GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-08-24 17:31:44 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST980813AS rev.3.ADC 74,53GB Running: snj932mt.exe; Driver: C:\DOCUME~1\Bodek\USTAWI~1\Temp\kfxyypob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xA8C26BA6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xA8C27684] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xA8C6BD80] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xA8C336F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xA8C33744] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xA8C338DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xA8C6B734] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xA8C33666] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xA8C33788] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xA8C336AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xA8C27BBA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xA8C33898] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xA8C28472] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xA8C26C0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xA8C6C446] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xA8C6C6FC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xA8C2BC68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xA8C6C2B1] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xA8C6C11C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xA8C267F8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xA8F1AED0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xA8C26C72] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xA8C2C05E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xA8C28F5A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xA8C33722] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xA8C33766] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xA8C33902] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xA8C6BA90] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xA8C3368C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xA8C2B560] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xA8C33816] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xA8C336D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xA8C2B94C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xA8C338BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xA8F1AC6E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xA8C6BF97] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xA8C28DCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xA8C6BDE9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xA8C28924] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xA8F28E1A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xA8C6AD77] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xA8C26CD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xA8C26D3E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xA8C282EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xA8C26892] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xA8C26A64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xA8C6C54D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xA8C269F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xA8C2863C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xA8C2879E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xA8C26AEC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xA8C2812A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xA8C282CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xA8C26DA4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xA8C276E0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2F4C 80504834 4 Bytes [E9, BD, C6, A8] .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [D8, 6C, C2, A8, 3E, 6D, C2, ...] {FSUBR DWORD [EDX+EAX*8-0x58]; INS DWORD [ES:EDI], DX; RET 0xeca8; ADD DL, 0xa8} .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [3C, 86, C2, A8, 9E, 87, C2, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL A8C2962B \SystemRoot\system32\drivers\aswSnx.sys ---- User code sections - GMER 2.1 ---- .text d:\Program Files\AVAST Software\Avast\AvastSvc.exe[120] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text d:\Program Files\AVAST Software\Avast\AvastSvc.exe[120] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text d:\Program Files\AVAST Software\Avast\AvastSvc.exe[120] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[168] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[168] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[228] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[376] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[376] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[600] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen32.exe[696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen32.exe[696] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[712] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[848] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[860] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[860] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[928] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[928] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1012] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\SCardSvr.exe[1064] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\SCardSvr.exe[1064] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe[1120] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe[1120] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1168] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1168] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1192] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1192] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 80, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 83, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 80, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 81, 39, 00] {TEST AL, 0x81; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B910F9A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 82, 39, 00] {TEST AL, 0x82; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 81, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 82, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91100B .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 80, 39, 00] {TEST AL, 0x80; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B911139 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 81, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 82, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 83, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 006201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 006203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1252] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 2C, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 2F, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 2C, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 2D, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B913646 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 2E, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 2D, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 2E, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9136B7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 2C, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9137E5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 2D, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 2E, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 2F, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 009D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1296] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1392] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 10, C4, 01] {SBB [EAX], DL; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1392] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1392] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1392] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1392] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1392] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1532] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1624] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1688] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[1780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[1780] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1788] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1872] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text D:\Program Files\AVAST Software\Avast\AvastUI.exe[1956] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\Program Files\AVAST Software\Avast\AvastUI.exe[1956] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text D:\Program Files\AVAST Software\Avast\AvastUI.exe[1956] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1964] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1988] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1988] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\DellTPad\Apoint.exe[2068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\DellTPad\Apoint.exe[2068] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2076] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text D:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2092] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Messenger\msmsgs.exe[2100] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Messenger\msmsgs.exe[2100] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2120] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2120] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2120] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 10053C10 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2120] USER32.dll!SetWindowRgn + 2BD 7E37E7E5 7 Bytes JMP 