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007735be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007735bf00 7 bytes [48, B8, B0, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007735bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007735c080 7 bytes [48, B8, 08, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007735c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007735caf0 7 bytes [48, B8, F8, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007735caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735cb40 7 bytes [48, B8, B0, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007735cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007735cc90 7 bytes [48, B8, C4, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007735cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007735bc00 7 bytes [48, B8, B4, C4, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007735bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007735bd70 7 bytes [48, B8, 28, C5, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007735bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735bd90 7 bytes [48, B8, D4, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007735bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007735bda0 7 bytes [48, B8, D8, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007735bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007735bdb0 7 bytes [48, B8, 98, C3, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007735bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007735bdd0 7 bytes [48, B8, 04, C4, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007735bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007735be20 7 bytes [48, B8, 98, C5, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007735be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007735be30 7 bytes [48, B8, 10, C9, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007735be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007735be60 7 bytes [48, B8, 7C, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007735be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007735bf00 7 bytes [48, B8, B0, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007735bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007735c080 7 bytes [48, B8, 08, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007735c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007735caf0 7 bytes [48, B8, F8, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007735caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735cb40 7 bytes [48, B8, B0, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007735cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007735cc90 7 bytes [48, B8, C4, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007735cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007735bc00 7 bytes [48, B8, B4, C4, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007735bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007735bd70 7 bytes [48, B8, 28, C5, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007735bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735bd90 7 bytes [48, B8, D4, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007735bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007735bda0 7 bytes [48, B8, D8, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007735bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007735bdb0 7 bytes [48, B8, 98, C3, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007735bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007735bdd0 7 bytes [48, B8, 04, C4, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007735bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007735be20 7 bytes [48, B8, 98, C5, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007735be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007735be30 7 bytes [48, B8, 10, C9, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007735be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007735be60 7 bytes [48, B8, 7C, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007735be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007735bf00 7 bytes [48, B8, B0, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007735bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007735c080 7 bytes [48, B8, 08, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007735c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007735caf0 7 bytes [48, B8, F8, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007735caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735cb40 7 bytes [48, B8, B0, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007735cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007735cc90 7 bytes [48, B8, C4, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007735cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007735bc00 7 bytes [48, B8, B4, C4, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007735bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007735bd70 7 bytes [48, B8, 28, C5, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007735bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735bd90 7 bytes [48, B8, D4, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007735bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007735bda0 7 bytes [48, B8, D8, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007735bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007735bdb0 7 bytes [48, B8, 98, C3, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007735bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007735bdd0 7 bytes [48, B8, 04, C4, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007735bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007735be20 7 bytes [48, B8, 98, C5, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007735be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007735be30 7 bytes [48, B8, 10, C9, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007735be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007735be60 7 bytes [48, B8, 7C, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007735be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007735bf00 7 bytes [48, B8, B0, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007735bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007735c080 7 bytes [48, B8, 08, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007735c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007735caf0 7 bytes [48, B8, F8, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007735caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735cb40 7 bytes [48, B8, B0, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007735cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007735cc90 7 bytes [48, B8, C4, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007735cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007735bc00 7 bytes [48, B8, B4, C4, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007735bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007735bd70 7 bytes [48, B8, 28, C5, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007735bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007735bd90 7 bytes [48, B8, D4, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007735bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007735bda0 7 bytes [48, B8, D8, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007735bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007735bdb0 7 bytes [48, B8, 98, C3, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007735bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007735bdd0 7 bytes [48, B8, 04, C4, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007735bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007735be20 7 bytes [48, B8, 98, C5, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007735be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007735be30 7 bytes [48, B8, 10, C9, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007735be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007735be60 7 bytes [48, B8, 7C, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007735be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007735bf00 7 bytes [48, B8, B0, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007735bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007735c080 7 bytes [48, B8, 08, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007735c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007735caf0 7 bytes [48, B8, F8, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007735caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007735cb40 7 bytes [48, B8, B0, C8, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007735cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007735cc90 7 bytes [48, B8, C4, C6, 60, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007735cc98 6 bytes {ADD [RAX], AL; JMP RAX} ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee8e916e8] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee8e90f48] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee8e916d0] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee8e91924] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3344] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee7658ce4] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee8e916e8] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee8e90f48] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee8e916d0] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee8e91924] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4100] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee7658ce4] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee8e916e8] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee8e90f48] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee8e916d0] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee8e91924] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4208] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee7658ce4] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee8e916e8] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee8e90f48] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee8e916d0] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee8e91924] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4292] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee7658ce4] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee8e916e8] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee8e90f48] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee8e916d0] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee8e91924] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee7658ce4] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee8e916e8] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee8e90f48] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee8e916d0] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee8e91924] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee7658ce4] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee8e916e8] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee8e90f48] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee8e916d0] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee8e91924] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee7658ce4] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee8e916e8] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee8e90f48] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee8e916d0] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee8e91924] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1856] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee7658ce4] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee8e916e8] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee8e90f48] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee8e916d0] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee8e91924] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4772] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee7658ce4] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll ---- Kernel code sections - GMER 2.2 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- EOF - GMER 2.2 ----