Author Topic: ===> False Positives <===  (Read 159441 times)

0 Members and 2 Guests are viewing this topic.

Reply #15November 06, 2014, 09:04:41 am

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 829
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: ===> False Positives <===
« Reply #15 on: November 06, 2014, 09:04:41 am »
Thanks, added.

Reply #16November 06, 2014, 01:55:30 pm

nitrousable

  • Newbie

  • Offline
  • *

  • 38
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #16 on: November 06, 2014, 01:55:30 pm »
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_CREATE[0] : Unknown @ 0x40a0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_CLOSE[2] : Unknown @ 0x40a0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x40a0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x40a0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_POWER[22] : Unknown @ 0x40a0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x40a0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_PNP[27] : Unknown @ 0x40a0c2c0
[IAT:Addr] (explorer.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject2 : C:\Windows\SYSTEM32\clbcatq.dll @ 0x7fff606c24b0
[IAT:Addr] (explorer.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject : C:\Windows\SYSTEM32\clbcatq.dll @ 0x7fff606c23c0
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSRegisterSessionNotification : C:\Windows\SYSTEM32\WTSAPI32.dll @ 0x7fff5eeb1be0
[IAT:Addr] (explorer.exe @ wpncore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSQuerySessionInformationW : C:\Windows\SYSTEM32\WTSAPI32.dll @ 0x7fff5eeb16a0
[IAT:Addr] (explorer.exe @ wpncore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSRegisterSessionNotification : C:\Windows\SYSTEM32\WTSAPI32.dll @ 0x7fff5eeb1be0
[IAT:Addr] (explorer.exe @ wpncore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSFreeMemory : C:\Windows\SYSTEM32\WTSAPI32.dll @ 0x7fff5eeb1330
[IAT:Addr] (explorer.exe @ wpncore.dll) ext-ms-win-session-winsta-l1-1-0.dll - WinStationQueryInformationW : C:\Windows\SYSTEM32\WINSTA.dll @ 0x7fff5f6c1160
[IAT:Addr] (explorer.exe @ Windows.Globalization.dll) ext-ms-win-globalization-input-l1-1-0.dll - WGIGetCurrentInputLanguage : C:\Windows\SYSTEM32\globinputhost.dll @ 0x7fff567d62f4

Reply #17November 07, 2014, 10:30:25 am

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 829
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: ===> False Positives <===
« Reply #17 on: November 07, 2014, 10:30:25 am »
Thanks, added.
Our monitoring system starts to give very good results about top detections.
That'll be easier to remove lot of FPs.


Reply #18November 27, 2014, 06:33:47 pm

Crazykid

  • Guest
Re: ===> False Positives <===
« Reply #18 on: November 27, 2014, 06:33:47 pm »
I hope these are just false positives xD


