GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-19 02:43:40 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BBFO Running: lu1g1nhn.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kwddypod.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtCreateFile + 6 7791424A 4 Bytes [28, 00, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtCreateFile + B 7791424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtMapViewOfSection + 6 7791499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtMapViewOfSection + 6 7791499A 4 Bytes [28, 03, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtMapViewOfSection + B 7791499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtOpenFile + 6 77914A2A 4 Bytes [68, 00, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtOpenFile + B 77914A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtOpenProcess + 6 77914AAA 4 Bytes [A8, 01, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtOpenProcess + B 77914AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtOpenProcessToken + 6 77914ABA 4 Bytes CALL 769190C0 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtOpenProcessToken + B 77914ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtOpenProcessTokenEx + 6 77914ACA 4 Bytes [A8, 02, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtOpenProcessTokenEx + B 77914ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtOpenThread + 6 77914B1A 4 Bytes [68, 01, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtOpenThread + B 77914B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtOpenThreadToken + 6 77914B2A 4 Bytes [68, 02, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtOpenThreadToken + B 77914B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtOpenThreadTokenEx + 6 77914B3A 4 Bytes CALL 76919141 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtOpenThreadTokenEx + B 77914B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtQueryAttributesFile + 6 77914BCA 4 Bytes [A8, 00, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtQueryAttributesFile + B 77914BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtQueryFullAttributesFile + 6 77914C7A 4 Bytes CALL 7691927F C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtQueryFullAttributesFile + B 77914C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtSetInformationFile + 6 7791515A 4 Bytes [28, 01, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtSetInformationFile + B 7791515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtSetInformationThread + 6 779151AA 4 Bytes [28, 02, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtSetInformationThread + B 779151AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtUnmapViewOfSection + 6 7791544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtUnmapViewOfSection + 6 7791544A 4 Bytes [68, 03, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtUnmapViewOfSection + B 7791544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtCreateFile + 6 7791424A 4 Bytes [28, 00, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtCreateFile + B 7791424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtMapViewOfSection + 6 7791499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtMapViewOfSection + 6 7791499A 4 Bytes [28, 03, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtMapViewOfSection + B 7791499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtOpenFile + 6 77914A2A 4 Bytes [68, 00, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtOpenFile + B 77914A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtOpenProcess + 6 77914AAA 4 Bytes [A8, 01, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtOpenProcess + B 77914AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtOpenProcessToken + 6 77914ABA 4 Bytes CALL 769168C0 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtOpenProcessToken + B 77914ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtOpenProcessTokenEx + 6 77914ACA 4 Bytes [A8, 02, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtOpenProcessTokenEx + B 77914ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtOpenThread + 6 77914B1A 4 Bytes [68, 01, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtOpenThread + B 77914B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtOpenThreadToken + 6 77914B2A 4 Bytes [68, 02, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtOpenThreadToken + B 77914B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtOpenThreadTokenEx + 6 77914B3A 4 Bytes CALL 76916941 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtOpenThreadTokenEx + B 77914B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtQueryAttributesFile + 6 77914BCA 4 Bytes [A8, 00, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtQueryAttributesFile + B 77914BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtQueryFullAttributesFile + 6 77914C7A 4 Bytes CALL 76916A7F C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtQueryFullAttributesFile + B 77914C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtSetInformationFile + 6 7791515A 4 Bytes [28, 01, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtSetInformationFile + B 7791515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtSetInformationThread + 6 779151AA 4 Bytes [28, 02, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtSetInformationThread + B 779151AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtUnmapViewOfSection + 6 7791544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtUnmapViewOfSection + 6 7791544A 4 Bytes [68, 03, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4416] ntdll.dll!NtUnmapViewOfSection + B 7791544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtCreateFile + 6 7791424A 4 Bytes [28, 00, 24, 00] {SUB [EAX], AL; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtCreateFile + B 7791424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtMapViewOfSection + 6 7791499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtMapViewOfSection + 6 7791499A 4 Bytes [28, 03, 24, 00] {SUB [EBX], AL; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtMapViewOfSection + B 7791499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenFile + 6 77914A2A 4 Bytes [68, 00, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenFile + B 77914A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcess + 6 77914AAA 4 Bytes [A8, 01, 24, 00] {TEST AL, 0x1; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcess + B 77914AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessToken + 6 77914ABA 4 Bytes CALL 76916EC0 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessToken + B 77914ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessTokenEx + 6 77914ACA 4 Bytes [A8, 02, 24, 00] {TEST AL, 0x2; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessTokenEx + B 77914ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThread + 6 77914B1A 4 Bytes [68, 01, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThread + B 77914B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadToken + 6 77914B2A 4 Bytes [68, 02, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadToken + B 77914B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadTokenEx + 6 77914B3A 4 Bytes CALL 76916F41 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadTokenEx + B 77914B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryAttributesFile + 6 77914BCA 4 Bytes [A8, 00, 24, 00] {TEST AL, 0x0; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryAttributesFile + B 77914BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryFullAttributesFile + 6 77914C7A 4 Bytes CALL 7691707F C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryFullAttributesFile + B 77914C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationFile + 6 7791515A 4 Bytes [28, 01, 24, 00] {SUB [ECX], AL; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationFile + B 7791515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationThread + 6 779151AA 4 Bytes [28, 02, 24, 00] {SUB [EDX], AL; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationThread + B 779151AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtUnmapViewOfSection + 6 7791544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtUnmapViewOfSection + 6 7791544A 4 Bytes [68, 03, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtUnmapViewOfSection + B 7791544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtCreateFile + 6 7791424A 4 Bytes [28, 00, 2A, 00] {SUB [EAX], AL; SUB AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtCreateFile + B 7791424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + 6 7791499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + 6 7791499A 4 Bytes [28, 03, 2A, 00] {SUB [EBX], AL; SUB AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + B 7791499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenFile + 6 77914A2A 4 Bytes [68, 00, 2A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenFile + B 77914A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcess + 6 77914AAA 4 Bytes [A8, 01, 2A, 00] {TEST AL, 0x1; SUB AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcess + B 77914AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessToken + 6 77914ABA 4 Bytes CALL 769174C0 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessToken + B 77914ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessTokenEx + 6 77914ACA 4 Bytes [A8, 02, 2A, 00] {TEST AL, 0x2; SUB AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessTokenEx + B 77914ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThread + 6 77914B1A 4 Bytes [68, 01, 2A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThread + B 77914B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadToken + 6 77914B2A 4 Bytes [68, 02, 2A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadToken + B 77914B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadTokenEx + 6 77914B3A 4 Bytes CALL 76917541 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadTokenEx + B 77914B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryAttributesFile + 6 77914BCA 4 Bytes [A8, 00, 2A, 00] {TEST AL, 0x0; SUB AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryAttributesFile + B 77914BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryFullAttributesFile + 6 77914C7A 4 Bytes CALL 7691767F C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryFullAttributesFile + B 77914C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationFile + 6 7791515A 4 Bytes [28, 01, 2A, 00] {SUB [ECX], AL; SUB AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationFile + B 7791515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationThread + 6 779151AA 4 Bytes [28, 02, 2A, 00] {SUB [EDX], AL; SUB AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationThread + B 779151AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + 6 7791544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + 6 7791544A 4 Bytes [68, 03, 2A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + B 7791544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtCreateFile + 6 7791424A 4 Bytes [28, 00, 0B, 00] {SUB [EAX], AL; OR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtCreateFile + B 7791424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtMapViewOfSection + 6 7791499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtMapViewOfSection + 6 7791499A 4 Bytes [28, 03, 0B, 00] {SUB [EBX], AL; OR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtMapViewOfSection + B 7791499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenFile + 6 77914A2A 4 Bytes [68, 00, 0B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenFile + B 77914A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcess + 6 77914AAA 4 Bytes [A8, 01, 0B, 