GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-07-17 04:39:30 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-007AA0 rev.05.01D05 465,76GB Running: gmer.exe; Driver: C:\Users\Czarek\AppData\Local\Temp\kwrdapog.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ZwCreateSection [0xA035E700] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwRollbackEnlistment + 1409 8207A9A5 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8209A512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 14BF 820A1AB4 4 Bytes [00, E7, 35, A0] .text sptd.sys 8B256001 31 Bytes [17, 01, 82, 34, B2, 01, 82, ...] .text sptd.sys 8B256024 28 Bytes [63, FD, 0B, 82, 05, D0, 15, ...] .text sptd.sys 8B256041 167 Bytes [71, 07, 82, 7F, CB, 1E, 82, ...] .text sptd.sys 8B2560E9 227 Bytes [61, 07, 82, C3, DA, 0E, 82, ...] .text sptd.sys 8B2561D4 4 Bytes [27, 39, 4F, 4E] {DAA ; CMP [EDI+0x4e], ECX} .text ... .sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x8B3021AA] ? C:\Windows\System32\Drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93425000, 0x15061A, 0xE8000020] .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA0156000, 0xBB22, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA0173300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtCreateFile + 6 77DB560E 4 Bytes [28, E0, 3D, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtCreateFile + B 77DB5613 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtMapViewOfSection + 6 77DB5C6E 4 Bytes [28, E3, 3D, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtMapViewOfSection + B 77DB5C73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenFile + 6 77DB5D1E 4 Bytes [68, E0, 3D, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenFile + B 77DB5D23 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcess + 6 77DB5DCE 4 Bytes [A8, E1, 3D, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcess + B 77DB5DD3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcessToken + B 77DB5DE3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DEE 4 Bytes [A8, E2, 3D, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DF3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThread + 6 77DB5E4E 4 Bytes [68, E1, 3D, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThread + B 77DB5E53 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThreadToken + 6 77DB5E5E 4 Bytes [68, E2, 3D, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThreadToken + B 77DB5E63 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtQueryAttributesFile + 6 77DB5F7E 4 Bytes [A8, E0, 3D, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtQueryAttributesFile + B 77DB5F83 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtQueryFullAttributesFile + B 77DB6033 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtSetInformationFile + 6 77DB667E 4 Bytes [28, E1, 3D, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtSetInformationFile + B 77DB6683 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtSetInformationThread + 6 77DB66DE 4 Bytes [28, E2, 3D, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtSetInformationThread + B 77DB66E3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtUnmapViewOfSection + 6 77DB69FE 4 Bytes [68, E3, 3D, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtUnmapViewOfSection + B 77DB6A03 1 Byte [E2] .text C:\Users\Czarek\AppData\Roaming\Spotify\spotify.exe[3048] ntdll.dll!DbgBreakPoint 77DA4108 1 Byte [C3] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtCreateFile + 6 77DB560E 4 Bytes [28, 9C, 85, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtCreateFile + B 77DB5613 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtMapViewOfSection + 6 77DB5C6E 4 Bytes [28, 9F, 85, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtMapViewOfSection + B 77DB5C73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenFile + 6 77DB5D1E 4 Bytes [68, 9C, 85, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenFile + B 77DB5D23 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenProcess + 6 77DB5DCE 4 Bytes [A8, 9D, 85, 00] {TEST AL, 0x9d; TEST [EAX], EAX} .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenProcess + B 77DB5DD3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenProcessToken + B 77DB5DE3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DEE 4 Bytes [A8, 9E, 85, 00] {TEST AL, 0x9e; TEST [EAX], EAX} .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DF3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenThread + 6 77DB5E4E 4 Bytes [68, 9D, 85, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenThread + B 77DB5E53 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenThreadToken + 6 77DB5E5E 4 Bytes [68, 9E, 85, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenThreadToken + B 77DB5E63 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtQueryAttributesFile + 6 77DB5F7E 4 Bytes [A8, 9C, 85, 00] {TEST AL, 0x9c; TEST [EAX], EAX} .