Antirootkit : 31 (Driver: Loaded)
[IAT:Addr] (explorer.exe @ VERSION.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - GetPackagesByPackageFamily : C:\Windows\System32\windows.immersiveshell.serviceprovider.dll @ 0x7ffbda2dd140
[IAT:Addr] (explorer.exe @ cryptnet.dll) OLEAUT32.dll - BSTR_UserMarshal64 : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbed410
[IAT:Addr] (explorer.exe @ cryptnet.dll) OLEAUT32.dll - BSTR_UserUnmarshal64 : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbed3e0
[IAT:Addr] (explorer.exe @ cryptnet.dll) OLEAUT32.dll - BSTR_UserFree64 : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbed340
[IAT:Addr] (explorer.exe @ cryptnet.dll) OLEAUT32.dll - BSTR_UserSize64 : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbed310
[IAT:Addr] (explorer.exe @ cryptnet.dll) SHELL32.dll - ShellExecuteW : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbed540
[IAT:Addr] (explorer.exe @ cryptnet.dll) SHELL32.dll - ShellExecuteExW : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbed5e0
[IAT:Addr] (explorer.exe @ cryptnet.dll) WINHTTP.dll - WinHttpTimeToSystemTime : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbed690
[IAT:Addr] (explorer.exe @ cryptnet.dll) WINTRUST.dll - WinVerifyTrust : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbed730
[IAT:Addr] (explorer.exe @ cryptnet.dll) DUI70.dll - StrToID : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbed8b0
[IAT:Addr] (explorer.exe @ cryptnet.dll) DUI70.dll - InitProcessPriv : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbeda30
[IAT:Addr] (explorer.exe @ cryptnet.dll) DUI70.dll - InitThread : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbeda50
[IAT:Addr] (explorer.exe @ cryptnet.dll) DUI70.dll - UnInitThread : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbeda70
[IAT:Addr] (explorer.exe @ cryptnet.dll) DUI70.dll - UnInitProcessPriv : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbeda90
[IAT:Addr] (explorer.exe @ cryptnet.dll) api-ms-win-service-management-l1-1-0.dll - OpenServiceW : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbef0c0
[IAT:Addr] (explorer.exe @ cryptnet.dll) api-ms-win-service-management-l1-1-0.dll - OpenSCManagerW : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbef0a0
[IAT:Addr] (explorer.exe @ cryptnet.dll) api-ms-win-service-management-l1-1-0.dll - CloseServiceHandle : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbef000
[IAT:Addr] (explorer.exe @ cryptnet.dll) api-ms-win-service-winsvc-l1-2-0.dll - QueryServiceStatus : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbef0e0
[IAT:Addr] (explorer.exe @ cryptnet.dll) api-ms-win-service-management-l2-1-0.dll - QueryServiceConfigW : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbef200
[IAT:Addr] (explorer.exe @ taskschd.dll) api-ms-win-core-winrt-error-l1-1-1.dll - SetRestrictedErrorInfo : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67f5f0
[IAT:Addr] (explorer.exe @ taskschd.dll) api-ms-win-power-base-l1-1-0.dll - PowerRegisterSuspendResumeNotification : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67f680
[IAT:Addr] (explorer.exe @ taskschd.dll) api-ms-win-power-base-l1-1-0.dll - PowerUnregisterSuspendResumeNotification : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67f750
[IAT:Addr] (explorer.exe @ taskschd.dll) api-ms-win-service-management-l2-1-0.dll - QueryServiceStatusEx : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67f810
[IAT:Addr] (explorer.exe @ taskschd.dll) api-ms-win-devices-query-l1-1-1.dll - DevFreeObjectProperties : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67f950
[IAT:Addr] (explorer.exe @ taskschd.dll) api-ms-win-devices-query-l1-1-1.dll - DevGetObjectProperties : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67f8c0
[IAT:Addr] (explorer.exe @ taskschd.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQuery : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67f970
[IAT:Addr] (explorer.exe @ taskschd.dll) api-ms-win-devices-query-l1-1-1.dll - DevCloseObjectQuery : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67f990
[IAT:Addr] (explorer.exe @ taskschd.dll) api-ms-win-core-psm-appnotify-l1-1-0.dll - UnregisterAppStateChangeNotification : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67fa40
[IAT:Addr] (explorer.exe @ taskschd.dll) api-ms-win-core-psm-appnotify-l1-1-0.dll - RegisterAppStateChangeNotification : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67f9b0
[IAT:Addr] (explorer.exe @ taskschd.dll) ext-ms-win-session-winsta-l1-1-0.dll - WinStationFreePropertyValue : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67fb60
[IAT:Addr] (explorer.exe @ taskschd.dll) ext-ms-win-session-winsta-l1-1-0.dll - WinStationGetConnectionProperty : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67fad0

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: Hitachi HTS545050A7E380 +++++
--- User ---
[MBR] 349e38587d586de91a46bf864a56e4dd
[BSP] a4a8aa4dd53b613db3654ee9f099e922 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK


Reply #19November 28, 2014, 08:16:06 am

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 829
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: ===> False Positives <===
« Reply #19 on: November 28, 2014, 08:16:06 am »
Names look legit, they'll be added to the whitelist. Thanks.

Reply #20December 29, 2014, 10:18:43 pm

ryderjj89

  • Newbie

  • Offline
  • *

  • 9
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #20 on: December 29, 2014, 10:18:43 pm »
Hey, found that the latest RK as of 12/23/2014 is marking ChicaPC as TR.Zeus. This is an AV program similar to Malware-bytes. Please whitelist.

http://i.imgur.com/wIarvTx.png Screenshot to show its being killed during pre-scan.

