GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-12-13 11:15:50 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0 232,89GB Running: m57g1hli.exe; Driver: C:\DOCUME~1\Acer\USTAWI~1\Temp\uxddqpog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwAssignProcessToJobObject [0x9B84D4B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0x9B84D7F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDebugActiveProcess [0x9B84DAB0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDuplicateObject [0x9B84D5D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0x9B84D8B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenProcess [0x9B84D350] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenThread [0x9B84D410] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwProtectVirtualMemory [0x9B84D570] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwQueueApcThread [0x9B84D630] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwReplaceKey [0x9B84DC70] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwRestoreKey [0x9B84DC30] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetContextThread [0x9B84D530] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetInformationThread [0x9B84D4F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSecurityObject [0x9B84D670] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0x9B84D870] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendProcess [0x9B84D3B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendThread [0x9B84D430] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0x9B84D830] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateProcess [0x9B84D370] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateThread [0x9B84D470] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwWriteVirtualMemory [0x9B84D5F0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [B0, D3, 84, 9B, 30, D4, 84, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[708] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 0C, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 0F, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 0C, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 0D, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B917426 .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 0E, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 0D, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 0E, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B917497 .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 0C, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9175C5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 0D, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 0E, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 0F, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, CC, 04, 01] {SUB AH, CL; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, CF, 04, 01] {SUB BH, CL; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, CC, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, CD, 04, 01] {TEST AL, 0xcd; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91DAE6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, CE, 04, 01] {TEST AL, 0xce; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, CD, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, CE, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91DB57 .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, CC, 04, 01] {TEST AL, 0xcc; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91DC85 .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, CD, 04, 01] {SUB CH, CL; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, CE, 04, 01] {SUB DH, CL; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, CF, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] WININET.dll!HttpSendRequestA 3FD07021 5 Bytes JMP 04274780 C:\Program Files\Free Download Manager\flvsniff.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] WININET.dll!InternetReadFile 3FD0F5EB 5 Bytes JMP 04274710 C:\Program Files\Free Download Manager\flvsniff.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] WININET.dll!InternetCloseHandle 3FD12128 5 Bytes JMP 04274760 C:\Program Files\Free Download Manager\flvsniff.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] WININET.dll!HttpSendRequestW 3FD18B5E 5 Bytes JMP 042747C0 C:\Program Files\Free Download Manager\flvsniff.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 042746F0 C:\Program Files\Free Download Manager\flvsniff.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] WS2_32.dll!send 71A54C27 5 Bytes JMP 04274370 C:\Program Files\Free Download Manager\flvsniff.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 042745D0 C:\Program Files\Free Download Manager\flvsniff.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] WS2_32.dll!recv 71A5676F 5 Bytes JMP 04274530 C:\Program Files\Free Download Manager\flvsniff.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 04274410 C:\Program Files\Free Download Manager\flvsniff.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 5 Bytes JMP 04275A00 C:\Program Files\Free Download Manager\flvsniff.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 28, 08, 01] {SUB [EAX], CH; OR [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 2B, 08, 01] {SUB [EBX], CH; OR [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 28, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 29, 08, 01] {TEST AL, 0x29; OR [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91DE42 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 2A, 08, 01] {TEST AL, 0x2a; OR [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 29, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 2A, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91DEB3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 28, 08, 01] {TEST AL, 0x28; OR [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91DFE1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 29, 08, 01] {SUB [ECX], CH; OR [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 2A, 08, 01] {SUB [EDX], CH; OR [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 2B, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, F4, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, F7, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, F4, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, F5, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91790E .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, F6, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, F5, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, F6, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91797F .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, F4, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B917AAD .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, F5, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, F6, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, F7, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1520] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 98, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 9B, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 98, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 99, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9145B2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 9A, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 99, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 9A, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B914623 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 98, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B914751 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 99, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 9A, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 9B, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1556] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 78, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 7B, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 78, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 79, B3, 00] {TEST AL, 0x79; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B918992 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 7A, B3, 00] {TEST AL, 0x7a; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 79, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 7A, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B918A03 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 78, B3, 00] {TEST AL, 0x78; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B918B31 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 79, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 7A, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 7B, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, B0, E5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, B3, E5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, B0, E5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, B1, E5, 00] {TEST AL, 0xb1; IN EAX, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91BBCA .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, B2, E5, 00] {TEST AL, 0xb2; IN EAX, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, B1, E5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, B2, E5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91BC3B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, B0, E5, 00] {TEST AL, 0xb0; IN EAX, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91BD69 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, B1, E5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, B2, E5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, B3, E5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 68, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 6B, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 68, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 69, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B913D82 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 6A, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 69, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 6A, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B913DF3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 68, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B913F21 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 69, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 6A, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 6B, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 20, C4, 01] {SBB [EAX], AH; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 100046F0 C:\Program Files\Free Download Manager\flvsniff.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] WS2_32.dll!send 71A54C27 5 Bytes JMP 10004370 C:\Program Files\Free Download Manager\flvsniff.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 100045D0 C:\Program Files\Free Download Manager\flvsniff.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] WS2_32.dll!recv 71A5676F 5 Bytes JMP 10004530 C:\Program Files\Free Download Manager\flvsniff.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 10004410 C:\Program Files\Free Download Manager\flvsniff.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 5 Bytes JMP 10005A00 C:\Program Files\Free Download Manager\flvsniff.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] WININET.dll!HttpSendRequestA 3FD07021 5 Bytes JMP 10004780 C:\Program Files\Free Download Manager\flvsniff.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] WININET.dll!InternetReadFile 3FD0F5EB 5 Bytes JMP 10004710 C:\Program Files\Free Download Manager\flvsniff.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] WININET.dll!InternetCloseHandle 3FD12128 5 Bytes JMP 10004760 C:\Program Files\Free Download Manager\flvsniff.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] WININET.dll!HttpSendRequestW 3FD18B5E 5 Bytes JMP 100047C0 C:\Program Files\Free Download Manager\flvsniff.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 5C, 50, 00] {SUB [EAX+EDX*2+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 5F, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 5C, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 5D, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912676 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 5E, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 5D, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 5E, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9126E7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 5C, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912815 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 5D, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 5E, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 5F, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A8, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, AB, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A8, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A9, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9104C2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, AA, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A9, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, AA, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B910533 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A8, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910661 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A9, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, AA, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, AB, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 28, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 2B, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 28, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 29, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B917A42 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 2A, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 29, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 2A, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B917AB3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 28, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B917BE1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 29, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 2A, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 2B, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys ---- Threads - GMER 2.1 ---- Thread System [4:2036] 87C39DF0 ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32@ "C:\Program Files\Google\Chrome\Application\39.0.2171.71\delegate_execute.exe" Reg HKLM\SOFTWARE\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32@ServerExecutable C:\Program Files\Google\Chrome\Application\39.0.2171.71\delegate_execute.exe ---- EOF - GMER 2.1 ----