GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-19 14:25:10 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2 Hitachi_HDS721616PLA380 rev.P22OA70A 153,39GB Running: 9rvdfb2j.exe; Driver: C:\Users\zby\AppData\Local\Temp\uwldypow.sys ---- System - GMER 2.1 ---- INT 0x62 ? 85C7BCC8 INT 0x72 ? 85C7BCC8 INT 0x82 ? 85C7BCC8 INT 0x92 ? 85C7BCC8 INT 0x92 ? 85C7BCC8 INT 0x92 ? 86D1ACC8 INT 0x92 ? 86D1ACC8 INT 0x92 ? 85C7BCC8 INT 0x93 ? 86D1ACC8 INT 0xA3 ? 86D1ACC8 INT 0xB3 ? 86D1ACC8 ---- Kernel code sections - GMER 2.1 ---- .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8A991346] ? C:\Windows\System32\Drivers\amqelxd0.SYS suspicious PE modification .text C:\Windows\system32\DRIVERS\athsgt.sys section is writeable [0x92FB2300, 0x21F20, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtCreateFile + 6 76F343DA 4 Bytes [28, 08, D0, 00] {SUB [EAX], CL; ROL BYTE [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtCreateFile + B 76F343DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtMapViewOfSection + 6 76F34B2A 4 Bytes [28, 0B, D0, 00] {SUB [EBX], CL; ROL BYTE [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtMapViewOfSection + B 76F34B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenFile + 6 76F34BBA 4 Bytes [68, 08, D0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenFile + B 76F34BBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcess + 6 76F34C3A 4 Bytes [A8, 09, D0, 00] {TEST AL, 0x9; ROL BYTE [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcess + B 76F34C3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcessToken + 6 76F34C4A 4 Bytes CALL 75F41C58 C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcessToken + B 76F34C4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcessTokenEx + 6 76F34C5A 4 Bytes [A8, 0A, D0, 00] {TEST AL, 0xa; ROL BYTE [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcessTokenEx + B 76F34C5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThread + 6 76F34CAA 4 Bytes [68, 09, D0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThread + B 76F34CAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThreadToken + 6 76F34CBA 4 Bytes [68, 0A, D0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThreadToken + B 76F34CBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThreadTokenEx + 6 76F34CCA 4 Bytes CALL 75F41CD9 C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThreadTokenEx + B 76F34CCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtQueryAttributesFile + 6 76F34D5A 4 Bytes [A8, 08, D0, 00] {TEST AL, 0x8; ROL BYTE [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtQueryAttributesFile + B 76F34D5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtQueryFullAttributesFile + 6 76F34E0A 4 Bytes CALL 75F41E17 C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtQueryFullAttributesFile + B 76F34E0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtSetInformationFile + 6 76F352EA 4 Bytes [28, 09, D0, 00] {SUB [ECX], CL; ROL BYTE [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtSetInformationFile + B 76F352EF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtSetInformationThread + 6 76F3533A 4 Bytes [28, 0A, D0, 00] {SUB [EDX], CL; ROL BYTE [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtSetInformationThread + B 76F3533F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtUnmapViewOfSection + 6 76F355DA 4 Bytes [68, 0B, D0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtUnmapViewOfSection + B 76F355DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtCreateFile + 6 76F343DA 4 Bytes [28, 50, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtCreateFile + B 76F343DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtMapViewOfSection + 6 76F34B2A 4 Bytes [28, 53, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtMapViewOfSection + B 76F34B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenFile + 6 76F34BBA 4 Bytes [68, 50, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenFile + B 76F34BBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcess + 6 76F34C3A 4 Bytes [A8, 51, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcess + B 76F34C3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessToken + 6 76F34C4A 4 Bytes CALL 75F3B4A0 C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessToken + B 76F34C4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessTokenEx + 6 76F34C5A 4 Bytes [A8, 52, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessTokenEx + B 76F34C5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThread + 6 76F34CAA 4 Bytes [68, 51, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThread + B 76F34CAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadToken + 6 76F34CBA 4 Bytes [68, 52, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadToken + B 76F34CBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadTokenEx + 6 76F34CCA 4 Bytes CALL 75F3B521 C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadTokenEx + B 76F34CCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryAttributesFile + 6 76F34D5A 4 Bytes [A8, 50, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryAttributesFile + B 76F34D5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryFullAttributesFile + 6 76F34E0A 4 Bytes CALL 75F3B65F C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryFullAttributesFile + B 76F34E0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationFile + 6 76F352EA 4 Bytes [28, 51, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationFile + B 76F352EF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationThread + 6 76F3533A 4 Bytes [28, 52, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationThread + B 76F3533F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtUnmapViewOfSection + 6 76F355DA 4 Bytes [68, 53, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtUnmapViewOfSection + B 76F355DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtCreateFile + 6 76F343DA 4 Bytes [28, 9C, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtCreateFile + B 76F343DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtMapViewOfSection + 6 76F34B2A 4 Bytes [28, 9F, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtMapViewOfSection + B 76F34B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtOpenFile + 6 76F34BBA 4 Bytes [68, 9C, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtOpenFile + B 76F34BBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtOpenProcess + 6 76F34C3A 4 Bytes [A8, 9D, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtOpenProcess + B 76F34C3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtOpenProcessToken + 6 76F34C4A 4 Bytes CALL 75F444EC C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtOpenProcessToken + B 76F34C4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtOpenProcessTokenEx + 6 76F34C5A 4 Bytes [A8, 9E, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtOpenProcessTokenEx + B 76F34C5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtOpenThread + 6 76F34CAA 4 Bytes [68, 9D, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtOpenThread + B 76F34CAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtOpenThreadToken + 6 76F34CBA 4 Bytes [68, 9E, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtOpenThreadToken + B 76F34CBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtOpenThreadTokenEx + 6 76F34CCA 4 Bytes CALL 75F4456D C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtOpenThreadTokenEx + B 76F34CCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtQueryAttributesFile + 6 76F34D5A 4 Bytes [A8, 9C, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtQueryAttributesFile + B 76F34D5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtQueryFullAttributesFile + 6 76F34E0A 4 Bytes CALL 75F446AB C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtQueryFullAttributesFile + B 76F34E0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtSetInformationFile + 6 76F352EA 4 Bytes [28, 9D, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtSetInformationFile + B 76F352EF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtSetInformationThread + 6 76F3533A 4 Bytes [28, 9E, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtSetInformationThread + B 76F3533F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtUnmapViewOfSection + 6 76F355DA 4 Bytes [68, 9F, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!NtUnmapViewOfSection + B 76F355DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtCreateFile + 6 76F343DA 4 Bytes [28, 18, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtCreateFile + B 76F343DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtMapViewOfSection + 6 76F34B2A 4 Bytes [28, 1B, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtMapViewOfSection + B 76F34B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenFile + 6 76F34BBA 4 Bytes [68, 18, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenFile + B 76F34BBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenProcess + 6 76F34C3A 4 Bytes [A8, 19, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenProcess + B 76F34C3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenProcessToken + 6 76F34C4A 4 Bytes CALL 75F36A68 C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenProcessToken + B 76F34C4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenProcessTokenEx + 6 76F34C5A 4 Bytes [A8, 1A, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenProcessTokenEx + B 76F34C5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenThread + 6 76F34CAA 4 Bytes [68, 19, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenThread + B 76F34CAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenThreadToken + 6 76F34CBA 4 Bytes [68, 1A, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenThreadToken + B 76F34CBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenThreadTokenEx + 6 76F34CCA 4 Bytes CALL 75F36AE9 C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenThreadTokenEx + B 76F34CCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtQueryAttributesFile + 6 76F34D5A 4 Bytes [A8, 18, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtQueryAttributesFile + B 76F34D5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtQueryFullAttributesFile + 6 76F34E0A 4 