00] {TEST AL, 0x1; OR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcess + B 77914AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcessToken + 6 77914ABA 4 Bytes CALL 769155C0 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcessToken + B 77914ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcessTokenEx + 6 77914ACA 4 Bytes [A8, 02, 0B, 00] {TEST AL, 0x2; OR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcessTokenEx + B 77914ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThread + 6 77914B1A 4 Bytes [68, 01, 0B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThread + B 77914B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThreadToken + 6 77914B2A 4 Bytes [68, 02, 0B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThreadToken + B 77914B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThreadTokenEx + 6 77914B3A 4 Bytes CALL 76915641 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThreadTokenEx + B 77914B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtQueryAttributesFile + 6 77914BCA 4 Bytes [A8, 00, 0B, 00] {TEST AL, 0x0; OR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtQueryAttributesFile + B 77914BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtQueryFullAttributesFile + 6 77914C7A 4 Bytes CALL 7691577F C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtQueryFullAttributesFile + B 77914C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtSetInformationFile + 6 7791515A 4 Bytes [28, 01, 0B, 00] {SUB [ECX], AL; OR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtSetInformationFile + B 7791515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtSetInformationThread + 6 779151AA 4 Bytes [28, 02, 0B, 00] {SUB [EDX], AL; OR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtSetInformationThread + B 779151AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtUnmapViewOfSection + 6 7791544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtUnmapViewOfSection + 6 7791544A 4 Bytes [68, 03, 0B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtUnmapViewOfSection + B 7791544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtCreateFile + 6 7791424A 4 Bytes [28, 00, 32, 00] {SUB [EAX], AL; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtCreateFile + B 7791424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtMapViewOfSection + 6 7791499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtMapViewOfSection + 6 7791499A 4 Bytes [28, 03, 32, 00] {SUB [EBX], AL; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtMapViewOfSection + B 7791499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtOpenFile + 6 77914A2A 4 Bytes [68, 00, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtOpenFile + B 77914A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtOpenProcess + 6 77914AAA 4 Bytes [A8, 01, 32, 00] {TEST AL, 0x1; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtOpenProcess + B 77914AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtOpenProcessToken + 6 77914ABA 4 Bytes CALL 76917CC0 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtOpenProcessToken + B 77914ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtOpenProcessTokenEx + 6 77914ACA 4 Bytes [A8, 02, 32, 00] {TEST AL, 0x2; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtOpenProcessTokenEx + B 77914ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtOpenThread + 6 77914B1A 4 Bytes [68, 01, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtOpenThread + B 77914B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtOpenThreadToken + 6 77914B2A 4 Bytes [68, 02, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtOpenThreadToken + B 77914B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtOpenThreadTokenEx + 6 77914B3A 4 Bytes CALL 76917D41 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtOpenThreadTokenEx + B 77914B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtQueryAttributesFile + 6 77914BCA 4 Bytes [A8, 00, 32, 00] {TEST AL, 0x0; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtQueryAttributesFile + B 77914BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtQueryFullAttributesFile + 6 77914C7A 4 Bytes CALL 76917E7F C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtQueryFullAttributesFile + B 77914C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtSetInformationFile + 6 7791515A 4 Bytes [28, 01, 32, 00] {SUB [ECX], AL; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtSetInformationFile + B 7791515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtSetInformationThread + 6 779151AA 4 Bytes [28, 02, 32, 00] {SUB [EDX], AL; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtSetInformationThread + B 779151AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtUnmapViewOfSection + 6 7791544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtUnmapViewOfSection + 6 7791544A 4 Bytes [68, 03, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5852] ntdll.dll!NtUnmapViewOfSection + B 7791544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtCreateFile + 6 7791424A 4 Bytes [28, 00, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtCreateFile + B 7791424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtMapViewOfSection + 6 7791499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtMapViewOfSection + 6 7791499A 4 Bytes [28, 03, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtMapViewOfSection + B 7791499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenFile + 6 77914A2A 4 Bytes [68, 00, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenFile + B 77914A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcess + 6 77914AAA 4 Bytes [A8, 01, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcess + B 77914AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcessToken + 6 77914ABA 4 Bytes CALL 76918CC0 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcessToken + B 77914ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcessTokenEx + 6 77914ACA 4 Bytes [A8, 02, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcessTokenEx + B 77914ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThread + 6 77914B1A 4 Bytes [68, 01, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThread + B 77914B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThreadToken + 6 77914B2A 4 Bytes [68, 02, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThreadToken + B 77914B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThreadTokenEx + 6 77914B3A 4 Bytes CALL 76918D41 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThreadTokenEx + B 77914B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtQueryAttributesFile + 6 77914BCA 4 Bytes [A8, 00, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtQueryAttributesFile + B 77914BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtQueryFullAttributesFile + 6 77914C7A 4 Bytes CALL 76918E7F C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtQueryFullAttributesFile + B 77914C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationFile + 6 7791515A 4 Bytes [28, 01, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationFile + B 7791515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationThread + 6 779151AA 4 Bytes [28, 02, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationThread + B 779151AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtUnmapViewOfSection + 6 7791544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtUnmapViewOfSection + 6 7791544A 4 Bytes [68, 03, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtUnmapViewOfSection + B 7791544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtCreateFile + 6 7791424A 4 Bytes [28, 00, 3A, 00] {SUB [EAX], AL; CMP AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtCreateFile + B 7791424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtMapViewOfSection + 6 7791499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtMapViewOfSection + 6 7791499A 4 Bytes [28, 03, 3A, 00] {SUB [EBX], AL; CMP AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtMapViewOfSection + B 7791499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtOpenFile + 6 77914A2A 4 Bytes [68, 00, 3A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtOpenFile + B 77914A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtOpenProcess + 6 77914AAA 4 Bytes [A8, 01, 3A, 00] {TEST AL, 0x1; CMP AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtOpenProcess + B 77914AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtOpenProcessToken + 6 77914ABA 4 Bytes CALL 769184C0 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtOpenProcessToken + B 77914ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtOpenProcessTokenEx + 6 77914ACA 4 Bytes [A8, 02, 3A, 00] {TEST AL, 0x2; CMP AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtOpenProcessTokenEx + B 77914ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtOpenThread + 6 77914B1A 4 Bytes [68, 01, 3A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtOpenThread + B 77914B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtOpenThreadToken + 6 77914B2A 4 Bytes [68, 02, 3A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtOpenThreadToken + B 77914B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtOpenThreadTokenEx + 6 77914B3A 4 Bytes CALL 76918541 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtOpenThreadTokenEx + B 77914B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtQueryAttributesFile + 6 77914BCA 4 Bytes [A8, 00, 3A, 00] {TEST AL, 0x0; CMP AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtQueryAttributesFile + B 77914BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtQueryFullAttributesFile + 6 77914C7A 4 Bytes CALL 7691867F C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtQueryFullAttributesFile + B 77914C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtSetInformationFile + 6 7791515A 4 Bytes [28, 01, 3A, 00] {SUB [ECX], AL; CMP AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtSetInformationFile + B 7791515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtSetInformationThread + 6 779151AA 4 Bytes [28, 02, 3A, 00] {SUB [EDX], AL; CMP AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtSetInformationThread + B 779151AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtUnmapViewOfSection + 6 7791544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtUnmapViewOfSection + 6 7791544A 4 Bytes [68, 03, 3A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5976] ntdll.dll!NtUnmapViewOfSection + B 7791544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtCreateFile + 6 7791424A 4 Bytes [28, 00, 22, 00] {SUB [EAX], AL; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtCreateFile + B 7791424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtMapViewOfSection + 6 7791499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtMapViewOfSection + 6 7791499A 4 Bytes [28, 03, 22, 00] {SUB [EBX], AL; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtMapViewOfSection + B 7791499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenFile + 6 77914A2A 4 Bytes [68, 00, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenFile + B 77914A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenProcess + 6 77914AAA 4 Bytes [A8, 01, 22, 00] {TEST AL, 0x1; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenProcess + B 77914AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenProcessToken + 6 77914ABA 4 Bytes CALL 76916CC0 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenProcessToken + B 77914ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenProcessTokenEx + 6 77914ACA 4 Bytes [A8, 02, 22, 00] {TEST AL, 0x2; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenProcessTokenEx + B 77914ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenThread + 6 77914B1A 4 Bytes [68, 01, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenThread + B 77914B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenThreadToken + 6 77914B2A 4 Bytes [68, 02, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenThreadToken + B 77914B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenThreadTokenEx + 6 77914B3A 4 Bytes CALL 76916D41 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenThreadTokenEx + B 77914B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtQueryAttributesFile + 6 77914BCA 4 Bytes [A8, 00, 22, 00] {TEST AL, 0x0; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtQueryAttributesFile + B 77914BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtQueryFullAttributesFile + 6 77914C7A 4 Bytes CALL 76916E7F C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtQueryFullAttributesFile + B 77914C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtSetInformationFile + 6 7791515A 4 Bytes [28, 01, 22, 00] {SUB [ECX], AL; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtSetInformationFile + B 7791515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtSetInformationThread + 6 779151AA 4 Bytes [28, 02, 22, 00] {SUB [EDX], AL; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtSetInformationThread + B 779151AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtUnmapViewOfSection + 6 7791544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtUnmapViewOfSection + 6 7791544A 4 Bytes [68, 03, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtUnmapViewOfSection + B 7791544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtCreateFile + 6 7791424A 4 Bytes [28, 00, 39, 00] {SUB [EAX], AL; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtCreateFile + B 7791424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtMapViewOfSection + 6 7791499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtMapViewOfSection + 6 7791499A 4 Bytes [28, 03, 39, 00] {SUB [EBX], AL; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtMapViewOfSection + B 7791499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtOpenFile + 6 77914A2A 4 Bytes [68, 00, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtOpenFile + B 77914A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtOpenProcess + 6 77914AAA 4 Bytes [A8, 01, 39, 00] {TEST AL, 0x1; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtOpenProcess + B 77914AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtOpenProcessToken + 6 77914ABA 4 Bytes CALL 769183C0 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtOpenProcessToken + B 77914ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtOpenProcessTokenEx + 6 77914ACA 4 Bytes [A8, 02, 39, 00] {TEST AL, 0x2; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtOpenProcessTokenEx + B 77914ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtOpenThread + 6 77914B1A 4 Bytes [68, 01, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtOpenThread + B 77914B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtOpenThreadToken + 6 77914B2A 4 Bytes [68, 02, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtOpenThreadToken + B 77914B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtOpenThreadTokenEx + 6 77914B3A 4 Bytes CALL 76918441 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtOpenThreadTokenEx + B 77914B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtQueryAttributesFile + 6 77914BCA 4 Bytes [A8, 00, 39, 00] {TEST AL, 0x0; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtQueryAttributesFile + B 77914BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtQueryFullAttributesFile + 6 77914C7A 4 Bytes CALL 7691857F C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtQueryFullAttributesFile + B 77914C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtSetInformationFile + 6 7791515A 4 Bytes [28, 01, 39, 00] {SUB [ECX], AL; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtSetInformationFile + B 7791515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtSetInformationThread + 6 779151AA 4 Bytes [28, 02, 39, 00] {SUB [EDX], AL; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtSetInformationThread + B 779151AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtUnmapViewOfSection + 6 7791544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtUnmapViewOfSection + 6 7791544A 4 Bytes [68, 03, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6028] ntdll.dll!NtUnmapViewOfSection + B 7791544F 1 Byte [E2] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[3144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74797817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747DB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7479BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7478F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7478E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [747C73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7479DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7478FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7478FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7481CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [747BC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7478D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74786853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7478687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74792AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4328] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4416] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4844] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4956] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[5792] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[5852] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[5884] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[5976] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[6012] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[6028] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp ABTDI.sys ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4ab6 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37624cf2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a3648d Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a3648d@001a163389f4 0xB0 0xCA 0x99 0xB6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Bind ???