GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-08-16 13:20:47 Windows 6.1.7601 Service Pack 1 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD1600AAJS-07PSA0 rev.05.06H05 149,05GB Running: 48exxb0m.exe; Driver: C:\Users\Kowal\AppData\Local\Temp\awrdykog.sys ---- System - GMER 2.1 ---- SSDT 807FC076 ZwCreateSection SSDT 807FC080 ZwRequestWaitReplyPort SSDT 807FC07B ZwSetContextThread SSDT 807FC085 ZwSetSecurityObject SSDT 807FC08A ZwSystemDebugControl SSDT 807FC017 ZwTerminateProcess ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwRollbackEnlistment + 1409 82C7C9A5 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C9C512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 14BF 82CA3AB4 4 Bytes [76, C0, 7F, 80] {JBE 0xffffffc2; JG 0xffffff84} .text ntoskrnl.exe!KeRemoveQueueEx + 181B 82CA3E10 4 Bytes [80, C0, 7F, 80] .text ntoskrnl.exe!KeRemoveQueueEx + 185F 82CA3E54 4 Bytes [7B, C0, 7F, 80] {JNP 0xffffffc2; JG 0xffffff84} .text ntoskrnl.exe!KeRemoveQueueEx + 18DB 82CA3ED0 4 Bytes [85, C0, 7F, 80] {TEST EAX, EAX; JG 0xffffff84} .text ntoskrnl.exe!KeRemoveQueueEx + 192F 82CA3F24 4 Bytes [8A, C0, 7F, 80] {MOV AL, AL; JG 0xffffff84} .text ... ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[508] ntdll.dll!NtMapViewOfSection + 6 773E5C6E 4 Bytes [18, 10, B1, 73] {SBB [EAX], DL; MOV CL, 0x73} .text C:\Program Files\Google\Chrome\Application\chrome.exe[508] ntdll.dll!NtMapViewOfSection + B 773E5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtCreateFile + 6 773E560E 4 Bytes [28, 58, 0A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtCreateFile + B 773E5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtMapViewOfSection + 6 773E5C6E 4 Bytes [28, 5B, 0A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtMapViewOfSection + B 773E5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenFile + 6 773E5D1E 4 Bytes [68, 58, 0A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenFile + B 773E5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenProcess + 6 773E5DCE 4 Bytes [A8, 59, 0A, 00] {TEST AL, 0x59; OR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenProcess + B 773E5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenProcessToken + B 773E5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenProcessTokenEx + 6 773E5DEE 4 Bytes [A8, 5A, 0A, 00] {TEST AL, 0x5a; OR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenProcessTokenEx + B 773E5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenThread + 6 773E5E4E 4 Bytes [68, 59, 0A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenThread + B 773E5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenThreadToken + 6 773E5E5E 4 Bytes [68, 5A, 0A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenThreadToken + B 773E5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenThreadTokenEx + B 773E5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtQueryAttributesFile + 6 773E5F7E 4 Bytes [A8, 58, 0A, 00] {TEST AL, 0x58; OR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtQueryAttributesFile + B 773E5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtQueryFullAttributesFile + B 773E6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtSetInformationFile + 6 773E667E 4 Bytes [28, 59, 0A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtSetInformationFile + B 773E6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtSetInformationThread + 6 773E66DE 4 Bytes [28, 5A, 0A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtSetInformationThread + B 773E66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtUnmapViewOfSection + 6 773E69FE 4 Bytes [68, 5B, 0A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtUnmapViewOfSection + B 773E6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtCreateFile + 6 773E560E 4 Bytes [28, 3C, 8D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtCreateFile + B 773E5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtMapViewOfSection + 6 773E5C6E 4 Bytes [28, 3F, 8D, 00] {SUB [EDI], BH; LEA EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtMapViewOfSection + B 773E5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtOpenFile + 6 773E5D1E 4 Bytes [68, 3C, 8D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtOpenFile + B 773E5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtOpenProcess + 6 773E5DCE 4 Bytes [A8, 3D, 8D, 00] {TEST AL, 0x3d; LEA EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtOpenProcess + B 773E5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtOpenProcessToken + B 773E5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtOpenProcessTokenEx + 6 773E5DEE 4 Bytes [A8, 3E, 8D, 00] {TEST AL, 0x3e; LEA EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtOpenProcessTokenEx + B 773E5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtOpenThread + 6 773E5E4E 4 Bytes [68, 3D, 8D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtOpenThread + B 773E5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtOpenThreadToken + 6 773E5E5E 4 Bytes [68, 3E, 8D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtOpenThreadToken + B 773E5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtOpenThreadTokenEx + B 773E5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtQueryAttributesFile + 6 773E5F7E 4 Bytes [A8, 3C, 8D, 00] {TEST AL, 0x3c; LEA EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtQueryAttributesFile + B 773E5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtQueryFullAttributesFile + B 773E6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtSetInformationFile + 6 773E667E 4 Bytes [28, 3D, 8D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtSetInformationFile + B 773E6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtSetInformationThread + 6 773E66DE 4 Bytes [28, 3E, 8D, 00] {SUB [ESI], BH; LEA EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtSetInformationThread + B 773E66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtUnmapViewOfSection + 6 773E69FE 4 Bytes [68, 3F, 8D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1508] ntdll.dll!NtUnmapViewOfSection + B 773E6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtCreateFile + 6 773E560E 4 Bytes [28, 80, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtCreateFile + B 773E5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtMapViewOfSection + 6 773E5C6E 4 Bytes [28, 83, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtMapViewOfSection + B 773E5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenFile + 6 773E5D1E 4 Bytes [68, 80, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenFile + B 773E5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenProcess + 6 773E5DCE 4 Bytes [A8, 81, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenProcess + B 773E5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenProcessToken + B 773E5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenProcessTokenEx + 6 773E5DEE 4 Bytes [A8, 82, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenProcessTokenEx + B 773E5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenThread + 6 773E5E4E 4 Bytes [68, 81, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenThread + B 773E5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenThreadToken + 6 773E5E5E 4 Bytes [68, 82, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenThreadToken + B 773E5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenThreadTokenEx + B 773E5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtQueryAttributesFile + 6 773E5F7E 4 Bytes [A8, 80, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtQueryAttributesFile + B 773E5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtQueryFullAttributesFile + B 773E6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtSetInformationFile + 6 773E667E 4 Bytes [28, 81, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtSetInformationFile + B 773E6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtSetInformationThread + 6 773E66DE 4 Bytes [28, 82, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtSetInformationThread + B 773E66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtUnmapViewOfSection + 6 773E69FE 4 Bytes [68, 83, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtUnmapViewOfSection + B 773E6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtCreateFile + 6 773E560E 4 Bytes [28, 5C, 06, 01] {SUB [ESI+EAX+0x1], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtCreateFile + B 773E5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtMapViewOfSection + 6 773E5C6E 4 Bytes [28, 5F, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtMapViewOfSection + B 773E5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenFile + 6 773E5D1E 4 Bytes [68, 5C, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenFile + B 773E5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcess + 6 773E5DCE 4 Bytes [A8, 5D, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcess + B 773E5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcessToken + B 773E5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcessTokenEx + 6 773E5DEE 4 Bytes [A8, 5E, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcessTokenEx + B 773E5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThread + 6 773E5E4E 4 Bytes [68, 5D, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThread + B 773E5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThreadToken + 6 773E5E5E 4 Bytes [68, 5E, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThreadToken + B 773E5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThreadTokenEx + B 773E5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtQueryAttributesFile + 6 773E5F7E 4 Bytes [A8, 5C, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtQueryAttributesFile + B 773E5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtQueryFullAttributesFile + B 773E6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtSetInformationFile + 6 773E667E 4 Bytes [28, 5D, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtSetInformationFile + B 773E6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtSetInformationThread + 6 773E66DE 4 Bytes [28, 5E, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtSetInformationThread + B 773E66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtUnmapViewOfSection + 6 773E69FE 4 Bytes [68, 5F, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtUnmapViewOfSection + B 773E6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtCreateFile + 6 773E560E 4 Bytes [28, 34, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtCreateFile + B 773E5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtMapViewOfSection + 6 773E5C6E 4 Bytes [28, 37, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtMapViewOfSection + B 773E5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenFile + 6 773E5D1E 4 Bytes [68, 34, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenFile + B 773E5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenProcess + 6 773E5DCE 4 Bytes [A8, 35, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenProcess + B 773E5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenProcessToken + B 773E5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenProcessTokenEx + 6 773E5DEE 4 Bytes [A8, 36, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenProcessTokenEx + B 773E5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenThread + 6 773E5E4E 4 Bytes [68, 35, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenThread + B 773E5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenThreadToken + 6 773E5E5E 4 Bytes [68, 36, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenThreadToken + B 773E5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenThreadTokenEx + B 773E5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtQueryAttributesFile + 6 773E5F7E 4 Bytes [A8, 34, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtQueryAttributesFile + B 773E5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtQueryFullAttributesFile + B 773E6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtSetInformationFile + 6 773E667E 4 Bytes [28, 35, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtSetInformationFile + B 773E6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtSetInformationThread + 6 773E66DE 4 Bytes [28, 36, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtSetInformationThread + B 773E66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtUnmapViewOfSection + 6 773E69FE 4 Bytes [68, 37, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtUnmapViewOfSection + B 773E6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtCreateFile + 6 773E560E 4 Bytes [28, 08, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtCreateFile + B 773E5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtMapViewOfSection + 6 773E5C6E 4 Bytes [28, 0B, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtMapViewOfSection + B 773E5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenFile + 6 773E5D1E 4 Bytes [68, 08, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenFile + B 