10053AC0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2120] USER32.dll!SetClipboardData + 19D 7E38113B 7 Bytes JMP 10053BF0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2120] USER32.dll!MessageBoxA + 49 7E3A0833 7 Bytes JMP 10053CE0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2120] USER32.dll!MessageBoxExW + 1F 7E3A0857 7 Bytes JMP 10053D30 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2120] USER32.dll!MessageBoxTimeoutA + CA 7E3B64D0 7 Bytes JMP 10053C60 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\DellTPad\ApMsgFwd.exe[2124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\DellTPad\ApMsgFwd.exe[2124] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\CCleaner\CCleaner.exe[2148] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\CCleaner\CCleaner.exe[2148] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2180] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2180] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Bodek\Ustawienia lokalne\Apps\2.0\YK4V1ACT.5VT\03VCNX9O.R92\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe[2188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Bodek\Ustawienia lokalne\Apps\2.0\YK4V1ACT.5VT\03VCNX9O.R92\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe[2188] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, CC, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, CF, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, CC, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, CD, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91BEE6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, CE, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, CD, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, CE, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91BF57 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, CC, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91C085 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, CD, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, CE, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, CF, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 012601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 012603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2232] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text D:\PROGRA~1\MICROS~2\rapimgr.exe[2236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\PROGRA~1\MICROS~2\rapimgr.exe[2236] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\DellTPad\HidFind.exe[2240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\DellTPad\HidFind.exe[2240] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\DellTPad\Apntex.exe[2312] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\DellTPad\Apntex.exe[2312] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[2364] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[2364] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[2432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[2432] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2580] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[2588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[2588] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2744] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2868] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2868] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2884] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2884] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2896] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[3032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[3032] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[3040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[3040] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[3224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[3224] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[3748] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[3748] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3936] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3936] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3988] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3988] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4024] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4024] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 58, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 5B, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 58, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 59, 28, 00] {TEST AL, 0x59; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90FE72 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 5A, 28, 00] {TEST AL, 0x5a; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 59, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 5A, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90FEE3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 58, 28, 00] {TEST AL, 0x58; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910011 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 59, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 5A, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 5B, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 007403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 3C, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 3F, 3B, 00] {SUB [EDI], BH; CMP EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 3C, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 3D, 3B, 00] {TEST AL, 0x3d; CMP EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B911156 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 3E, 3B, 00] {TEST AL, 0x3e; CMP EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 3D, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 3E, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9111C7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 3C, 3B, 00] {TEST AL, 0x3c; CMP EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9112F5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 3D, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 3E, 3B, 00] {SUB [ESI], BH; CMP EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 3F, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 008701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 008703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 94, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 97, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 94, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 95, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9105AE .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 96, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 95, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 96, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91061F .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 94, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91074D .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 95, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 96, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 97, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4828] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, F4, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, F7, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, F4, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, F5, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B919F0E .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, F6, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, F5, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, F6, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B919F7F .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, F4, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A0AD .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, F5, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, F6, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, F7, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 010601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 010603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4840] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 0C, 6A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 0F, 6A, 00] {SUB [EDI], CL; PUSH 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 0C, 6A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 0D, 6A, 00] {TEST AL, 0xd; PUSH 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B914026 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 0E, 6A, 00] {TEST AL, 0xe; PUSH 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 0D, 6A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 0E, 6A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B914097 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 0C, 6A, 00] {TEST AL, 0xc; PUSH 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9141C5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 0D, 6A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 0E, 6A, 00] {SUB [ESI], CL; PUSH 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 0F, 6A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00A803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4852] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Bodek\Moje dokumenty\Downloads\snj932mt.exe[5192] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Bodek\Moje dokumenty\Downloads\snj932mt.exe[5192] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[1240] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[1240] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\tosrfbd\CurrentSetup@Authentication_Enable 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\tosrfbd\CurrentSetup@Encryption_Mode 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\tosrfbd\NewSetup@Authentication_Enable 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\tosrfbd\NewSetup@Encryption_Mode 0 ---- EOF - GMER 2.1 ----