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtQueryAttributesFile + B 77DB5F83 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtQueryFullAttributesFile + B 77DB6033 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtSetInformationFile + 6 77DB667E 4 Bytes [28, 9D, 85, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtSetInformationFile + B 77DB6683 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtSetInformationThread + 6 77DB66DE 4 Bytes [28, 9E, 85, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtSetInformationThread + B 77DB66E3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtUnmapViewOfSection + 6 77DB69FE 4 Bytes [68, 9F, 85, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtUnmapViewOfSection + B 77DB6A03 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtCreateFile + 6 77DB560E 4 Bytes [28, D0, 49, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtCreateFile + B 77DB5613 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtMapViewOfSection + 6 77DB5C6E 4 Bytes [28, D3, 49, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtMapViewOfSection + B 77DB5C73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenFile + 6 77DB5D1E 4 Bytes [68, D0, 49, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenFile + B 77DB5D23 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenProcess + 6 77DB5DCE 4 Bytes [A8, D1, 49, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenProcess + B 77DB5DD3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenProcessToken + B 77DB5DE3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DEE 4 Bytes [A8, D2, 49, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DF3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenThread + 6 77DB5E4E 4 Bytes [68, D1, 49, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenThread + B 77DB5E53 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenThreadToken + 6 77DB5E5E 4 Bytes [68, D2, 49, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenThreadToken + B 77DB5E63 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtQueryAttributesFile + 6 77DB5F7E 4 Bytes [A8, D0, 49, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtQueryAttributesFile + B 77DB5F83 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtQueryFullAttributesFile + B 77DB6033 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtSetInformationFile + 6 77DB667E 4 Bytes [28, D1, 49, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtSetInformationFile + B 77DB6683 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtSetInformationThread + 6 77DB66DE 4 Bytes [28, D2, 49, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtSetInformationThread + B 77DB66E3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtUnmapViewOfSection + 6 77DB69FE 4 Bytes [68, D3, 49, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtUnmapViewOfSection + B 77DB6A03 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtCreateFile + 6 77DB560E 4 Bytes [28, 2C, C1, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtCreateFile + B 77DB5613 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtMapViewOfSection + 6 77DB5C6E 4 Bytes [28, 2F, C1, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtMapViewOfSection + B 77DB5C73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenFile + 6 77DB5D1E 4 Bytes [68, 2C, C1, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenFile + B 77DB5D23 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcess + 6 77DB5DCE 4 Bytes [A8, 2D, C1, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcess + B 77DB5DD3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcessToken + B 77DB5DE3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DEE 4 Bytes [A8, 2E, C1, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DF3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThread + 6 77DB5E4E 4 Bytes [68, 2D, C1, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThread + B 77DB5E53 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThreadToken + 6 77DB5E5E 4 Bytes [68, 2E, C1, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThreadToken + B 77DB5E63 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtQueryAttributesFile + 6 77DB5F7E 4 Bytes [A8, 2C, C1, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtQueryAttributesFile + B 77DB5F83 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtQueryFullAttributesFile + B 77DB6033 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtSetInformationFile + 6 77DB667E 4 Bytes [28, 2D, C1, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtSetInformationFile + B 77DB6683 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtSetInformationThread + 6 77DB66DE 4 Bytes [28, 2E, C1, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtSetInformationThread + B 77DB66E3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtUnmapViewOfSection + 6 77DB69FE 4 Bytes [68, 2F, C1, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtUnmapViewOfSection + B 77DB6A03 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtCreateFile + 6 77DB560E 4 Bytes [28, 60, C4, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtCreateFile + B 77DB5613 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtMapViewOfSection + 6 77DB5C6E 4 Bytes [28, 63, C4, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtMapViewOfSection + B 77DB5C73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenFile + 6 77DB5D1E 4 Bytes [68, 60, C4, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenFile + B 77DB5D23 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenProcess + 6 77DB5DCE 4 Bytes [A8, 61, C4, 00] {TEST AL, 0x61; LES EAX, [EAX]} .