(?6??8-24-2007????5?7?B??MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B292EE6C-E44E-4C20-B71D-1681CEC2E1AA}] DATAGRAM 58??R???????????v???e???????????s??t????????(????????????????.??*???????????)?*?????????????v???e???'?(?'??? ???????????????????%????????"???=??????????'???X?X?'??MSAFD NetBIOS [\Device\NetBT_Tcpip6_{118E47B1-F4EE-464C-B616-98CAEF675E50}] SEQPACKET 60?\???????'???????????????'???*??????? ???????????????????%????????"???>??????????(??int?SB??????? ?????????????'???????"????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{118E47B1-F4EE-464C-B616-98CAEF675E50}] DATAGRAM 60?????????????????????? ???????g?????c?? ??c?M??"?????l?;??????&????N??'???&?????&?&??? ???'???&?????&?&???4?4????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{56E9876C-FD30-476C-9133-73AAA6E81BBF}] SEQPACKET 63?R???????6???&????????m?Ne???(???.?(?-???X?X?????????6???%????????m?????Typ??(??????????????????? ???????????????????%????????"??????????????????/?.?/??tunnel???????d?{????PCStandard???????*?*?????'???????????????????6????????????m Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Route ???5?6???+?,?)???3?3?3??MSAFD NetBIOS [\Device\NetBT_Tcpip6_{90284EC5-5E97-4BE1-BF36-D81285DE7B41}] DATAGRAM 64??????????????????????????'???&??AV???????(???????????????????????'???0???1?5?6???????(??????????????&K3??)???????????????????????*?+?????'???????????????'??? ??????????? ???????????????????%????????"???A?????????UH???????????1???'???????????????e???????(???????????d??Microsoft???MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8A7B2A68-EB20-402A-B759-BA7E3FA4B794}] SEQPACKET 66?R???????(???????????????*?+?????????6???(????????m??????0?0?0????0??'???'???????????????????????????????????????c??????????? ???????????????????&????????"???B?????????????*ISATAP??)???????????????????????????????????'?)????????????? ???????????????????&????????"???H??????????3???????6???c????????m??+??FAX?B5???????'???)???????????(??????????IM??Net?el??? ???????????????????&????????"???I??????????????????6????????????m???????.??-???-???e??&K4??)???)??{4d36e972-e325-11ce-bfc1-08002be10318}?%?&??*6to4mp??&???c?c?'???'???????????&????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Export ????????ATH??(?????4???3?????2?2NA???(???(??????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{76D23479-3624-4065-BFC5-0FD640D79CCE}] DATAGRAM 80??P??ATA??(???(?*?(???0H1?(?????(???)???)????????USBSTOR_BULK?????(??????2p??MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6F94557E-7E8F-4A9F-911B-3F447958C627}] SEQPACKET 83?5???????????????3?4E????????????????????????????2?2?????,?,0?????D??,???????1???D?D????? ???????????????????&????????"???Z??????????????????(???????????????1?1?????@?@????11158 11164 11176 11186 11196 11216 11260 11270 11308 11314 11330 11338??(???????????????(???f??????volsnap.inf??????0?1?&????B??)???????????????????7???v????????????????X??I???(???(??{4d36e972-e325-11ce-bfc1-08002be10318}\0161?????{A47D5472-E42B-473C-8997-F1610D730424}???3???_?_????????????????????? ???????&?????@???????"????????????&????????????????????k??.NTx86??}???? ??(???5????????????6??1???????????(???J?J????volume_snapshot_install?el??MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6F94557E-7E8F-4A9F-911B-3F447958C627}] DATAGRAM 83 Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage@Export ???F?6??? ???(??? ???????????(?1?1?1?1?1?(???????????S??????????MSAFD NetBIOS [\Device\NetBT_Tcpip_{C9D4BDFF-BE83-4F89-96F1-B0C6E967A755}] DATAGRAM 2???????????6-21-2006??????1???1?B????????p????? ???????????????????&????????"???w??????????????????9????????????m?????*6to4mp??e??*isatap?6???????????????????????????? ???2 ?????????8???????????????????????1??????????????l?????????(??????????????.????1?1m?????X??)???????????????????1???d??? ?????????????(??????????????????/?&???????????????????????? ???????(?????(?????(????(?????????v????????????????????????????????????????????????????????????C?????(????? ???????(???????????(?????????????????????????????????(?????????(????? Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016411f4ab6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e37624cf2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e37a3648d (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e37a3648d@001a163389f4 0xB0 0xCA 0x99 0xB6 ... Reg HKLM\SYSTEM\ControlSet002\Services\LanmanServer\Linkage@Bind ???l?x???????????????????????????????????????????????????????????????????????????????????????????????????????l??????????? ???????l?????l?l??? ???????l?????l?l??? ???????l?????l?l??? ???????l?????l?l??? ???????l?????l?l??? ???????l?????l?l??? ???????l?????l?l??? ???????l?????l?l??? ???????l?????l?l??? ???????l?????l?l?????x???u????? ???????l???????l??? ???????l???????????c???????????????????????E??? ???????l???????????d??????????"??? ????????h???????????l??????????2????l???????????????l???????????????l???????????????l???l???????????l???l??????d????l???l???????????l???l??????? ???l???l???????????l???l???????????l???l???l?????????????????????????????????????????????????????x???u????Sterownik karty Microsoft 6to4???????l??{36fc9e60-c465-11cf-8056-444553540000}\0014?????? ???????e?????p???????"????????????&??????????????????????????x???v????????????????????????????????????????????? ???????l???????????E?"?????????????????????????l??????????VolumeSnapshot???????????m????????????