GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-10-12 15:57:24 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0002BSM1 Running: 18krzd68.exe; Driver: C:\Users\Maciej\AppData\Local\Temp\pwldipow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x90222118] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x902221E8] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x90221D4A] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0x90221F38] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0x90221FCE] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x90221E00] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x90221E9C] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9022206A] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwRollbackEnlistment + 1401 82C369C9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C564E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 161F 82C5D9DC 8 Bytes [18, 21, 22, 90, E8, 21, 22, ...] {SBB [ECX], AH; AND DL, [EAX-0x6fddde18]} .text ntoskrnl.exe!KeRemoveQueueEx + 1667 82C5DA24 4 Bytes [4A, 1D, 22, 90] .text ntoskrnl.exe!KeRemoveQueueEx + 1927 82C5DCE4 8 Bytes [38, 1F, 22, 90, CE, 1F, 22, ...] {CMP [EDI], BL; AND DL, [EAX-0x6fdde032]} .text ntoskrnl.exe!KeRemoveQueueEx + 1937 82C5DCF4 8 Bytes [00, 1E, 22, 90, 9C, 1E, 22, ...] {ADD [ESI], BL; AND DL, [EAX-0x6fdde164]} .text ntoskrnl.exe!KeRemoveQueueEx + 19AB 82C5DD68 4 Bytes [6A, 20, 22, 90] ---- User code sections - GMER 1.0.15 ---- .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtCreateFile + 6 774555CE 4 Bytes [28, C0, 83, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtCreateFile + B 774555D3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtMapViewOfSection + 6 77455C2E 4 Bytes [28, C3, 83, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtMapViewOfSection + B 77455C33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenFile + 6 77455CDE 4 Bytes [68, C0, 83, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenFile + B 77455CE3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenProcess + 6 77455D8E 4 Bytes [A8, C1, 83, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenProcess + B 77455D93 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenProcessToken + B 77455DA3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenProcessTokenEx + 6 77455DAE 4 Bytes [A8, C2, 83, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenProcessTokenEx + B 77455DB3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenThread + 6 77455E0E 4 Bytes [68, C1, 83, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenThread + B 77455E13 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenThreadToken + 6 77455E1E 4 Bytes [68, C2, 83, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenThreadToken + B 77455E23 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenThreadTokenEx + B 77455E33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtQueryAttributesFile + 6 77455F3E 4 Bytes [A8, C0, 83, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtQueryAttributesFile + B 77455F43 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtQueryFullAttributesFile + B 77455FF3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtSetInformationFile + 6 7745663E 4 Bytes [28, C1, 83, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtSetInformationFile + B 77456643 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtSetInformationThread + 6 7745669E 4 Bytes [28, C2, 83, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtSetInformationThread + B 774566A3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtUnmapViewOfSection + 6 774569BE 4 Bytes [68, C3, 83, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtUnmapViewOfSection + B 774569C3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtCreateFile + 6 774555CE 4 Bytes [28, 50, 20, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtCreateFile + B 774555D3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtMapViewOfSection + 6 77455C2E 4 Bytes [28, 53, 20, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtMapViewOfSection + B 77455C33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtOpenFile + 6 77455CDE 4 Bytes [68, 50, 20, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtOpenFile + B 77455CE3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtOpenProcess + 6 77455D8E 4 Bytes [A8, 51, 20, 00] {TEST AL, 0x51; AND [EAX], AL} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtOpenProcess + B 77455D93 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtOpenProcessToken + B 77455DA3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtOpenProcessTokenEx + 6 77455DAE 4 Bytes [A8, 52, 20, 00] {TEST AL, 0x52; AND [EAX], AL} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtOpenProcessTokenEx + B 77455DB3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtOpenThread + 6 77455E0E 4 Bytes [68, 51, 20, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtOpenThread + B 77455E13 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtOpenThreadToken + 6 77455E1E 4 Bytes [68, 52, 20, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtOpenThreadToken + B 77455E23 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtOpenThreadTokenEx + B 77455E33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtQueryAttributesFile + 6 77455F3E 4 Bytes [A8, 50, 20, 00] {TEST AL, 0x50; AND [EAX], AL} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtQueryAttributesFile + B 77455F43 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtQueryFullAttributesFile + B 77455FF3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtSetInformationFile + 6 7745663E 4 Bytes [28, 51, 20, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtSetInformationFile + B 77456643 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtSetInformationThread + 6 7745669E 4 Bytes [28, 52, 20, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtSetInformationThread + B 774566A3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtUnmapViewOfSection + 6 774569BE 4 Bytes [68, 