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenProcess + B 77DB5DD3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenProcessToken + B 77DB5DE3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DEE 4 Bytes [A8, 62, C4, 00] {TEST AL, 0x62; LES EAX, [EAX]} .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DF3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenThread + 6 77DB5E4E 4 Bytes [68, 61, C4, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenThread + B 77DB5E53 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenThreadToken + 6 77DB5E5E 4 Bytes [68, 62, C4, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenThreadToken + B 77DB5E63 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtQueryAttributesFile + 6 77DB5F7E 4 Bytes [A8, 60, C4, 00] {TEST AL, 0x60; LES EAX, [EAX]} .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtQueryAttributesFile + B 77DB5F83 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtQueryFullAttributesFile + B 77DB6033 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtSetInformationFile + 6 77DB667E 4 Bytes [28, 61, C4, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtSetInformationFile + B 77DB6683 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtSetInformationThread + 6 77DB66DE 4 Bytes [28, 62, C4, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtSetInformationThread + B 77DB66E3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtUnmapViewOfSection + 6 77DB69FE 4 Bytes [68, 63, C4, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtUnmapViewOfSection + B 77DB6A03 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtCreateFile + 6 77DB560E 4 Bytes [28, A4, 69, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtCreateFile + B 77DB5613 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtMapViewOfSection + 6 77DB5C6E 4 Bytes [28, A7, 69, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtMapViewOfSection + B 77DB5C73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtOpenFile + 6 77DB5D1E 4 Bytes [68, A4, 69, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtOpenFile + B 77DB5D23 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtOpenProcess + 6 77DB5DCE 4 Bytes [A8, A5, 69, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtOpenProcess + B 77DB5DD3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtOpenProcessToken + B 77DB5DE3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DEE 4 Bytes [A8, A6, 69, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DF3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtOpenThread + 6 77DB5E4E 4 Bytes [68, A5, 69, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtOpenThread + B 77DB5E53 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtOpenThreadToken + 6 77DB5E5E 4 Bytes [68, A6, 69, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtOpenThreadToken + B 77DB5E63 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtQueryAttributesFile + 6 77DB5F7E 4 Bytes [A8, A4, 69, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtQueryAttributesFile + B 77DB5F83 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtQueryFullAttributesFile + B 77DB6033 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtSetInformationFile + 6 77DB667E 4 Bytes [28, A5, 69, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtSetInformationFile + B 77DB6683 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtSetInformationThread + 6 77DB66DE 4 Bytes [28, A6, 69, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtSetInformationThread + B 77DB66E3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtUnmapViewOfSection + 6 77DB69FE 4 Bytes [68, A7, 69, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5228] ntdll.dll!NtUnmapViewOfSection + B 77DB6A03 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtCreateFile + 6 77DB560E 4 Bytes [28, 78, 52, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtCreateFile + B 77DB5613 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtMapViewOfSection + 6 77DB5C6E 4 Bytes [28, 7B, 52, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtMapViewOfSection + B 77DB5C73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenFile + 6 77DB5D1E 4 Bytes [68, 78, 52, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenFile + B 77DB5D23 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenProcess + 6 77DB5DCE 4 Bytes [A8, 79, 52, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenProcess + B 77DB5DD3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenProcessToken + B 77DB5DE3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DEE 4 Bytes [A8, 7A, 52, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DF3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenThread + 6 77DB5E4E 4 Bytes [68, 79, 52, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenThread + B 77DB5E53 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenThreadToken + 6 77DB5E5E 4 Bytes [68, 7A, 52, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenThreadToken + B 77DB5E63 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtQueryAttributesFile + 6 77DB5F7E 4 Bytes [A8, 78, 52, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtQueryAttributesFile + B 77DB5F83 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtQueryFullAttributesFile + B 77DB6033 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtSetInformationFile + 6 77DB667E 4 Bytes [28, 79, 52, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtSetInformationFile + B 77DB6683 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtSetInformationThread + 6 77DB66DE 4 Bytes [28, 7A, 52, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtSetInformationThread + B 77DB66E3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtUnmapViewOfSection + 6 77DB69FE 4 Bytes [68, 7B, 52, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtUnmapViewOfSection + B 77DB6A03 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtCreateFile + 6 77DB560E 4 Bytes CALL 5ADA56BC .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtCreateFile + B 77DB5613 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtMapViewOfSection + 6 77DB5C6E 4 Bytes [28, EB, A9, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtMapViewOfSection + B 77DB5C73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtOpenFile + 6 77DB5D1E 4 Bytes CALL 5ADA5DCC .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtOpenFile + B 77DB5D23 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtOpenProcess + 6 77DB5DCE 4 Bytes JMP 5ADA5E7C .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtOpenProcess + B 77DB5DD3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtOpenProcessToken + B 77DB5DE3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DEE 4 Bytes JMP E2FF00A9 .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DF3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtOpenThread + 6 77DB5E4E 4 Bytes JMP 5ADA5EFC .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtOpenThread + B 77DB5E53 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtOpenThreadToken + 6 77DB5E5E 4 Bytes JMP E2FF00A9 .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtOpenThreadToken + B 77DB5E63 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtQueryAttributesFile + 6 77DB5F7E 4 Bytes CALL 5ADA602C .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtQueryAttributesFile + B 77DB5F83 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtQueryFullAttributesFile + B 77DB6033 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtSetInformationFile + 6 77DB667E 4 Bytes JMP 5ADA672C .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtSetInformationFile + B 77DB6683 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtSetInformationThread + 6 77DB66DE 4 Bytes JMP E2FF00A9 .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtSetInformationThread + B 77DB66E3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtUnmapViewOfSection + 6 77DB69FE 4 Bytes [68, EB, A9, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6312] ntdll.dll!NtUnmapViewOfSection + B 77DB6A03 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtCreateFile + 6 77DB560E 4 Bytes [28, 8C, C7, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtCreateFile + B 77DB5613 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtMapViewOfSection + 6 77DB5C6E 4 Bytes [28, 8F, C7, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtMapViewOfSection + B 77DB5C73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtOpenFile + 6 77DB5D1E 4 Bytes [68, 8C, C7, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtOpenFile + B 77DB5D23 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtOpenProcess + 6 77DB5DCE 4 Bytes [A8, 8D, C7, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtOpenProcess + B 77DB5DD3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtOpenProcessToken + B 77DB5DE3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DEE 4 Bytes [A8, 8E, C7, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DF3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtOpenThread + 6 77DB5E4E 4 Bytes [68, 8D, C7, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtOpenThread + B 77DB5E53 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtOpenThreadToken + 6 77DB5E5E 4 Bytes [68, 8E, C7, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtOpenThreadToken + B 77DB5E63 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtQueryAttributesFile + 6 77DB5F7E 4 Bytes [A8, 8C, C7, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtQueryAttributesFile + B 77DB5F83 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtQueryFullAttributesFile + B 77DB6033 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtSetInformationFile + 6 77DB667E 4 Bytes [28, 8D, C7, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtSetInformationFile + B 77DB6683 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtSetInformationThread + 6 77DB66DE 4 Bytes [28, 8E, C7, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtSetInformationThread + B 77DB66E3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtUnmapViewOfSection + 6 77DB69FE 4 Bytes [68, 8F, C7, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6520] ntdll.dll!NtUnmapViewOfSection + B 77DB6A03 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtCreateFile + 6 77DB560E 4 Bytes [28, F4, 0C, 01] {SUB AH, DH; OR AL, 0x1} .