GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-05 20:45:53 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000066 WDC_WD64 rev.01.0 596,17GB Running: jh1o5ruz.exe; Driver: C:\Users\ADMIN\AppData\Local\Temp\aglorpod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x90E20A9C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x90F3B9F2] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x90EEC0EE] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x90EEC320] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x90E2157A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x90EEBEE8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x90E2D5C4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x90E2D610] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x90E2D7AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x90E2D532] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x90F906C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x90E2D57A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x90F3D9EE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x90E2D764] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x90F3D580] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x90E20B02] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x90EDC660] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x90F3BB34] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x90F3B660] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x90F907A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x90E20B68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x90E25F32] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x90E22E50] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x90E2D5EE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x90E2D632] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x90E2D7CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x90E2D558] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x90F3D0B4] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x90F3E7EE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x90E2D5A2] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x90F3D6E0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x90E2D788] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x90F90546] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x90E22CC4] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x90F3E228] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x90EEC1F4] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x90F3DF44] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x90EEBFE8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x90E20BCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x90E20C34] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x90F9089E] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x90EDCA7A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x90F3B998] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x90E2095A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x90E208E8] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x90F3D2BC] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x90F3DDE4] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x90EDCA8C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x90F90614] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x90F3D8E4] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x90F3E8F6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x90E20C9A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x90F3E680] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x90F3DC3A] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 834BF758 4 Bytes [9C, 0A, E2, 90] {PUSHF ; OR AH, DL; NOP } .text ntkrnlpa.exe!KeSetEvent + 119 834BF764 4 Bytes [F2, B9, F3, 90] .text ntkrnlpa.exe!KeSetEvent + 13D 834BF788 4 Bytes [EE, C0, EE, 90] {OUT DX, AL; SHR DH, 0x90} .text ntkrnlpa.exe!KeSetEvent + 181 834BF7CC 4 Bytes [20, C3, EE, 90] {AND BL, AL; OUT DX, AL; NOP } .text ntkrnlpa.exe!KeSetEvent + 191 834BF7DC 4 Bytes [7A, 15, E2, 90] {JP 0x17; LOOP 0xffffff94} .text ... ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[332] kernel32.dll!SetUnhandledExceptionFilter 76B5A8B5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[332] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Windows\system32\Dwm.exe[336] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Windows\Explorer.EXE[360] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 00A401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 00A403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtCreateFile + 6 77B9426A 4 Bytes [28, B4, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtCreateFile + B 77B9426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtMapViewOfSection + 6 77B949BA 4 Bytes [28, B7, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtMapViewOfSection + B 77B949BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtOpenFile + 6 77B94A4A 4 Bytes [68, B4, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtOpenFile + B 77B94A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtOpenProcess + 6 77B94ACA 4 Bytes [A8, B5, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtOpenProcess + B 77B94ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtOpenProcessToken + 6 77B94ADA 4 Bytes CALL 76B9E994 C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtOpenProcessToken + B 77B94ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtOpenProcessTokenEx + 6 77B94AEA 4 Bytes [A8, B6, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtOpenProcessTokenEx + B 77B94AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtOpenThread + 6 77B94B3A 4 Bytes [68, B5, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtOpenThread + B 77B94B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtOpenThreadToken + 6 77B94B4A 4 Bytes [68, B6, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtOpenThreadToken + B 77B94B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtOpenThreadTokenEx + 6 77B94B5A 4 Bytes CALL 76B9EA15 C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtOpenThreadTokenEx + B 77B94B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtQueryAttributesFile + 6 77B94BEA 4 Bytes [A8, B4, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtQueryAttributesFile + B 77B94BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtQueryFullAttributesFile + 6 77B94C9A 4 Bytes CALL 76B9EB53 C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtQueryFullAttributesFile + B 77B94C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtSetInformationFile + 6 77B9517A 4 Bytes [28, B5, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtSetInformationFile + B 77B9517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtSetInformationThread + 6 77B951CA 4 Bytes [28, B6, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtSetInformationThread + B 77B951CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtUnmapViewOfSection + 6 77B9546A 4 Bytes [68, B7, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] ntdll.dll!NtUnmapViewOfSection + B 77B9546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[692] KERNEL32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[728] kernel32.dll!SetUnhandledExceptionFilter 