Bytes CALL 75F36C27 C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtQueryFullAttributesFile + B 76F34E0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtSetInformationFile + 6 76F352EA 4 Bytes [28, 19, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtSetInformationFile + B 76F352EF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtSetInformationThread + 6 76F3533A 4 Bytes [28, 1A, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtSetInformationThread + B 76F3533F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtUnmapViewOfSection + 6 76F355DA 4 Bytes [68, 1B, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtUnmapViewOfSection + B 76F355DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtCreateFile + 6 76F343DA 4 Bytes [28, 2C, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtCreateFile + B 76F343DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtMapViewOfSection + 6 76F34B2A 4 Bytes [28, 2F, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtMapViewOfSection + B 76F34B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenFile + 6 76F34BBA 4 Bytes [68, 2C, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenFile + B 76F34BBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenProcess + 6 76F34C3A 4 Bytes [A8, 2D, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenProcess + B 76F34C3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenProcessToken + 6 76F34C4A 4 Bytes CALL 75F4367C C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenProcessToken + B 76F34C4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenProcessTokenEx + 6 76F34C5A 4 Bytes [A8, 2E, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenProcessTokenEx + B 76F34C5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenThread + 6 76F34CAA 4 Bytes [68, 2D, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenThread + B 76F34CAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenThreadToken + 6 76F34CBA 4 Bytes [68, 2E, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenThreadToken + B 76F34CBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenThreadTokenEx + 6 76F34CCA 4 Bytes CALL 75F436FD C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenThreadTokenEx + B 76F34CCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtQueryAttributesFile + 6 76F34D5A 4 Bytes [A8, 2C, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtQueryAttributesFile + B 76F34D5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtQueryFullAttributesFile + 6 76F34E0A 4 Bytes CALL 75F4383B C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtQueryFullAttributesFile + B 76F34E0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtSetInformationFile + 6 76F352EA 4 Bytes [28, 2D, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtSetInformationFile + B 76F352EF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtSetInformationThread + 6 76F3533A 4 Bytes [28, 2E, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtSetInformationThread + B 76F3533F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtUnmapViewOfSection + 6 76F355DA 4 Bytes [68, 2F, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtUnmapViewOfSection + B 76F355DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtCreateFile + 6 76F343DA 4 Bytes [28, 84, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtCreateFile + B 76F343DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtMapViewOfSection + 6 76F34B2A 4 Bytes [28, 87, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtMapViewOfSection + B 76F34B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenFile + 6 76F34BBA 4 Bytes [68, 84, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenFile + B 76F34BBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcess + 6 76F34C3A 4 Bytes [A8, 85, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcess + B 76F34C3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcessToken + 6 76F34C4A 4 Bytes CALL 75F3EAD4 C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcessToken + B 76F34C4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcessTokenEx + 6 76F34C5A 4 Bytes [A8, 86, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcessTokenEx + B 76F34C5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThread + 6 76F34CAA 4 Bytes [68, 85, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThread + B 76F34CAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThreadToken + 6 76F34CBA 4 Bytes [68, 86, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThreadToken + B 76F34CBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThreadTokenEx + 6 76F34CCA 4 Bytes CALL 75F3EB55 C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThreadTokenEx + B 76F34CCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtQueryAttributesFile + 6 76F34D5A 4 Bytes [A8, 84, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtQueryAttributesFile + B 76F34D5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtQueryFullAttributesFile + 6 76F34E0A 4 Bytes CALL 75F3EC93 C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtQueryFullAttributesFile + B 76F34E0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtSetInformationFile + 6 76F352EA 4 Bytes [28, 85, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtSetInformationFile + B 76F352EF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtSetInformationThread + 6 76F3533A 4 Bytes [28, 86, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtSetInformationThread + B 76F3533F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtUnmapViewOfSection + 6 76F355DA 4 Bytes [68, 87, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtUnmapViewOfSection + B 76F355DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtCreateFile + 6 76F343DA 4 Bytes [28, 74, 7F, 00] {SUB [EDI+EDI*2+0x0], DH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtCreateFile + B 76F343DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtMapViewOfSection + 6 76F34B2A 4 Bytes [28, 77, 7F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtMapViewOfSection + B 76F34B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenFile + 6 76F34BBA 4 Bytes [68, 74, 7F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenFile + B 76F34BBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenProcess + 6 76F34C3A 4 Bytes [A8, 75, 7F, 00] {TEST AL, 0x75; JG 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenProcess + B 76F34C3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenProcessToken + 6 76F34C4A 4 Bytes CALL 75F3CBC4 C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenProcessToken + B 76F34C4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenProcessTokenEx + 6 76F34C5A 4 Bytes [A8, 76, 7F, 00] {TEST AL, 0x76; JG 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenProcessTokenEx + B 76F34C5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenThread + 6 76F34CAA 4 Bytes [68, 75, 7F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenThread + B 76F34CAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenThreadToken + 6 76F34CBA 4 Bytes [68, 76, 7F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenThreadToken + B 76F34CBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenThreadTokenEx + 6 76F34CCA 4 Bytes CALL 75F3CC45 C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenThreadTokenEx + B 76F34CCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtQueryAttributesFile + 6 76F34D5A 4 Bytes [A8, 74, 7F, 00] {TEST AL, 0x74; JG 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtQueryAttributesFile + B 76F34D5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtQueryFullAttributesFile + 6 76F34E0A 4 Bytes CALL 75F3CD83 C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtQueryFullAttributesFile + B 76F34E0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtSetInformationFile + 6 76F352EA 4 Bytes [28, 75, 7F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtSetInformationFile + B 76F352EF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtSetInformationThread + 6 76F3533A 4 Bytes [28, 76, 7F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtSetInformationThread + B 76F3533F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtUnmapViewOfSection + 6 76F355DA 4 Bytes [68, 77, 7F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtUnmapViewOfSection + B 76F355DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtCreateFile + 6 76F343DA 4 Bytes [28, 3C, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtCreateFile + B 76F343DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtMapViewOfSection + 6 76F34B2A 4 Bytes [28, 3F, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtMapViewOfSection + B 76F34B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenFile + 6 76F34BBA 4 Bytes [68, 3C, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenFile + B 76F34BBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenProcess + 6 76F34C3A 4 Bytes [A8, 3D, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenProcess + B 76F34C3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenProcessToken + 6 76F34C4A 4 Bytes CALL 75F43D8C C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenProcessToken + B 76F34C4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenProcessTokenEx + 6 76F34C5A 4 Bytes [A8, 3E, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenProcessTokenEx + B 76F34C5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenThread + 6 76F34CAA 4 Bytes [68, 3D, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenThread + B 76F34CAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenThreadToken + 6 76F34CBA 4 Bytes [68, 3E, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenThreadToken + B 76F34CBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenThreadTokenEx + 6 76F34CCA 4 Bytes CALL 75F43E0D C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenThreadTokenEx + B 76F34CCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtQueryAttributesFile + 6 76F34D5A 4 Bytes [A8, 3C, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtQueryAttributesFile + B 76F34D5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtQueryFullAttributesFile + 6 76F34E0A 4 Bytes CALL 75F43F4B C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtQueryFullAttributesFile + B 76F34E0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtSetInformationFile + 6 76F352EA 4 Bytes [28, 3D, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtSetInformationFile + B 76F352EF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtSetInformationThread + 6 76F3533A 4 Bytes [28, 3E, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtSetInformationThread + B 76F3533F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtUnmapViewOfSection + 6 76F355DA 4 Bytes [68, 3F, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtUnmapViewOfSection + B 76F355DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtCreateFile + 6 76F343DA 4 Bytes [28, 5C, 22, 00] {SUB [EDX+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtCreateFile + B 76F343DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtMapViewOfSection + 6 76F34B2A 4 Bytes [28, 5F, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtMapViewOfSection + B 76F34B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenFile + 6 76F34BBA 4 Bytes [68, 5C, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenFile + B 76F34BBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenProcess + 6 76F34C3A 4 Bytes [A8, 5D, 22, 00] {TEST AL, 0x5d; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenProcess + B 76F34C3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenProcessToken + 6 76F34C4A 4 Bytes CALL 75F36EAC C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenProcessToken + B 76F34C4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenProcessTokenEx + 6 76F34C5A 4 Bytes [A8, 5E, 22, 00] {TEST AL, 0x5e; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenProcessTokenEx + B 76F34C5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenThread + 6 76F34CAA 4 Bytes [68, 5D, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenThread + B 76F34CAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenThreadToken + 6 76F34CBA 4 Bytes [68, 5E, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenThreadToken + B 76F34CBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenThreadTokenEx + 6 76F34CCA 4 Bytes CALL 75F36F2D C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenThreadTokenEx + B 76F34CCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtQueryAttributesFile + 6 76F34D5A 4 Bytes [A8, 5C, 22, 00] {TEST AL, 0x5c; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtQueryAttributesFile + B 76F34D5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtQueryFullAttributesFile + 6 76F34E0A 4 Bytes CALL 75F3706B C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtQueryFullAttributesFile + B 76F34E0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtSetInformationFile + 6 76F352EA 4 Bytes [28, 5D, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtSetInformationFile + B 76F352EF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtSetInformationThread + 6 76F3533A 4 Bytes [28, 5E, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtSetInformationThread + B 76F3533F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtUnmapViewOfSection + 6 76F355DA 4 Bytes [68, 5F, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtUnmapViewOfSection + B 76F355DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtCreateFile + 6 76F343DA 4 Bytes [28, 24, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtCreateFile + B 76F343DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtMapViewOfSection + 6 76F34B2A 4 Bytes [28, 27, DD, 00] {SUB [EDI], AH; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtMapViewOfSection + B 76F34B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtOpenFile + 6 76F34BBA 4 Bytes [68, 24, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtOpenFile + B 76F34BBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtOpenProcess + 6 76F34C3A 4 Bytes [A8, 25, DD, 00] {TEST AL, 0x25; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtOpenProcess + B 76F34C3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtOpenProcessToken + 6 76F34C4A 4 Bytes CALL 75F42974 C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtOpenProcessToken + B 76F34C4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtOpenProcessTokenEx + 6 76F34C5A 4 Bytes [A8, 26, DD, 00] {TEST AL, 0x26; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtOpenProcessTokenEx + B 76F34C5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtOpenThread + 6 76F34CAA 4 Bytes [68, 25, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtOpenThread + B 76F34CAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtOpenThreadToken + 6 76F34CBA 4 Bytes [68, 26, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtOpenThreadToken + B 76F34CBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtOpenThreadTokenEx + 6 76F34CCA 4 Bytes CALL 75F429F5 C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtOpenThreadTokenEx + B 76F34CCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtQueryAttributesFile + 6 76F34D5A 4 Bytes [A8, 24, DD, 00] {TEST AL, 0x24; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtQueryAttributesFile + B 76F34D5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtQueryFullAttributesFile + 6 76F34E0A 4 Bytes CALL 75F42B33 C:\Windows\system32\MSCTF.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtQueryFullAttributesFile + B 76F34E0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtSetInformationFile + 6 76F352EA 4 Bytes [28, 25, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtSetInformationFile + B 76F352EF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtSetInformationThread + 6 76F3533A 4 Bytes [28, 26, DD, 00] {SUB [ESI], AH; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtSetInformationThread + B 76F3533F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtUnmapViewOfSection + 6 76F355DA 4 Bytes [68, 27, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtUnmapViewOfSection + B 76F355DF 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73F47817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73F9A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73F4BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73F3F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73F475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73F3E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73F78395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73F4DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73F3FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73F3FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73F371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73FCCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73F6C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73F3D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73F36853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73F3687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73F42AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 85C821F8 Device \Driver\usbuhci \Device\USBPDO-0 86E481F8 Device \Driver\usbuhci \Device\USBPDO-1 86E481F8 Device \Driver\usbuhci \Device\USBPDO-2 86E481F8 Device \Driver\usbuhci \Device\USBPDO-3 86E481F8 Device \Driver\usbehci \Device\USBPDO-4 86ED21F8 Device \Driver\cdrom \Device\CdRom0 86D1D1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 85C811F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 sfsync02.sys Device \Driver\atapi \Device\Ide\IdePort0 85C811F8 Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 85C811F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 sfsync02.sys Device \Driver\atapi \Device\Ide\IdePort1 85C811F8 Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys Device \Driver\atapi \Device\Ide\IdePort2 85C811F8 Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys Device \Driver\atapi \Device\Ide\IdePort3 85C811F8 Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys Device \Driver\atapi \Device\Ide\IdePort4 85C811F8 Device \Driver\atapi \Device\Ide\IdePort4 sfsync02.sys Device \Driver\atapi \Device\Ide\IdePort5 85C811F8 Device \Driver\atapi \Device\Ide\IdePort5 sfsync02.sys Device \Driver\cdrom \Device\CdRom1 86D1D1F8 Device \Driver\PCI_PNP8418 \Device\00000073 sptd.sys Device \Driver\PCI_PNP8418 \Device\00000073 sptd.sys Device \Driver\cdrom \Device\CdRom2 86D1D1F8 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl 86FA11F8 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl sfsync02.sys Device \Driver\netbt \Device\NetBt_Wins_Export 874731F8 Device \Driver\dtsoftbus01 \Device\00000084 86FA11F8 Device \Driver\dtsoftbus01 \Device\00000084 sfsync02.sys Device \Driver\Smb \Device\NetbiosSmb 874721F8 Device \Driver\iScsiPrt \Device\RaidPort0 86D411F8 Device \Driver\usbuhci \Device\USBFDO-0 86E481F8 Device \Driver\usbuhci \Device\USBFDO-1 86E481F8 Device \Driver\usbuhci \Device\USBFDO-2 86E481F8 Device \Driver\usbuhci \Device\USBFDO-3 86E481F8 Device \Driver\usbehci \Device\USBFDO-4 86ED21F8 Device \Driver\netbt \Device\NetBT_Tcpip_{372F46BA-D434-4C58-A643-E459086B2A08} 874731F8 Device \Driver\netbt \Device\NetBT_Tcpip_{500E8F66-043A-441A-8028-FF20A95C1AA9} 874731F8 Device \Driver\amqelxd0 \Device\Scsi\amqelxd01Port7Path0Target0Lun0 86D2A1F8 Device \Driver\amqelxd0 \Device\Scsi\amqelxd01Port7Path0Target0Lun0 sfsync02.sys Device \Driver\amqelxd0 \Device\Scsi\amqelxd01 86D2A1F8 Device \Driver\amqelxd0 \Device\Scsi\amqelxd01 sfsync02.sys Device \FileSystem\cdfs \Cdfs 87C3D1F8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x1C 0xC2 0x1C 0x18 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x51 0x91 0x6E 0xE4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xE0 0x9B 0x79 0x70 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAC 0x92 0x8A 0x9A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Daemon\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC1 0x61 0xA8 0x67 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAC 0x92 0x8A 0x9A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x1C 0xC2 0x1C 0x18 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x51 0x91 0x6E 0xE4 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xE0 0x9B 0x79 0x70 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAC 0x92 0x8A 0x9A ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Daemon\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) ---- EOF - GMER 2.1 ----