773E5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcess + 6 773E5DCE 4 Bytes [A8, 09, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcess + B 773E5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessToken + B 773E5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessTokenEx + 6 773E5DEE 4 Bytes [A8, 0A, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessTokenEx + B 773E5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThread + 6 773E5E4E 4 Bytes [68, 09, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThread + B 773E5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadToken + 6 773E5E5E 4 Bytes [68, 0A, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadToken + B 773E5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadTokenEx + B 773E5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryAttributesFile + 6 773E5F7E 4 Bytes [A8, 08, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryAttributesFile + B 773E5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryFullAttributesFile + B 773E6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationFile + 6 773E667E 4 Bytes [28, 09, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationFile + B 773E6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationThread + 6 773E66DE 4 Bytes [28, 0A, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationThread + B 773E66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtUnmapViewOfSection + 6 773E69FE 4 Bytes [68, 0B, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtUnmapViewOfSection + B 773E6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtCreateFile + 6 773E560E 4 Bytes [28, 90, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtCreateFile + B 773E5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtMapViewOfSection + 6 773E5C6E 4 Bytes [28, 93, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtMapViewOfSection + B 773E5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenFile + 6 773E5D1E 4 Bytes [68, 90, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenFile + B 773E5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenProcess + 6 773E5DCE 4 Bytes [A8, 91, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenProcess + B 773E5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenProcessToken + B 773E5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenProcessTokenEx + 6 773E5DEE 4 Bytes [A8, 92, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenProcessTokenEx + B 773E5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenThread + 6 773E5E4E 4 Bytes [68, 91, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenThread + B 773E5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenThreadToken + 6 773E5E5E 4 Bytes [68, 92, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenThreadToken + B 773E5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenThreadTokenEx + B 773E5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtQueryAttributesFile + 6 773E5F7E 4 Bytes [A8, 90, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtQueryAttributesFile + B 773E5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtQueryFullAttributesFile + B 773E6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtSetInformationFile + 6 773E667E 4 Bytes [28, 91, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtSetInformationFile + B 773E6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtSetInformationThread + 6 773E66DE 4 Bytes [28, 92, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtSetInformationThread + B 773E66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtUnmapViewOfSection + 6 773E69FE 4 Bytes [68, 93, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtUnmapViewOfSection + B 773E6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtCreateFile + 6 773E560E 4 Bytes [28, BC, 47, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtCreateFile + B 773E5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtMapViewOfSection + 6 773E5C6E 4 Bytes [28, BF, 47, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtMapViewOfSection + B 773E5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenFile + 6 773E5D1E 4 Bytes [68, BC, 47, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenFile + B 773E5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcess + 6 773E5DCE 4 Bytes [A8, BD, 47, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcess + B 773E5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcessToken + B 773E5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcessTokenEx + 6 773E5DEE 4 Bytes [A8, BE, 47, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcessTokenEx + B 773E5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThread + 6 773E5E4E 4 Bytes [68, BD, 47, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThread + B 773E5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThreadToken + 6 773E5E5E 4 Bytes [68, BE, 47, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThreadToken + B 773E5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThreadTokenEx + B 773E5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtQueryAttributesFile + 6 773E5F7E 4 Bytes [A8, BC, 47, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtQueryAttributesFile + B 773E5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtQueryFullAttributesFile + B 773E6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtSetInformationFile + 6 773E667E 4 Bytes [28, BD, 47, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtSetInformationFile + B 773E6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtSetInformationThread + 6 773E66DE 4 Bytes [28, BE, 47, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtSetInformationThread + B 773E66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtUnmapViewOfSection + 6 773E69FE 4 Bytes [68, BF, 47, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtUnmapViewOfSection + B 773E6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtCreateFile + 6 773E560E 4 Bytes [28, 5C, 28, 00] {SUB [EAX+EBP+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtCreateFile + B 773E5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtMapViewOfSection + 6 773E5C6E 4 Bytes [28, 5F, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtMapViewOfSection + B 773E5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenFile + 6 773E5D1E 4 Bytes [68, 5C, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenFile + B 773E5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenProcess + 6 773E5DCE 4 Bytes [A8, 5D, 28, 00] {TEST AL, 