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtCreateFile + B 77DB5613 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtMapViewOfSection + 6 77DB5C6E 4 Bytes [28, F7, 0C, 01] {SUB BH, DH; OR AL, 0x1} .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtMapViewOfSection + B 77DB5C73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtOpenFile + 6 77DB5D1E 4 Bytes [68, F4, 0C, 01] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtOpenFile + B 77DB5D23 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtOpenProcess + 6 77DB5DCE 4 Bytes [A8, F5, 0C, 01] {TEST AL, 0xf5; OR AL, 0x1} .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtOpenProcess + B 77DB5DD3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtOpenProcessToken + B 77DB5DE3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DEE 4 Bytes [A8, F6, 0C, 01] {TEST AL, 0xf6; OR AL, 0x1} .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DF3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtOpenThread + 6 77DB5E4E 4 Bytes [68, F5, 0C, 01] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtOpenThread + B 77DB5E53 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtOpenThreadToken + 6 77DB5E5E 4 Bytes [68, F6, 0C, 01] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtOpenThreadToken + B 77DB5E63 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtQueryAttributesFile + 6 77DB5F7E 4 Bytes [A8, F4, 0C, 01] {TEST AL, 0xf4; OR AL, 0x1} .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtQueryAttributesFile + B 77DB5F83 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtQueryFullAttributesFile + B 77DB6033 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtSetInformationFile + 6 77DB667E 4 Bytes [28, F5, 0C, 01] {SUB CH, DH; OR AL, 0x1} .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtSetInformationFile + B 77DB6683 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtSetInformationThread + 6 77DB66DE 4 Bytes [28, F6, 0C, 01] {SUB DH, DH; OR AL, 0x1} .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtSetInformationThread + B 77DB66E3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtUnmapViewOfSection + 6 77DB69FE 4 Bytes [68, F7, 0C, 01] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[6588] ntdll.dll!NtUnmapViewOfSection + B 77DB6A03 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtCreateFile + 6 77DB560E 4 Bytes [28, 78, C8, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtCreateFile + B 77DB5613 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtMapViewOfSection + 6 77DB5C6E 4 Bytes [28, 7B, C8, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtMapViewOfSection + B 77DB5C73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtOpenFile + 6 77DB5D1E 4 Bytes [68, 78, C8, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtOpenFile + B 77DB5D23 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtOpenProcess + 6 77DB5DCE 4 Bytes [A8, 79, C8, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtOpenProcess + B 77DB5DD3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtOpenProcessToken + B 77DB5DE3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DEE 4 Bytes [A8, 7A, C8, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DF3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtOpenThread + 6 77DB5E4E 4 Bytes [68, 79, C8, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtOpenThread + B 77DB5E53 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtOpenThreadToken + 6 77DB5E5E 4 Bytes [68, 7A, C8, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtOpenThreadToken + B 77DB5E63 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtQueryAttributesFile + 6 77DB5F7E 4 Bytes [A8, 78, C8, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtQueryAttributesFile + B 77DB5F83 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtQueryFullAttributesFile + B 77DB6033 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtSetInformationFile + 6 77DB667E 4 Bytes [28, 79, C8, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtSetInformationFile + B 77DB6683 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtSetInformationThread + 6 77DB66DE 4 Bytes [28, 7A, C8, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtSetInformationThread + B 77DB66E3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtUnmapViewOfSection + 6 77DB69FE 4 Bytes [68, 7B, C8, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7176] ntdll.dll!NtUnmapViewOfSection + B 77DB6A03 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtCreateFile + 6 77DB560E 4 Bytes [28, C8, BB, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtCreateFile + B 77DB5613 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtMapViewOfSection + 6 77DB5C6E 4 Bytes [28, CB, BB, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtMapViewOfSection + B 77DB5C73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtOpenFile + 6 77DB5D1E 4 Bytes [68, C8, BB, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtOpenFile + B 77DB5D23 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtOpenProcess + 6 77DB5DCE 4 Bytes [A8, C9, BB, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtOpenProcess + B 77DB5DD3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtOpenProcessToken + B 77DB5DE3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DEE 4 Bytes [A8, CA, BB, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DF3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtOpenThread + 6 77DB5E4E 4 Bytes [68, C9, BB, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtOpenThread + B 77DB5E53 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtOpenThreadToken + 6 77DB5E5E 4 Bytes [68, CA, BB, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtOpenThreadToken + B 77DB5E63 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtQueryAttributesFile + 6 77DB5F7E 4 Bytes [A8, C8, BB, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtQueryAttributesFile + B 77DB5F83 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtQueryFullAttributesFile + B 77DB6033 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtSetInformationFile + 6 77DB667E 4 Bytes [28, C9, BB, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtSetInformationFile + B 77DB6683 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtSetInformationThread + 6 77DB66DE 4 Bytes [28, CA, BB, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtSetInformationThread + B 77DB66E3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtUnmapViewOfSection + 6 77DB69FE 4 Bytes [68, CB, BB, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7384] ntdll.dll!NtUnmapViewOfSection + B 77DB6A03 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtCreateFile + 6 77DB560E 4 Bytes [28, 34, B4, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtCreateFile + B 77DB5613 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtMapViewOfSection + 6 77DB5C6E 4 Bytes [28, 37, B4, 00] {SUB [EDI], DH; MOV AH, 0x0} .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtMapViewOfSection + B 77DB5C73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtOpenFile + 6 77DB5D1E 4 Bytes [68, 34, B4, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtOpenFile + B 77DB5D23 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtOpenProcess + 6 77DB5DCE 4 Bytes [A8, 35, B4, 00] {TEST AL, 0x35; MOV AH, 0x0} .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtOpenProcess + B 77DB5DD3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtOpenProcessToken + B 77DB5DE3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DEE 4 Bytes [A8, 36, B4, 00] {TEST AL, 0x36; MOV AH, 0x0} .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DF3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtOpenThread + 6 77DB5E4E 4 Bytes [68, 35, B4, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtOpenThread + B 77DB5E53 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtOpenThreadToken + 6 77DB5E5E 4 Bytes [68, 36, B4, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtOpenThreadToken + B 77DB5E63 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtQueryAttributesFile + 6 77DB5F7E 4 Bytes [A8, 34, B4, 00] {TEST AL, 0x34; MOV AH, 0x0} .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtQueryAttributesFile + B 77DB5F83 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtQueryFullAttributesFile + B 77DB6033 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtSetInformationFile + 6 77DB667E 4 Bytes [28, 35, B4, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtSetInformationFile + B 77DB6683 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtSetInformationThread + 6 77DB66DE 4 Bytes [28, 36, B4, 00] {SUB [ESI], DH; MOV AH, 0x0} .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtSetInformationThread + B 77DB66E3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtUnmapViewOfSection + 6 77DB69FE 4 Bytes [68, 37, B4, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7392] ntdll.dll!NtUnmapViewOfSection + B 77DB6A03 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtCreateFile + 6 77DB560E 4 Bytes [28, 54, 6E, 00] {SUB [ESI+EBP*2+0x0], DL} .