53, 20, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2244] ntdll.dll!NtUnmapViewOfSection + B 774569C3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtCreateFile + 6 774555CE 4 Bytes [28, 9C, 61, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtCreateFile + B 774555D3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtMapViewOfSection + 6 77455C2E 4 Bytes [28, 9F, 61, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtMapViewOfSection + B 77455C33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtOpenFile + 6 77455CDE 4 Bytes [68, 9C, 61, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtOpenFile + B 77455CE3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtOpenProcess + 6 77455D8E 4 Bytes [A8, 9D, 61, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtOpenProcess + B 77455D93 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtOpenProcessToken + B 77455DA3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtOpenProcessTokenEx + 6 77455DAE 4 Bytes [A8, 9E, 61, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtOpenProcessTokenEx + B 77455DB3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtOpenThread + 6 77455E0E 4 Bytes [68, 9D, 61, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtOpenThread + B 77455E13 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtOpenThreadToken + 6 77455E1E 4 Bytes [68, 9E, 61, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtOpenThreadToken + B 77455E23 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtOpenThreadTokenEx + B 77455E33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtQueryAttributesFile + 6 77455F3E 4 Bytes [A8, 9C, 61, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtQueryAttributesFile + B 77455F43 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtQueryFullAttributesFile + B 77455FF3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtSetInformationFile + 6 7745663E 4 Bytes [28, 9D, 61, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtSetInformationFile + B 77456643 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtSetInformationThread + 6 7745669E 4 Bytes [28, 9E, 61, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtSetInformationThread + B 774566A3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtUnmapViewOfSection + 6 774569BE 4 Bytes [68, 9F, 61, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2556] ntdll.dll!NtUnmapViewOfSection + B 774569C3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtCreateFile + 6 774555CE 4 Bytes [28, 20, CE, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtCreateFile + B 774555D3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtMapViewOfSection + 6 77455C2E 4 Bytes [28, 23, CE, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtMapViewOfSection + B 77455C33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenFile + 6 77455CDE 4 Bytes [68, 20, CE, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenFile + B 77455CE3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenProcess + 6 77455D8E 4 Bytes [A8, 21, CE, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenProcess + B 77455D93 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenProcessToken + B 77455DA3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenProcessTokenEx + 6 77455DAE 4 Bytes [A8, 22, CE, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenProcessTokenEx + B 77455DB3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenThread + 6 77455E0E 4 Bytes [68, 21, CE, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenThread + B 77455E13 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenThreadToken + 6 77455E1E 4 Bytes [68, 22, CE, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenThreadToken + B 77455E23 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenThreadTokenEx + B 77455E33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtQueryAttributesFile + 6 77455F3E 4 Bytes [A8, 20, CE, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtQueryAttributesFile + B 77455F43 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtQueryFullAttributesFile + B 77455FF3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtSetInformationFile + 6 7745663E 4 Bytes [28, 21, CE, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtSetInformationFile + B 77456643 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtSetInformationThread + 6 7745669E 4 Bytes [28, 22, CE, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtSetInformationThread + B 774566A3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtUnmapViewOfSection + 6 774569BE 4 Bytes [68, 23, CE, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtUnmapViewOfSection + B 774569C3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtCreateFile + 6 774555CE 4 Bytes [28, C8, EB, 00] {SUB AL, CL; JMP 0x4} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtCreateFile + B 774555D3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtMapViewOfSection + 6 77455C2E 4 Bytes [28, CB, EB, 00] {SUB BL, CL; JMP 0x4} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtMapViewOfSection + B 77455C33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenFile + 6 77455CDE 4 Bytes [68, C8, EB, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenFile + B 77455CE3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcess + 6 77455D8E 4 Bytes [A8, C9, EB, 00] {TEST AL, 0xc9; JMP 0x4} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcess + B 77455D93 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessToken + B 77455DA3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessTokenEx + 6 77455DAE 4 Bytes [A8, CA, EB, 00] {TEST AL, 0xca; JMP 0x4} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessTokenEx + B 77455DB3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThread + 6 77455E0E 4 Bytes [68, C9, EB, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThread + B 77455E13 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadToken + 6 77455E1E 4 Bytes [68, CA, EB, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadToken + B 77455E23 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadTokenEx + B 77455E33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryAttributesFile + 6 77455F3E 4 Bytes [A8, C8, EB, 00] {TEST AL, 0xc8; JMP 0x4} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryAttributesFile + B 77455F43 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryFullAttributesFile + B 77455FF3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationFile + 6 7745663E 4 Bytes [28, C9, EB, 00] {SUB CL, CL; JMP 0x4} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationFile + B 77456643 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationThread + 6 7745669E 4 Bytes [28, CA, EB, 00] {SUB DL, CL; JMP 0x4} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationThread + B 774566A3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtUnmapViewOfSection + 6 774569BE 4 Bytes [68, CB, EB, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtUnmapViewOfSection + B 774569C3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtCreateFile + 6 774555CE 4 Bytes [28, E0, 78, 00] {SUB AL, AH; JS 0x4} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtCreateFile + B 774555D3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtMapViewOfSection + 6 77455C2E 4 Bytes [28, E3, 78, 00] {SUB BL, AH; JS 0x4} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtMapViewOfSection + B 77455C33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenFile + 6 77455CDE 4 Bytes [68, E0, 78, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenFile + B 77455CE3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenProcess + 6 77455D8E 4 Bytes [A8, E1, 78, 00] {TEST AL, 0xe1; JS 0x4} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenProcess + B 77455D93 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenProcessToken + B 77455DA3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenProcessTokenEx + 6 77455DAE 4 Bytes [A8, E2, 78, 00] {TEST AL, 0xe2; JS 0x4} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenProcessTokenEx + B 77455DB3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenThread + 6 77455E0E 4 Bytes [68, E1, 78, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenThread + B 77455E13 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenThreadToken + 6 77455E1E 4 Bytes [68, E2, 78, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenThreadToken + B 77455E23 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenThreadTokenEx + B 77455E33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtQueryAttributesFile + 6 77455F3E 4 Bytes [A8, E0, 78, 00] {TEST AL, 0xe0; JS 0x4} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtQueryAttributesFile + B 77455F43 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtQueryFullAttributesFile + B 77455FF3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtSetInformationFile + 6 7745663E 4 Bytes [28, E1, 78, 00] {SUB CL, AH; JS 0x4} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtSetInformationFile + B 77456643 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtSetInformationThread + 6 7745669E 4 Bytes [28, E2, 78, 00] {SUB DL, AH; JS 0x4} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtSetInformationThread + B 774566A3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtUnmapViewOfSection + 6 774569BE 4 Bytes [68, E3, 78, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtUnmapViewOfSection + B 774569C3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtCreateFile + 6 774555CE 4 Bytes [28, AC, AD, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtCreateFile + B 774555D3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtMapViewOfSection + 6 77455C2E 4 Bytes [28, AF, AD, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtMapViewOfSection + B 77455C33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenFile + 6 77455CDE 4 Bytes [68, AC, AD, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenFile + B 77455CE3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcess + 6 77455D8E 4 Bytes [A8, AD, AD, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcess + B 77455D93 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcessToken + B 77455DA3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcessTokenEx + 6 77455DAE 4 Bytes [A8, AE, AD, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcessTokenEx + B 77455DB3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThread + 6 77455E0E 4 Bytes [68, AD, AD, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThread + B 77455E13 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThreadToken + 6 77455E1E 4 Bytes [68, AE, AD, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThreadToken + B 77455E23 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThreadTokenEx + B 77455E33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtQueryAttributesFile + 6 77455F3E 4 Bytes [A8, AC, AD, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtQueryAttributesFile + B 77455F43 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtQueryFullAttributesFile + B 77455FF3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtSetInformationFile + 6 7745663E 4 Bytes [28, AD, AD, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtSetInformationFile + B 77456643 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtSetInformationThread + 6 7745669E 4 Bytes [28, AE, AD, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtSetInformationThread + B 774566A3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtUnmapViewOfSection + 6 774569BE 4 Bytes [68, AF, AD, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtUnmapViewOfSection + B 774569C3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtCreateFile + 6 774555CE 4 Bytes [28, 24, 17, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtCreateFile + B 774555D3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtMapViewOfSection + 6 77455C2E 4 Bytes [28, 27, 17, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtMapViewOfSection + B 77455C33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenFile + 6 77455CDE 4 Bytes [68, 24, 17, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenFile + B 77455CE3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcess + 6 77455D8E 4 Bytes [A8, 25, 17, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcess + B 77455D93 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcessToken + B 77455DA3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcessTokenEx + 6 77455DAE 4 Bytes [A8, 26, 17, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcessTokenEx + B 77455DB3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThread + 6 77455E0E 4 Bytes [68, 25, 17, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThread + B 77455E13 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThreadToken + 6 77455E1E 4 Bytes [68, 26, 17, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThreadToken + B 77455E23 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThreadTokenEx + B 77455E33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtQueryAttributesFile + 6 77455F3E 4 Bytes [A8, 24, 17, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtQueryAttributesFile + B 77455F43 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtQueryFullAttributesFile + B 77455FF3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtSetInformationFile + 6 7745663E 4 Bytes [28, 25, 17, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtSetInformationFile + B 77456643 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtSetInformationThread + 6 7745669E 4 Bytes [28, 26, 17, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtSetInformationThread + B 774566A3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtUnmapViewOfSection + 6 774569BE 4 Bytes [68, 27, 17, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtUnmapViewOfSection + B 774569C3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtCreateFile + 6 774555CE 4 Bytes [28, D0, 6E, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtCreateFile + B 774555D3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtMapViewOfSection + 6 77455C2E 4 Bytes [28, D3, 6E, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtMapViewOfSection + B 77455C33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenFile + 6 77455CDE 4 Bytes [68, D0, 6E, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenFile + B 77455CE3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenProcess + 6 77455D8E 4 Bytes [A8, D1, 6E, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenProcess + B 77455D93 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenProcessToken + B 77455DA3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenProcessTokenEx + 6 77455DAE 4 Bytes [A8, D2, 6E, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenProcessTokenEx + B 77455DB3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenThread + 6 77455E0E 4 Bytes [68, D1, 6E, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenThread + B 77455E13 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenThreadToken + 6 77455E1E 4 Bytes [68, D2, 6E, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenThreadToken + B 77455E23 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenThreadTokenEx + B 77455E33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtQueryAttributesFile + 6 77455F3E 4 Bytes [A8, D0, 6E, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtQueryAttributesFile + B 77455F43 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtQueryFullAttributesFile + B 77455FF3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtSetInformationFile + 6 7745663E 4 Bytes [28, D1, 6E, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtSetInformationFile + B 77456643 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtSetInformationThread + 6 7745669E 4 Bytes [28, D2, 6E, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtSetInformationThread + B 774566A3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtUnmapViewOfSection + 6 774569BE 4 Bytes [68, D3, 6E, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtUnmapViewOfSection + B 774569C3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtCreateFile + 6 774555CE 4 Bytes [28, AC, 9F, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtCreateFile + B 774555D3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtMapViewOfSection + 6 77455C2E 4 Bytes [28, AF, 9F, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtMapViewOfSection + B 77455C33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenFile + 6 77455CDE 4 Bytes [68, AC, 9F, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenFile + B 77455CE3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenProcess + 6 77455D8E 4 Bytes [A8, AD, 9F, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenProcess + B 77455D93 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenProcessToken + B 77455DA3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenProcessTokenEx + 6 77455DAE 4 Bytes [A8, AE, 9F, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenProcessTokenEx + B 77455DB3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenThread + 6 77455E0E 4 Bytes [68, AD, 9F, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenThread + B 77455E13 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenThreadToken + 6 77455E1E 4 Bytes [68, AE, 9F, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenThreadToken + B 77455E23 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenThreadTokenEx + B 77455E33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtQueryAttributesFile + 6 77455F3E 4 Bytes [A8, AC, 9F, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtQueryAttributesFile + B 77455F43 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtQueryFullAttributesFile + B 77455FF3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtSetInformationFile + 6 7745663E 4 Bytes [28, AD, 9F, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtSetInformationFile + B 77456643 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtSetInformationThread + 6 7745669E 