Reply #21December 30, 2014, 09:08:38 am

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 829
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: ===> False Positives <===
« Reply #21 on: December 30, 2014, 09:08:38 am »
ryderjj89
Can you please post the text report line instead? Easier to whitelist.

Reply #22December 31, 2014, 02:52:48 am

ryderjj89

  • Newbie

  • Offline
  • *

  • 9
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #22 on: December 31, 2014, 02:52:48 am »
Is this what you're looking for?

[Tr.Zeus] cpcs.exe -- C:\Program Files (x86)\ChicaLogic\ChicaPC-Shield\cpcs.exe[7] -> Killed [DrvNtTerm]

I noticed that RK will only kill ChicaPC if its in the middle of a scan. Tested it without running a scan and it didnt touch it.

Reply #23December 31, 2014, 09:15:30 am

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 829
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: ===> False Positives <===
« Reply #23 on: December 31, 2014, 09:15:30 am »
Thanks, that'll be added :)

Quote
I noticed that RK will only kill ChicaPC if its in the middle of a scan. Tested it without running a scan and it didnt touch it.
Who is scanning? RK or ChicaPC?

That's "normal", it's an antivirus, and we have probably the same signature for Zeus, so when it loads its database in memory, RK will scan it (process memory) and will detect the signature... Definitely an "antivirus conflict".

Reply #24December 31, 2014, 09:42:26 pm

ryderjj89

  • Newbie

  • Offline
  • *

  • 9
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #24 on: December 31, 2014, 09:42:26 pm »
If Chica is already in a scan and then I start a scan with RogueKiller, it will kill Chica. This behavior is also recent. Before version 10, it wouldnt do this. Im guessing because of signature additions, maybe? Either way, be nice if they would play nice together lol.

Reply #25January 02, 2015, 09:03:42 am

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 829
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: ===> False Positives <===
« Reply #25 on: January 02, 2015, 09:03:42 am »
Yes, it's fixed for next version.

Reply #26February 18, 2015, 09:11:53 pm

ryderjj89

  • Newbie

  • Offline
  • *

  • 9
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #26 on: February 18, 2015, 09:11:53 pm »
Now that RK has been updated to 10.4, it is falsely closing out LogMeIn Rescue during the pre-scan. Would like this to be whitelisted please. Here's a picture of what was found in the pre-scan.

http://i.imgur.com/O0r9Ann.png

I will get the log from the report here in a little bit and edit this post. Just figured I'd make a preemptive strike.

Reply #27February 19, 2015, 01:35:30 am

nitrousable

  • Newbie

  • Offline
  • *

  • 38
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #27 on: February 19, 2015, 01:35:30 am »
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) MF.dll - MFGetService : C:\Windows\SysWOW64\MFCORE.DLL @ 0x6c68f090
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68

Reply #28February 19, 2015, 04:38:49 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2332
  • Reputation:
    82
    • View Profile
Re: ===> False Positives <===
« Reply #28 on: February 19, 2015, 04:38:49 pm »
Hi nitrousable,

These false positives will be whitelisted in the next version of RogueKiller.

Regards.

Reply #29February 20, 2015, 04:17:41 am

nitrousable

  • Newbie

  • Offline
  • *

  • 38
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #29 on: February 20, 2015, 04:17:41 am »
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - WinExec : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38500 (jmp 0xfffffffff84984ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) SHELL32.dll - ShellExecuteW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d385c0 (jmp 0xfffffffff84c858a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d356f0 (jmp 0xfffffffff84656ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WININET.dll - InternetReadFile : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d37cc0 (jmp 0xfffffffff8677c8a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WININET.dll - InternetReadFileExW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d37da0 (jmp 0xfffffffff86a7d6a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WININET.dll - HttpOpenRequestW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d37460 (jmp 0xfffffffff85b742a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WININET.dll - HttpSendRequestExW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d378b0 (jmp 0xfffffffff873787a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WININET.dll - HttpSendRequestW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d376b0 (jmp 0xfffffffff86d767a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WININET.dll - InternetOpenUrlW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d37a90 (jmp 0xfffffffff8617a5a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) SHELL32.dll - ShellExecuteW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d385c0 (jmp 0xfffffffff84c858a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)