76B5A8B5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[728] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Windows\system32\csrss.exe[736] KERNEL32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Windows\system32\wininit.exe[788] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Windows\system32\csrss.exe[808] KERNEL32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[812] kernel32.dll!SetUnhandledExceptionFilter 76B5A8B5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\afwServ.exe[812] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Windows\system32\services.exe[840] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Windows\system32\lsass.exe[856] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Windows\system32\lsm.exe[872] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Windows\system32\winlogon.exe[900] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 00DC01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 00DC03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtCreateFile + 6 77B9426A 4 Bytes [28, 1C, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtCreateFile + B 77B9426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtMapViewOfSection + 6 77B949BA 4 Bytes [28, 1F, D2, 00] {SUB [EDI], BL; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtMapViewOfSection + B 77B949BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenFile + 6 77B94A4A 4 Bytes [68, 1C, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenFile + B 77B94A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenProcess + 6 77B94ACA 4 Bytes [A8, 1D, D2, 00] {TEST AL, 0x1d; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenProcess + B 77B94ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenProcessToken + 6 77B94ADA 4 Bytes CALL 76BA1CFC C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenProcessToken + B 77B94ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenProcessTokenEx + 6 77B94AEA 4 Bytes [A8, 1E, D2, 00] {TEST AL, 0x1e; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenProcessTokenEx + B 77B94AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenThread + 6 77B94B3A 4 Bytes [68, 1D, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenThread + B 77B94B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenThreadToken + 6 77B94B4A 4 Bytes [68, 1E, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenThreadToken + B 77B94B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenThreadTokenEx + 6 77B94B5A 4 Bytes CALL 76BA1D7D C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenThreadTokenEx + B 77B94B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtQueryAttributesFile + 6 77B94BEA 4 Bytes [A8, 1C, D2, 00] {TEST AL, 0x1c; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtQueryAttributesFile + B 77B94BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtQueryFullAttributesFile + 6 77B94C9A 4 Bytes CALL 76BA1EBB C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtQueryFullAttributesFile + B 77B94C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtSetInformationFile + 6 77B9517A 4 Bytes [28, 1D, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtSetInformationFile + B 77B9517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtSetInformationThread + 6 77B951CA 4 Bytes [28, 1E, D2, 00] {SUB [ESI], BL; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtSetInformationThread + B 77B951CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtUnmapViewOfSection + 6 77B9546A 4 Bytes [68, 1F, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtUnmapViewOfSection + B 77B9546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1024] KERNEL32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[1104] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 003E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 003E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtCreateFile + 6 77B9426A 4 Bytes [28, 58, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtCreateFile + B 77B9426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtMapViewOfSection + 6 77B949BA 4 Bytes [28, 5B, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtMapViewOfSection + B 77B949BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenFile + 6 77B94A4A 4 Bytes [68, 58, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenFile + B 77B94A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcess + 6 77B94ACA 4 Bytes [A8, 59, 38, 00] {TEST AL, 0x59; CMP [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcess + B 77B94ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcessToken + 6 77B94ADA 4 Bytes CALL 76B98338 C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcessToken + B 77B94ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcessTokenEx + 6 77B94AEA 4 Bytes [A8, 5A, 38, 00] {TEST AL, 0x5a; CMP [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcessTokenEx + B 77B94AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThread + 6 77B94B3A 4 Bytes [68, 59, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThread + B 77B94B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThreadToken + 6 77B94B4A 4 Bytes [68, 5A, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThreadToken + B 77B94B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThreadTokenEx + 6 77B94B5A 4 Bytes CALL 76B983B9 C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThreadTokenEx + B 77B94B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtQueryAttributesFile + 6 77B94BEA 4 Bytes [A8, 58, 38, 00] {TEST AL, 0x58; CMP [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtQueryAttributesFile + B 77B94BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtQueryFullAttributesFile + 6 77B94C9A 4 Bytes CALL 76B984F7 C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtQueryFullAttributesFile + B 77B94C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtSetInformationFile + 6 77B9517A 4 Bytes [28, 59, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtSetInformationFile + B 77B9517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtSetInformationThread + 6 77B951CA 4 Bytes [28, 5A, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtSetInformationThread + B 77B951CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtUnmapViewOfSection + 6 77B9546A 4 Bytes [68, 5B, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtUnmapViewOfSection + B 77B9546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] KERNEL32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Windows\System32\svchost.exe[1296] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Windows\System32\svchost.exe[1328] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1344] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Windows\system32\AUDIODG.EXE[1428] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 00CF01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 00CF03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtCreateFile + 6 77B9426A 4 Bytes [28, 74, CA, 00] {SUB [EDX+ECX*8+0x0], DH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtCreateFile + B 77B9426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtMapViewOfSection + 6 77B949BA 4 Bytes [28, 77, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtMapViewOfSection + B 77B949BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenFile + 6 77B94A4A 4 Bytes [68, 74, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenFile + B 77B94A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcess + 6 77B94ACA 4 Bytes [A8, 75, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcess + B 77B94ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessToken + 6 77B94ADA 4 Bytes CALL 76BA1554 C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessToken + B 77B94ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessTokenEx + 6 77B94AEA 4 Bytes [A8, 76, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessTokenEx + B 77B94AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThread + 6 77B94B3A 4 Bytes [68, 75, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThread + B 77B94B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadToken + 6 77B94B4A 4 Bytes [68, 76, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadToken + B 77B94B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadTokenEx + 6 77B94B5A 4 Bytes CALL 76BA15D5 C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadTokenEx + B 77B94B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryAttributesFile + 6 77B94BEA 4 Bytes [A8, 74, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryAttributesFile + B 77B94BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryFullAttributesFile + 6 77B94C9A 4 Bytes CALL 76BA1713 C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryFullAttributesFile + B 77B94C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationFile + 6 77B9517A 4 Bytes [28, 75, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationFile + B 77B9517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationThread + 6 77B951CA 4 Bytes [28, 76, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationThread + B 77B951CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtUnmapViewOfSection + 6 77B9546A 4 Bytes [68, 77, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtUnmapViewOfSection + B 77B9546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] KERNEL32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3004] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Windows\system32\svchost.exe[3040] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe[3088] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Windows\system32\svchost.exe[3116] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 00B201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 00B203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtCreateFile + 6 77B9426A 4 Bytes [28, 0C, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtCreateFile + B 77B9426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtMapViewOfSection + 6 77B949BA 4 Bytes [28, 0F, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtMapViewOfSection + B 77B949BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenFile + 6 77B94A4A 4 Bytes [68, 0C, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenFile + B 77B94A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenProcess + 6 77B94ACA 4 Bytes [A8, 0D, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenProcess + B 77B94ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenProcessToken + 6 77B94ADA 4 Bytes CALL 76B9F6EC C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenProcessToken + B 77B94ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenProcessTokenEx + 6 77B94AEA 4 Bytes [A8, 0E, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenProcessTokenEx + B 77B94AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenThread + 6 77B94B3A 4 Bytes [68, 0D, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenThread + B 77B94B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenThreadToken + 6 77B94B4A 4 Bytes [68, 0E, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenThreadToken + B 77B94B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenThreadTokenEx + 6 77B94B5A 4 Bytes CALL 76B9F76D C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenThreadTokenEx + B 77B94B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtQueryAttributesFile + 6 77B94BEA 4 Bytes [A8, 0C, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtQueryAttributesFile + B 77B94BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtQueryFullAttributesFile + 6 77B94C9A 4 Bytes CALL 76B9F8AB C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtQueryFullAttributesFile + B 77B94C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtSetInformationFile + 6 77B9517A 4 Bytes [28, 0D, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtSetInformationFile + B 77B9517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtSetInformationThread + 6 77B951CA 4 Bytes [28, 0E, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtSetInformationThread + B 77B951CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtUnmapViewOfSection + 6 77B9546A 4 Bytes [68, 0F, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtUnmapViewOfSection + B 77B9546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] KERNEL32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Program Files\Jump Flip\bin\utilJumpFlip.exe[3720] KERNEL32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Windows\system32\conime.exe[3748] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Program Files\PowerISO\PWRISOVM.EXE[3800] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3828] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 004901F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 004903FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtCreateFile + 6 77B9426A 4 Bytes [28, 7C, 43, 00] {SUB [EBX+EAX*2+0x0], BH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtCreateFile + B 77B9426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtMapViewOfSection + 6 77B949BA 4 Bytes [28, 7F, 43, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtMapViewOfSection + B 77B949BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtOpenFile + 6 77B94A4A 4 Bytes [68, 7C, 43, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtOpenFile + B 77B94A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtOpenProcess + 6 77B94ACA 4 Bytes [A8, 7D, 43, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtOpenProcess + B 77B94ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtOpenProcessToken + 6 77B94ADA 4 Bytes CALL 76B98E5C C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtOpenProcessToken + B 77B94ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtOpenProcessTokenEx + 6 77B94AEA 4 Bytes [A8, 7E, 43, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtOpenProcessTokenEx + B 77B94AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtOpenThread + 6 77B94B3A 4 Bytes [68, 7D, 43, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtOpenThread + B 77B94B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtOpenThreadToken + 6 77B94B4A 4 Bytes [68, 7E, 43, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtOpenThreadToken + B 77B94B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtOpenThreadTokenEx + 6 77B94B5A 4 Bytes CALL 76B98EDD C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtOpenThreadTokenEx + B 77B94B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtQueryAttributesFile + 6 77B94BEA 4 Bytes [A8, 7C, 43, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtQueryAttributesFile + B 77B94BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtQueryFullAttributesFile + 6 77B94C9A 4 Bytes CALL 76B9901B C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtQueryFullAttributesFile + B 77B94C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtSetInformationFile + 6 77B9517A 4 Bytes [28, 7D, 43, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtSetInformationFile + B 77B9517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtSetInformationThread + 6 77B951CA 4 Bytes [28, 7E, 43, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtSetInformationThread + B 77B951CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtUnmapViewOfSection + 6 77B9546A 4 Bytes [68, 7F, 43, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] ntdll.dll!NtUnmapViewOfSection + B 77B9546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6220] KERNEL32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[6252] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 00FD01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 00FD03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtCreateFile + 6 77B9426A 4 Bytes [28, 00, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtCreateFile + B 77B9426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtMapViewOfSection + 6 77B949BA 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtMapViewOfSection + 6 77B949BA 4 Bytes [28, 03, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtMapViewOfSection + B 77B949BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenFile + 6 77B94A4A 4 Bytes [68, 00, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenFile + B 77B94A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenProcess + 6 77B94ACA 4 Bytes [A8, 01, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenProcess + B 77B94ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenProcessToken + 6 77B94ADA 4 Bytes CALL 76BA41E0 C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenProcessToken + B 77B94ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenProcessTokenEx + 6 77B94AEA 4 Bytes [A8, 02, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenProcessTokenEx + B 77B94AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenThread + 6 77B94B3A 4 Bytes [68, 01, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenThread + B 77B94B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenThreadToken + 6 77B94B4A 4 Bytes [68, 02, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenThreadToken + B 77B94B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenThreadTokenEx + 6 77B94B5A 4 Bytes CALL 76BA4261 C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenThreadTokenEx + B 77B94B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtQueryAttributesFile + 6 77B94BEA 4 Bytes [A8, 00, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtQueryAttributesFile + B 77B94BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtQueryFullAttributesFile + 6 77B94C9A 4 Bytes CALL 76BA439F C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtQueryFullAttributesFile + B 77B94C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtSetInformationFile + 6 77B9517A 4 Bytes [28, 01, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtSetInformationFile + B 77B9517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtSetInformationThread + 6 77B951CA 4 Bytes [28, 02, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtSetInformationThread + B 77B951CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtUnmapViewOfSection + 6 77B9546A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtUnmapViewOfSection + 6 77B9546A 4 Bytes [68, 03, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtUnmapViewOfSection + B 77B9546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] KERNEL32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Users\ADMIN\Downloads\jh1o5ruz.exe[6552] kernel32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6964] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6964] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[6964] KERNEL32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 010D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 010D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtCreateFile + 6 77B9426A 4 Bytes [28, 88, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtCreateFile + B 77B9426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtMapViewOfSection + 6 77B949BA 4 Bytes [28, 8B, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtMapViewOfSection + B 77B949BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtOpenFile + 6 77B94A4A 4 Bytes [68, 88, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtOpenFile + B 77B94A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtOpenProcess + 6 77B94ACA 4 Bytes [A8, 89, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtOpenProcess + B 77B94ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtOpenProcessToken + 6 77B94ADA 4 Bytes CALL 76BA4268 C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtOpenProcessToken + B 77B94ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtOpenProcessTokenEx + 6 77B94AEA 4 Bytes [A8, 8A, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtOpenProcessTokenEx + B 77B94AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtOpenThread + 6 77B94B3A 4 Bytes [68, 89, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtOpenThread + B 77B94B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtOpenThreadToken + 6 77B94B4A 4 Bytes [68, 8A, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtOpenThreadToken + B 77B94B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtOpenThreadTokenEx + 6 77B94B5A 4 Bytes CALL 76BA42E9 C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtOpenThreadTokenEx + B 77B94B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtQueryAttributesFile + 6 77B94BEA 4 Bytes [A8, 88, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtQueryAttributesFile + B 77B94BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtQueryFullAttributesFile + 6 77B94C9A 4 Bytes CALL 76BA4427 C:\Windows\system32\KERNEL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtQueryFullAttributesFile + B 77B94C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtSetInformationFile + 6 77B9517A 4 Bytes [28, 89, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtSetInformationFile + B 77B9517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtSetInformationThread + 6 77B951CA 4 Bytes [28, 8A, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtSetInformationThread + B 77B951CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtUnmapViewOfSection + 6 77B9546A 4 Bytes [68, 8B, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] ntdll.dll!NtUnmapViewOfSection + B 77B9546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7724] KERNEL32.dll!GetBinaryTypeW + 70 76B82447 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\services.exe[840] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 002A0002 IAT C:\Windows\system32\services.exe[840] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 002A0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp aswNdis2.sys AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys AttachedDevice \Driver\tdx \Device\Udp aswNdis2.sys AttachedDevice \Driver\tdx \Device\Udp kltdi.sys AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys