GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-04 16:54:33 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS723225L9A362 rev.FCDOC30F 232,89GB Running: gmer.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uglyipog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x914BBA9C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x914BC57A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x914C85C4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x914C8610] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x914C87AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x914C8532] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x915726C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x914C857A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0x914BCAB0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x914BCCCC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x914C8764] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x914BD368] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x914BBB02] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x914C0B3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x914BB6EE] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x915727A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x914BBB68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x914C0F32] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x914BDE50] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x914C85EE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x914C8632] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x914C87CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x914C8558] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x914C0436] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x914C86E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x914C85A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x914C081E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x914C8788] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x91572546] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x914BDCC4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x914BD9D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x914BBBCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x914BBC34] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x9157289E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x914BB788] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x914BB95A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x914BB8E8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x914BD532] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x914BD694] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x914BB9E2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x91572614] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x914BD1C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x914BBC9A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x914BC5D6] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C8DA15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CC7212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82CCE460 4 Bytes [9C, BA, 4B, 91] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82CCE4E8 4 Bytes [7A, C5, 4B, 91] {JP 0xffffffc7; DEC EBX; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82CCE53C 8 Bytes [C4, 85, 4C, 91, 10, 86, 4C, ...] {LES EAX, [EBP-0x79ef6eb4]; DEC ESP; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82CCE548 4 Bytes [AA, 87, 4C, 91] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82CCE564 4 Bytes [32, 85, 4C, 91] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E894DF 4 Bytes CALL 914BE513 \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82EA3347 4 Bytes CALL 914BE529 \SystemRoot\system32\drivers\aswSnx.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\PDF Architect\HelperService.exe[324] kernel32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] .text C:\Windows\system32\csrss.exe[388] kernel32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] .text C:\Windows\system32\wininit.exe[448] kernel32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] .text C:\Windows\system32\csrss.exe[460] kernel32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] .text C:\Windows\system32\services.exe[504] kernel32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1416] kernel32.dll!SetUnhandledExceptionFilter 7660F4EB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1416] kernel32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1636] kernel32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1668] kernel32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[1696] kernel32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1752] kernel32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3748] kernel32.dll!SetUnhandledExceptionFilter 7660F4EB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3748] kernel32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] .text C:\Program Files\Browny02\Brother\BrStMonW.exe[3820] kernel32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3884] kernel32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] .text C:\Program Files\Browny02\BrYNSvc.exe[3972] kernel32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtCreateFile + 6 76DD560E 4 Bytes [28, B8, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtCreateFile + B 76DD5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtMapViewOfSection + 6 76DD5C6E 4 Bytes [28, BB, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtMapViewOfSection + B 76DD5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtOpenFile + 6 76DD5D1E 4 Bytes [68, B8, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtOpenFile + B 76DD5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtOpenProcess + 6 76DD5DCE 4 Bytes [A8, B9, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtOpenProcess + B 76DD5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtOpenProcessToken + 6 76DD5DDE 4 Bytes CALL 75DDCB9C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtOpenProcessToken + B 76DD5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtOpenProcessTokenEx + 6 76DD5DEE 4 Bytes [A8, BA, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtOpenProcessTokenEx + B 76DD5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtOpenThread + 6 76DD5E4E 4 Bytes [68, B9, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtOpenThread + B 76DD5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtOpenThreadToken + 6 76DD5E5E 4 Bytes [68, BA, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtOpenThreadToken + B 76DD5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtOpenThreadTokenEx + 6 76DD5E6E 4 Bytes CALL 75DDCC2D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtOpenThreadTokenEx + B 76DD5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtQueryAttributesFile + 6 76DD5F7E 4 Bytes [A8, B8, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtQueryAttributesFile + B 76DD5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtQueryFullAttributesFile + 6 76DD602E 4 Bytes CALL 75DDCDEB C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtQueryFullAttributesFile + B 76DD6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtSetInformationFile + 6 76DD667E 4 Bytes [28, B9, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtSetInformationFile + B 76DD6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtSetInformationThread + 6 76DD66DE 4 Bytes [28, BA, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtSetInformationThread + B 76DD66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtUnmapViewOfSection + 6 76DD69FE 4 Bytes [68, BB, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!NtUnmapViewOfSection + B 76DD6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 009D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] ntdll.dll!LdrLoadDll 76DF22AE 5 Bytes JMP 009D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4316] KERNEL32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtCreateFile + 6 76DD560E 4 Bytes [28, 10, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtCreateFile + B 76DD5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtMapViewOfSection + 6 76DD5C6E 4 Bytes [28, 13, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtMapViewOfSection + B 76DD5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenFile + 6 76DD5D1E 4 Bytes [68, 10, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenFile + B 76DD5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenProcess + 6 76DD5DCE 4 Bytes [A8, 11, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenProcess + B 76DD5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenProcessToken + 6 76DD5DDE 4 Bytes CALL 75DDF0F4 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenProcessToken + B 76DD5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenProcessTokenEx + 6 76DD5DEE 4 Bytes [A8, 12, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenProcessTokenEx + B 76DD5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenThread + 6 76DD5E4E 4 Bytes [68, 11, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenThread + B 76DD5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenThreadToken + 6 76DD5E5E 4 Bytes [68, 12, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenThreadToken + B 76DD5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenThreadTokenEx + 6 76DD5E6E 4 Bytes CALL 75DDF185 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenThreadTokenEx + B 76DD5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtQueryAttributesFile + 6 76DD5F7E 4 Bytes [A8, 10, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtQueryAttributesFile + B 76DD5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtQueryFullAttributesFile + 6 76DD602E 4 Bytes CALL 75DDF343 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtQueryFullAttributesFile + B 76DD6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtSetInformationFile + 6 76DD667E 4 Bytes [28, 11, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtSetInformationFile + B 76DD6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtSetInformationThread + 6 76DD66DE 4 Bytes [28, 12, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtSetInformationThread + B 76DD66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtUnmapViewOfSection + 6 76DD69FE 4 Bytes [68, 13, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtUnmapViewOfSection + B 76DD6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 00A003FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!LdrLoadDll 76DF22AE 5 Bytes JMP 00A001F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] .text C:\Windows\System32\svchost.exe[5048] kernel32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!LdrLoadDll 76DF22AE 5 Bytes JMP 000E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] KERNEL32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtCreateFile + 6 76DD560E 4 Bytes [28, 40, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtCreateFile + B 76DD5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtMapViewOfSection + 6 76DD5C6E 4 Bytes [28, 43, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtMapViewOfSection + B 76DD5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenFile + 6 76DD5D1E 4 Bytes [68, 40, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenFile + B 76DD5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcess + 6 76DD5DCE 4 Bytes [A8, 41, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcess + B 76DD5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcessToken + 6 76DD5DDE 4 Bytes CALL 75DD7B24 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcessToken + B 76DD5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcessTokenEx + 6 76DD5DEE 4 Bytes [A8, 42, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcessTokenEx + B 76DD5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThread + 6 76DD5E4E 4 Bytes [68, 41, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThread + B 76DD5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThreadToken + 6 76DD5E5E 4 Bytes [68, 42, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThreadToken + B 76DD5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThreadTokenEx + 6 76DD5E6E 4 Bytes CALL 75DD7BB5 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThreadTokenEx + B 76DD5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtQueryAttributesFile + 6 76DD5F7E 4 Bytes [A8, 40, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtQueryAttributesFile + B 76DD5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtQueryFullAttributesFile + 6 76DD602E 4 Bytes CALL 75DD7D73 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtQueryFullAttributesFile + B 76DD6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtSetInformationFile + 6 76DD667E 4 Bytes [28, 41, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtSetInformationFile + B 76DD6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtSetInformationThread + 6 76DD66DE 4 Bytes [28, 42, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtSetInformationThread + B 76DD66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtUnmapViewOfSection + 6 76DD69FE 4 Bytes [68, 43, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtUnmapViewOfSection + B 76DD6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 003903FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!LdrLoadDll 76DF22AE 5 Bytes JMP 003901F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] KERNEL32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtCreateFile + 6 76DD560E 4 Bytes [28, 88, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtCreateFile + B 76DD5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtMapViewOfSection + 6 76DD5C6E 4 Bytes [28, 8B, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtMapViewOfSection + B 76DD5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenFile + 6 76DD5D1E 4 Bytes [68, 88, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenFile + B 76DD5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenProcess + 6 76DD5DCE 4 Bytes [A8, 89, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenProcess + B 76DD5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenProcessToken + 6 76DD5DDE 4 Bytes CALL 75DDF36C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenProcessToken + B 76DD5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenProcessTokenEx + 6 76DD5DEE 4 Bytes [A8, 8A, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenProcessTokenEx + B 76DD5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenThread + 6 76DD5E4E 4 Bytes [68, 89, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenThread + B 76DD5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenThreadToken + 6 76DD5E5E 4 Bytes [68, 8A, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenThreadToken + B 76DD5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenThreadTokenEx + 6 76DD5E6E 4 Bytes CALL 75DDF3FD C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenThreadTokenEx + B 76DD5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtQueryAttributesFile + 6 76DD5F7E 4 Bytes [A8, 88, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtQueryAttributesFile + B 76DD5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtQueryFullAttributesFile + 6 76DD602E 4 Bytes CALL 75DDF5BB C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtQueryFullAttributesFile + B 76DD6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtSetInformationFile + 6 76DD667E 4 Bytes [28, 89, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtSetInformationFile + B 76DD6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtSetInformationThread + 6 76DD66DE 4 Bytes [28, 8A, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtSetInformationThread + B 76DD66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtUnmapViewOfSection + 6 76DD69FE 4 Bytes [68, 8B, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtUnmapViewOfSection + B 76DD6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 00AB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!LdrLoadDll 76DF22AE 5 Bytes JMP 00AB01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5528] KERNEL32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtCreateFile + 6 76DD560E 4 Bytes [28, C4, DA, 00] {SUB AH, AL; FIADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtCreateFile + B 76DD5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtMapViewOfSection + 6 76DD5C6E 4 Bytes [28, C7, DA, 00] {SUB BH, AL; FIADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtMapViewOfSection + B 76DD5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenFile + 6 76DD5D1E 4 Bytes [68, C4, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenFile + B 76DD5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenProcess + 6 76DD5DCE 4 Bytes [A8, C5, DA, 00] {TEST AL, 0xc5; FIADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenProcess + B 76DD5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenProcessToken + 6 76DD5DDE 4 Bytes CALL 75DE38A8 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenProcessToken + B 76DD5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenProcessTokenEx + 6 76DD5DEE 4 Bytes [A8, C6, DA, 00] {TEST AL, 0xc6; FIADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenProcessTokenEx + B 76DD5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenThread + 6 76DD5E4E 4 Bytes [68, C5, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenThread + B 76DD5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenThreadToken + 6 76DD5E5E 4 Bytes [68, C6, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenThreadToken + B 76DD5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenThreadTokenEx + 6 76DD5E6E 4 Bytes CALL 75DE3939 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenThreadTokenEx + B 76DD5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtQueryAttributesFile + 6 76DD5F7E 4 Bytes [A8, C4, DA, 00] {TEST AL, 0xc4; FIADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtQueryAttributesFile + B 76DD5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtQueryFullAttributesFile + 6 76DD602E 4 Bytes CALL 75DE3AF7 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtQueryFullAttributesFile + B 76DD6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtSetInformationFile + 6 76DD667E 4 Bytes [28, C5, DA, 00] {SUB CH, AL; FIADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtSetInformationFile + B 76DD6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtSetInformationThread + 6 76DD66DE 4 Bytes [28, C6, DA, 00] {SUB DH, AL; FIADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtSetInformationThread + B 76DD66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtUnmapViewOfSection + 6 76DD69FE 4 Bytes [68, C7, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtUnmapViewOfSection + B 76DD6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 00EB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!LdrLoadDll 76DF22AE 5 Bytes JMP 00EB01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5624] KERNEL32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtCreateFile + 6 76DD560E 4 Bytes [28, 7C, 5C, 00] {SUB [ESP+EBX*2+0x0], BH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtCreateFile + B 76DD5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtMapViewOfSection + 6 76DD5C6E 4 Bytes [28, 7F, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtMapViewOfSection + B 76DD5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenFile + 6 76DD5D1E 4 Bytes [68, 7C, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenFile + B 76DD5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenProcess + 6 76DD5DCE 4 Bytes [A8, 7D, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenProcess + B 76DD5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenProcessToken + 6 76DD5DDE 4 Bytes CALL 75DDBA60 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenProcessToken + B 76DD5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenProcessTokenEx + 6 76DD5DEE 4 Bytes [A8, 7E, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenProcessTokenEx + B 76DD5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenThread + 6 76DD5E4E 4 Bytes [68, 7D, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenThread + B 76DD5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenThreadToken + 6 76DD5E5E 4 Bytes [68, 7E, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenThreadToken + B 76DD5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenThreadTokenEx + 6 76DD5E6E 4 Bytes CALL 75DDBAF1 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenThreadTokenEx + B 76DD5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtQueryAttributesFile + 6 76DD5F7E 4 Bytes [A8, 7C, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtQueryAttributesFile + B 76DD5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtQueryFullAttributesFile + 6 76DD602E 4 Bytes CALL 75DDBCAF C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtQueryFullAttributesFile + B 76DD6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtSetInformationFile + 6 76DD667E 4 Bytes [28, 7D, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtSetInformationFile + B 76DD6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtSetInformationThread + 6 76DD66DE 4 Bytes [28, 7E, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtSetInformationThread + B 76DD66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtUnmapViewOfSection + 6 76DD69FE 4 Bytes [68, 7F, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtUnmapViewOfSection + B 76DD6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 006203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!LdrLoadDll 76DF22AE 5 Bytes JMP 006201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] KERNEL32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtCreateFile + 6 76DD560E 4 Bytes [28, F8, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtCreateFile + B 76DD5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtMapViewOfSection + 6 76DD5C6E 4 Bytes [28, FB, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtMapViewOfSection + B 76DD5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenFile + 6 76DD5D1E 4 Bytes [68, F8, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenFile + B 76DD5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenProcess + 6 76DD5DCE 4 Bytes [A8, F9, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenProcess + B 76DD5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenProcessToken + 6 76DD5DDE 4 Bytes CALL 75DDB7DC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenProcessToken + B 76DD5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenProcessTokenEx + 6 76DD5DEE 4 Bytes [A8, FA, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenProcessTokenEx + B 76DD5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenThread + 6 76DD5E4E 4 Bytes [68, F9, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenThread + B 76DD5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenThreadToken + 6 76DD5E5E 4 Bytes [68, FA, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenThreadToken + B 76DD5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenThreadTokenEx + 6 76DD5E6E 4 Bytes CALL 75DDB86D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtOpenThreadTokenEx + B 76DD5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtQueryAttributesFile + 6 76DD5F7E 4 Bytes [A8, F8, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtQueryAttributesFile + B 76DD5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtQueryFullAttributesFile + 6 76DD602E 4 Bytes CALL 75DDBA2B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtQueryFullAttributesFile + B 76DD6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtSetInformationFile + 6 76DD667E 4 Bytes [28, F9, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtSetInformationFile + B 76DD6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtSetInformationThread + 6 76DD66DE 4 Bytes [28, FA, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtSetInformationThread + B 76DD66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtUnmapViewOfSection + 6 76DD69FE 4 Bytes [68, FB, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!NtUnmapViewOfSection + B 76DD6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 006603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] ntdll.dll!LdrLoadDll 76DF22AE 5 Bytes JMP 006601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5880] KERNEL32.dll!GetBinaryTypeW + 70 766269E4 1 Byte [62] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS ---- Files - GMER 2.1 ---- File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008f6b 30159 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.pl_0.indexeddb.leveldb\000628.log 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.pl_0.indexeddb.leveldb\MANIFEST-000627 0 bytes ---- EOF - GMER 2.1 ----