4 Bytes [28, AE, 9F, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtSetInformationThread + B 774566A3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtUnmapViewOfSection + 6 774569BE 4 Bytes [68, AF, 9F, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtUnmapViewOfSection + B 774569C3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtCreateFile + 6 774555CE 4 Bytes [28, 24, AC, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtCreateFile + B 774555D3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtMapViewOfSection + 6 77455C2E 4 Bytes [28, 27, AC, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtMapViewOfSection + B 77455C33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenFile + 6 77455CDE 4 Bytes [68, 24, AC, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenFile + B 77455CE3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenProcess + 6 77455D8E 4 Bytes [A8, 25, AC, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenProcess + B 77455D93 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenProcessToken + B 77455DA3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenProcessTokenEx + 6 77455DAE 4 Bytes [A8, 26, AC, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenProcessTokenEx + B 77455DB3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenThread + 6 77455E0E 4 Bytes [68, 25, AC, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenThread + B 77455E13 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenThreadToken + 6 77455E1E 4 Bytes [68, 26, AC, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenThreadToken + B 77455E23 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenThreadTokenEx + B 77455E33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtQueryAttributesFile + 6 77455F3E 4 Bytes [A8, 24, AC, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtQueryAttributesFile + B 77455F43 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtQueryFullAttributesFile + B 77455FF3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtSetInformationFile + 6 7745663E 4 Bytes [28, 25, AC, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtSetInformationFile + B 77456643 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtSetInformationThread + 6 7745669E 4 Bytes [28, 26, AC, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtSetInformationThread + B 774566A3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtUnmapViewOfSection + 6 774569BE 4 Bytes [68, 27, AC, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtUnmapViewOfSection + B 774569C3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtCreateFile + 6 774555CE 4 Bytes [28, 28, 70, 00] {SUB [EAX], CH; JO 0x4} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtCreateFile + B 774555D3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtMapViewOfSection + 6 77455C2E 4 Bytes [28, 2B, 70, 00] {SUB [EBX], CH; JO 0x4} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtMapViewOfSection + B 77455C33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtOpenFile + 6 77455CDE 4 Bytes [68, 28, 70, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtOpenFile + B 77455CE3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtOpenProcess + 6 77455D8E 4 Bytes [A8, 29, 70, 00] {TEST AL, 0x29; JO 0x4} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtOpenProcess + B 77455D93 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtOpenProcessToken + B 77455DA3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtOpenProcessTokenEx + 6 77455DAE 4 Bytes [A8, 2A, 70, 00] {TEST AL, 0x2a; JO 0x4} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtOpenProcessTokenEx + B 77455DB3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtOpenThread + 6 77455E0E 4 Bytes [68, 29, 70, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtOpenThread + B 77455E13 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtOpenThreadToken + 6 77455E1E 4 Bytes [68, 2A, 70, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtOpenThreadToken + B 77455E23 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtOpenThreadTokenEx + B 77455E33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtQueryAttributesFile + 6 77455F3E 4 Bytes [A8, 28, 70, 00] {TEST AL, 0x28; JO 0x4} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtQueryAttributesFile + B 77455F43 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtQueryFullAttributesFile + B 77455FF3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtSetInformationFile + 6 7745663E 4 Bytes [28, 29, 70, 00] {SUB [ECX], CH; JO 0x4} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtSetInformationFile + B 77456643 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtSetInformationThread + 6 7745669E 4 Bytes [28, 2A, 70, 00] {SUB [EDX], CH; JO 0x4} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtSetInformationThread + B 774566A3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtUnmapViewOfSection + 6 774569BE 4 Bytes [68, 2B, 70, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4336] ntdll.dll!NtUnmapViewOfSection + B 774569C3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtCreateFile + 6 774555CE 4 Bytes [28, B4, 66, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtCreateFile + B 774555D3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtMapViewOfSection + 6 77455C2E 4 Bytes [28, B7, 66, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtMapViewOfSection + B 77455C33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtOpenFile + 6 77455CDE 4 Bytes [68, B4, 66, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtOpenFile + B 77455CE3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtOpenProcess + 6 77455D8E 4 Bytes [A8, B5, 66, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtOpenProcess + B 77455D93 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtOpenProcessToken + B 77455DA3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtOpenProcessTokenEx + 6 77455DAE 4 Bytes [A8, B6, 66, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtOpenProcessTokenEx + B 77455DB3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtOpenThread + 6 77455E0E 4 Bytes [68, B5, 66, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtOpenThread + B 77455E13 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtOpenThreadToken + 6 77455E1E 4 Bytes [68, B6, 66, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtOpenThreadToken + B 77455E23 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtOpenThreadTokenEx + B 77455E33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtQueryAttributesFile + 6 77455F3E 4 Bytes [A8, B4, 66, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtQueryAttributesFile + B 77455F43 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtQueryFullAttributesFile + B 77455FF3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtSetInformationFile + 6 7745663E 4 Bytes [28, B5, 66, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtSetInformationFile + B 77456643 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtSetInformationThread + 6 7745669E 4 Bytes [28, B6, 66, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtSetInformationThread + B 774566A3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtUnmapViewOfSection + 6 774569BE 4 Bytes [68, B7, 66, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4368] ntdll.dll!NtUnmapViewOfSection + B 774569C3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtCreateFile + 6 774555CE 4 Bytes [28, 44, 5F, 00] {SUB [EDI+EBX*2+0x0], AL} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtCreateFile + B 774555D3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtMapViewOfSection + 6 77455C2E 4 Bytes [28, 47, 5F, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtMapViewOfSection + B 77455C33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenFile + 6 77455CDE 4 Bytes [68, 44, 5F, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenFile + B 77455CE3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcess + 6 77455D8E 4 Bytes [A8, 45, 5F, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcess + B 77455D93 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcessToken + B 77455DA3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcessTokenEx + 6 77455DAE 4 Bytes [A8, 46, 5F, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcessTokenEx + B 77455DB3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThread + 6 77455E0E 4 Bytes [68, 45, 5F, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThread + B 77455E13 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThreadToken + 6 77455E1E 4 Bytes [68, 46, 5F, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThreadToken + B 77455E23 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThreadTokenEx + B 77455E33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtQueryAttributesFile + 6 77455F3E 4 Bytes [A8, 44, 5F, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtQueryAttributesFile + B 77455F43 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtQueryFullAttributesFile + B 77455FF3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationFile + 6 7745663E 4 Bytes [28, 45, 5F, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationFile + B 77456643 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationThread + 6 7745669E 4 Bytes [28, 46, 5F, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationThread + B 774566A3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtUnmapViewOfSection + 6 774569BE 4 Bytes [68, 47, 5F, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtUnmapViewOfSection + B 774569C3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtCreateFile + 6 774555CE 4 Bytes [28, 90, 18, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtCreateFile + B 774555D3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtMapViewOfSection + 6 77455C2E 4 Bytes [28, 93, 18, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtMapViewOfSection + B 77455C33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtOpenFile + 6 77455CDE 4 Bytes [68, 90, 18, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtOpenFile + B 77455CE3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtOpenProcess + 6 77455D8E 4 Bytes [A8, 91, 18, 00] {TEST AL, 0x91; SBB [EAX], AL} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtOpenProcess + B 77455D93 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtOpenProcessToken + B 77455DA3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtOpenProcessTokenEx + 6 77455DAE 4 Bytes [A8, 92, 18, 00] {TEST AL, 0x92; SBB [EAX], AL} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtOpenProcessTokenEx + B 77455DB3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtOpenThread + 6 77455E0E 4 Bytes [68, 91, 18, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtOpenThread + B 77455E13 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtOpenThreadToken + 6 77455E1E 4 Bytes [68, 92, 18, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtOpenThreadToken + B 77455E23 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtOpenThreadTokenEx + B 77455E33 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtQueryAttributesFile + 6 77455F3E 4 Bytes [A8, 90, 18, 00] {TEST AL, 0x90; SBB [EAX], AL} .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtQueryAttributesFile + B 77455F43 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtQueryFullAttributesFile + B 77455FF3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtSetInformationFile + 6 7745663E 4 Bytes [28, 91, 18, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtSetInformationFile + B 77456643 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtSetInformationThread + 6 7745669E 4 Bytes [28, 92, 18, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtSetInformationThread + B 774566A3 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtUnmapViewOfSection + 6 774569BE 4 Bytes [68, 93, 18, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtUnmapViewOfSection + B 774569C3 1 Byte [E2] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- EOF - GMER 1.0.15 ----