GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-01 16:39:49 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000063 WDC_WD10 rev.80.0 931,51GB Running: rvbindh7.exe; Driver: C:\Users\Pyti\AppData\Local\Temp\pgddqpoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Genesis\RX66 keyboard\Monitor.EXE[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772e1465 2 bytes [2E, 77] .text C:\Genesis\RX66 keyboard\Monitor.EXE[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772e14bb 2 bytes [2E, 77] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776d1590 14 bytes {MOV RAX, 0x7fef0c48d50; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776d13e0 7 bytes [48, B8, 74, 0B, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000776d13e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000776d1550 7 bytes {ADD [RAX-0x48], CL; CALL 0x13fd713} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000776d1558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1570 7 bytes [48, B8, 94, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000776d1578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000776d1580 7 bytes [48, B8, 98, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000776d1588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776d1590 7 bytes [48, B8, 58, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000776d1598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000776d15b0 7 bytes [48, B8, C4, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000776d15b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000776d1600 7 bytes [48, B8, 58, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000776d1608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000776d1610 7 bytes [48, B8, D0, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000776d1618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776d1640 7 bytes [48, B8, 3C, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000776d1648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000776d16e0 7 bytes [48, B8, 70, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000776d16e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776d1860 7 bytes [48, B8, C8, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000776d1868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000776d22d0 7 bytes [48, B8, B8, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000776d22d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d2320 7 bytes [48, B8, 70, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000776d2328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000776d2470 7 bytes [48, B8, 84, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000776d2478 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776d13e0 7 bytes [48, B8, 74, 0B, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000776d13e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000776d1550 7 bytes {ADD [RAX-0x48], CL; CALL 0x13fd713} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000776d1558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1570 7 bytes [48, B8, 94, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000776d1578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000776d1580 7 bytes [48, B8, 98, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000776d1588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776d1590 7 bytes [48, B8, 58, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000776d1598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000776d15b0 7 bytes [48, B8, C4, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000776d15b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000776d1600 7 bytes [48, B8, 58, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000776d1608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000776d1610 7 bytes [48, B8, D0, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000776d1618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776d1640 7 bytes [48, B8, 3C, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000776d1648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000776d16e0 7 bytes [48, B8, 70, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000776d16e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776d1860 7 bytes [48, B8, C8, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000776d1868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000776d22d0 7 bytes [48, B8, B8, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000776d22d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d2320 7 bytes [48, B8, 70, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000776d2328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000776d2470 7 bytes [48, B8, 84, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000776d2478 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776d13e0 7 bytes [48, B8, 74, 0B, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000776d13e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000776d1550 7 bytes {ADD [RAX-0x48], CL; CALL 0x13fd713} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000776d1558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1570 7 bytes [48, B8, 94, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000776d1578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000776d1580 7 bytes [48, B8, 98, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000776d1588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776d1590 7 bytes [48, B8, 58, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000776d1598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000776d15b0 7 bytes [48, B8, C4, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000776d15b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000776d1600 7 bytes [48, B8, 58, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000776d1608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000776d1610 7 bytes [48, B8, D0, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000776d1618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776d1640 7 bytes [48, B8, 3C, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000776d1648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000776d16e0 7 bytes [48, B8, 70, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000776d16e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776d1860 7 bytes [48, B8, C8, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000776d1868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000776d22d0 7 bytes [48, B8, B8, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000776d22d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d2320 7 bytes [48, B8, 70, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000776d2328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000776d2470 7 bytes [48, B8, 84, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000776d2478 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776d13e0 7 bytes [48, B8, 74, 0B, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000776d13e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000776d1550 7 bytes {ADD [RAX-0x48], CL; CALL 0x13fd713} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000776d1558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1570 7 bytes [48, B8, 94, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000776d1578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000776d1580 7 bytes [48, B8, 98, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000776d1588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776d1590 7 bytes [48, B8, 58, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000776d1598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000776d15b0 7 bytes [48, B8, C4, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000776d15b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000776d1600 7 bytes [48, B8, 58, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000776d1608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000776d1610 7 bytes [48, B8, D0, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000776d1618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776d1640 7 bytes [48, B8, 3C, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000776d1648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000776d16e0 7 bytes [48, B8, 70, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000776d16e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776d1860 7 bytes [48, B8, C8, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000776d1868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000776d22d0 7 bytes [48, B8, B8, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000776d22d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d2320 7 bytes [48, B8, 70, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000776d2328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000776d2470 7 bytes [48, B8, 84, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000776d2478 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776d13e0 7 bytes [48, B8, 74, 0B, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000776d13e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000776d1550 7 bytes {ADD [RAX-0x48], CL; CALL 0x13fd713} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000776d1558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1570 7 bytes [48, B8, 94, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000776d1578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000776d1580 7 bytes [48, B8, 98, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000776d1588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776d1590 7 bytes [48, B8, 58, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000776d1598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000776d15b0 7 bytes [48, B8, C4, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000776d15b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000776d1600 7 bytes [48, B8, 58, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000776d1608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000776d1610 7 bytes [48, B8, D0, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000776d1618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776d1640 7 bytes [48, B8, 3C, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000776d1648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000776d16e0 7 bytes [48, B8, 70, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000776d16e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776d1860 7 bytes [48, B8, C8, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000776d1868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000776d22d0 7 bytes [48, B8, B8, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000776d22d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d2320 7 bytes [48, B8, 70, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000776d2328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000776d2470 7 bytes [48, B8, 84, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000776d2478 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776d13e0 7 bytes [48, B8, 74, 0B, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000776d13e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000776d1550 7 bytes {ADD [RAX-0x48], CL; CALL 0x13fd713} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000776d1558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1570 7 bytes [48, B8, 94, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000776d1578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000776d1580 7 bytes [48, B8, 98, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000776d1588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776d1590 7 bytes [48, B8, 58, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000776d1598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000776d15b0 7 bytes [48, B8, C4, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000776d15b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000776d1600 7 bytes [48, B8, 58, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000776d1608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000776d1610 7 bytes [48, B8, D0, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000776d1618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776d1640 7 bytes [48, B8, 3C, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000776d1648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000776d16e0 7 bytes [48, B8, 70, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000776d16e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776d1860 7 bytes [48, B8, C8, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000776d1868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000776d22d0 7 bytes [48, B8, B8, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000776d22d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d2320 7 bytes [48, B8, 70, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000776d2328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000776d2470 7 bytes [48, B8, 84, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000776d2478 6 bytes {ADD [RAX], AL; JMP RAX} .text D:\Pokerstars\PokerStars.exe[3400] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000772e1465 2 bytes [2E, 77] .text D:\Pokerstars\PokerStars.exe[3400] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000772e14bb 2 bytes [2E, 77] .text ... * 2 .text D:\Holdem Manager 2\HudFuncsApp.exe[5088] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 000000007684495d 6 bytes JMP 5f080f5a .text D:\Holdem Manager 2\HudFuncsApp.exe[5088] C:\Windows\syswow64\USER32.dll!GetClientRect 0000000076d50c62 6 bytes JMP 5f120f5a .text D:\Holdem Manager 2\HudFuncsApp.exe[5088] C:\Windows\syswow64\USER32.dll!DrawTextW 0000000076d525cf 6 bytes JMP 5f180f5a .text D:\Holdem Manager 2\HudFuncsApp.exe[5088] C:\Windows\syswow64\USER32.dll!GetScrollInfo 0000000076d54018 6 bytes JMP 5f0f0f5a .text D:\Holdem Manager 2\HudFuncsApp.exe[5088] C:\Windows\syswow64\GDI32.dll!CreateCompatibleDC 00000000773654f4 6 bytes JMP 5f1b0f5a .text D:\Holdem Manager 2\HudFuncsApp.exe[5088] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773658b3 6 bytes JMP 5f1e0f5a .text D:\Holdem Manager 2\HudFuncsApp.exe[5088] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000077368b7a 6 bytes JMP 5f150f5a .text D:\Holdem Manager 2\HudFuncsApp.exe[5088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772e1465 2 bytes [2E, 77] .text D:\Holdem Manager 2\HudFuncsApp.exe[5088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772e14bb 2 bytes [2E, 77] .text ... * 2 .text D:\Holdem Manager 2\ThirtyTwoBitIPC.exe[3388] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007787000c 1 byte [C3] .text D:\Holdem Manager 2\ThirtyTwoBitIPC.exe[3388] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000778ff7ea 5 bytes JMP 00000000778b8e79 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776d13e0 7 bytes [48, B8, 74, 0B, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000776d13e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000776d1550 7 bytes {ADD [RAX-0x48], CL; CALL 0x13fd713} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000776d1558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1570 7 bytes [48, B8, 94, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000776d1578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000776d1580 7 bytes [48, B8, 98, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000776d1588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776d1590 7 bytes [48, B8, 58, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000776d1598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000776d15b0 7 bytes [48, B8, C4, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000776d15b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000776d1600 7 bytes [48, B8, 58, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000776d1608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000776d1610 7 bytes [48, B8, D0, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000776d1618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776d1640 7 bytes [48, B8, 3C, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000776d1648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000776d16e0 7 bytes [48, B8, 70, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000776d16e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776d1860 7 bytes [48, B8, C8, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000776d1868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000776d22d0 7 bytes [48, B8, B8, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000776d22d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d2320 7 bytes [48, B8, 70, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000776d2328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000776d2470 7 bytes [48, B8, 84, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000776d2478 6 bytes {ADD [RAX], AL; JMP RAX} ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feeb1f7598] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feeb1f7cf8] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7feeb1f7f4c] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7feeb1f7d10] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7feea3b2164] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feeb1f7598] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feeb1f7cf8] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7feeb1f7f4c] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7feeb1f7d10] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3984] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7feea3b2164] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feeb1f7598] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feeb1f7cf8] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7feeb1f7f4c] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7feeb1f7d10] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7feea3b2164] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feeb1f7598] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feeb1f7cf8] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7feeb1f7f4c] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7feeb1f7d10] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4172] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7feea3b2164] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feeb1f7598] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feeb1f7cf8] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7feeb1f7f4c] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7feeb1f7d10] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1264] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7feea3b2164] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feeb1f7598] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feeb1f7cf8] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7feeb1f7f4c] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7feeb1f7d10] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7feea3b2164] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5744] @ C:\Users\Pyti\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll[KERNEL32.dll!CreateNamedPipeW] [7783002c] ---- Threads - GMER 2.2 ---- Thread C:\Windows\System32\svchost.exe [1540:3408] 000007fee8239688 ---- Files - GMER 2.2 ---- File C:\Windows\winsxs\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7601.17514_none_1457169844ae9574\msinfo32.exe (size mismatch) 330752/303104 bytes executable ---- EOF - GMER 2.2 ----