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtCreateFile + B 77DB5613 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtMapViewOfSection + 6 77DB5C6E 4 Bytes [28, 57, 6E, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtMapViewOfSection + B 77DB5C73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtOpenFile + 6 77DB5D1E 4 Bytes [68, 54, 6E, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtOpenFile + B 77DB5D23 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtOpenProcess + 6 77DB5DCE 4 Bytes [A8, 55, 6E, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtOpenProcess + B 77DB5DD3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtOpenProcessToken + B 77DB5DE3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DEE 4 Bytes [A8, 56, 6E, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DF3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtOpenThread + 6 77DB5E4E 4 Bytes [68, 55, 6E, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtOpenThread + B 77DB5E53 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtOpenThreadToken + 6 77DB5E5E 4 Bytes [68, 56, 6E, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtOpenThreadToken + B 77DB5E63 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E73 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtQueryAttributesFile + 6 77DB5F7E 4 Bytes [A8, 54, 6E, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtQueryAttributesFile + B 77DB5F83 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtQueryFullAttributesFile + B 77DB6033 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtSetInformationFile + 6 77DB667E 4 Bytes [28, 55, 6E, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtSetInformationFile + B 77DB6683 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtSetInformationThread + 6 77DB66DE 4 Bytes [28, 56, 6E, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtSetInformationThread + B 77DB66E3 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtUnmapViewOfSection + 6 77DB69FE 4 Bytes [68, 57, 6E, 00] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7452] ntdll.dll!NtUnmapViewOfSection + B 77DB6A03 1 Byte [E2] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7892] ntdll.dll!NtMapViewOfSection + 6 77DB5C6E 4 Bytes [18, 10, C7, 6E] .text C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe[7892] ntdll.dll!NtMapViewOfSection + B 77DB5C73 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744F249F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744D5652] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744D5710] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [744F251A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744E857E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744E4D32] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744E50D9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744E51AE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [744E66DB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744E82D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744E8824] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744E9085] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [744EE228] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [744E4C64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 84F4F1E8 Device \Driver\usbehci \Device\USBPDO-0 859721E8 Device \Driver\usbehci \Device\USBPDO-1 859721E8 Device \Driver\cdrom \Device\CdRom0 856D91E8 Device \Driver\PCI_PNP6722 \Device\00000065 sptd.sys Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84F4D1E8 Device \Driver\atapi \Device\Ide\IdePort0 84F4D1E8 Device \Driver\atapi \Device\Ide\IdePort1 84F4D1E8 Device \Driver\atapi \Device\Ide\IdePort2 84F4D1E8 Device \Driver\atapi \Device\Ide\IdePort3 84F4D1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 84F4D1E8 Device \Driver\cdrom \Device\CdRom1 856D91E8 Device \Driver\cdrom \Device\CdRom2 856D91E8 Device \Driver\cdrom \Device\CdRom3 856D91E8 Device \Driver\dtsoftbus01 \Device\00000077 856B5430 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl 856B5430 Device \Driver\NetBT \Device\NetBt_Wins_Export 857C21E8 Device \Driver\dtsoftbus01 \Device\00000078 856B5430 Device \Driver\usbehci \Device\USBFDO-0 859721E8 Device \Driver\usbehci \Device\USBFDO-1 859721E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{33543BCF-3FD4-4E9B-AD8C-8588FD6841B1} 857C21E8 Device \Driver\a81zfufe \Device\Scsi\a81zfufe1Port4Path0Target0Lun0 859761E8 Device \Driver\a81zfufe \Device\Scsi\a81zfufe1 859761E8 Device \FileSystem\cdfs \Cdfs 86946430 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84f4d1e8]<< 84f4d1e8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85508030] 85508030 Trace 3 CLASSPNP.SYS[8bac359e] -> nt!IofCallDriver -> [0x84fdadf0] 84fdadf0 Trace 5 ACPI.sys[8b36e3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84fe9908] 84fe9908 Trace \Driver\atapi[0x84fdc030] -> IRP_MJ_CREATE -> 0x84f4d1e8 84f4d1e8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7C 0x6C 0x81 0x81 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9A 0x12 0x5A 0x84 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB9 0x18 0x70 0x7D ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDB 0x5C 0xA2 0x23 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7C 0x6C 0x81 0x81 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9A 0x12 0x5A 0x84 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB9 0x18 0x70 0x7D ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF0 0x57 0x51 0x46 ... Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{9C9F2AFD-FF53-11E0-8130-806E6F6E6963} 19265227960 ---- EOF - GMER 2.1 ----