0x5d; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenProcess + B 773E5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenProcessToken + B 773E5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenProcessTokenEx + 6 773E5DEE 4 Bytes [A8, 5E, 28, 00] {TEST AL, 0x5e; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenProcessTokenEx + B 773E5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenThread + 6 773E5E4E 4 Bytes [68, 5D, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenThread + B 773E5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenThreadToken + 6 773E5E5E 4 Bytes [68, 5E, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenThreadToken + B 773E5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenThreadTokenEx + B 773E5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtQueryAttributesFile + 6 773E5F7E 4 Bytes [A8, 5C, 28, 00] {TEST AL, 0x5c; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtQueryAttributesFile + B 773E5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtQueryFullAttributesFile + B 773E6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtSetInformationFile + 6 773E667E 4 Bytes [28, 5D, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtSetInformationFile + B 773E6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtSetInformationThread + 6 773E66DE 4 Bytes [28, 5E, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtSetInformationThread + B 773E66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtUnmapViewOfSection + 6 773E69FE 4 Bytes [68, 5F, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtUnmapViewOfSection + B 773E6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtCreateFile + 6 773E560E 4 Bytes [28, 34, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtCreateFile + B 773E5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtMapViewOfSection + 6 773E5C6E 4 Bytes [28, 37, E7, 00] {SUB [EDI], DH; OUT 0x0, EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtMapViewOfSection + B 773E5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenFile + 6 773E5D1E 4 Bytes [68, 34, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenFile + B 773E5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenProcess + 6 773E5DCE 4 Bytes [A8, 35, E7, 00] {TEST AL, 0x35; OUT 0x0, EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenProcess + B 773E5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenProcessToken + B 773E5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenProcessTokenEx + 6 773E5DEE 4 Bytes [A8, 36, E7, 00] {TEST AL, 0x36; OUT 0x0, EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenProcessTokenEx + B 773E5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenThread + 6 773E5E4E 4 Bytes [68, 35, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenThread + B 773E5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenThreadToken + 6 773E5E5E 4 Bytes [68, 36, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenThreadToken + B 773E5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenThreadTokenEx + B 773E5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtQueryAttributesFile + 6 773E5F7E 4 Bytes [A8, 34, E7, 00] {TEST AL, 0x34; OUT 0x0, EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtQueryAttributesFile + B 773E5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtQueryFullAttributesFile + B 773E6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtSetInformationFile + 6 773E667E 4 Bytes [28, 35, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtSetInformationFile + B 773E6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtSetInformationThread + 6 773E66DE 4 Bytes [28, 36, E7, 00] {SUB [ESI], DH; OUT 0x0, EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtSetInformationThread + B 773E66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtUnmapViewOfSection + 6 773E69FE 4 Bytes [68, 37, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtUnmapViewOfSection + B 773E6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtCreateFile + 6 773E560E 4 Bytes [28, C8, A7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtCreateFile + B 773E5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtMapViewOfSection + 6 773E5C6E 4 Bytes [28, CB, A7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtMapViewOfSection + B 773E5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenFile + 6 773E5D1E 4 Bytes [68, C8, A7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenFile + B 773E5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcess + 6 773E5DCE 4 Bytes [A8, C9, A7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcess + B 773E5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessToken + B 773E5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessTokenEx + 6 773E5DEE 4 Bytes [A8, CA, A7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessTokenEx + B 773E5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThread + 6 773E5E4E 4 Bytes [68, C9, A7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThread + B 773E5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadToken + 6 773E5E5E 4 Bytes [68, CA, A7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadToken + B 773E5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadTokenEx + B 773E5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryAttributesFile + 6 773E5F7E 4 Bytes [A8, C8, A7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryAttributesFile + B 773E5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryFullAttributesFile + B 773E6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationFile + 6 773E667E 4 Bytes [28, C9, A7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationFile + B 773E6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationThread + 6 773E66DE 4 Bytes [28, CA, A7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationThread + B 773E66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtUnmapViewOfSection + 6 773E69FE 4 Bytes [68, CB, A7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtUnmapViewOfSection + B 773E6A03 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0A 0xAE 0x2D 0x8A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x24 0xEF 0x1D 0x2A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEE 0xF0 0x49 0x4D ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0A 0xAE 0x2D 0x8A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x24 0xEF 0x1D 0x2A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEE 0xF0 0x49 0x4D ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... ---- EOF - GMER 2.1 ----