GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-14 10:00:22 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GJ00 298,09GB Running: 4f3wykq4.exe; Driver: C:\Users\samsung\AppData\Local\Temp\pgeiqkob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8C285BA6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8C286684] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x8C2926F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8C292744] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8C2928DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x8C292666] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x8C33CDF0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8C2926AE] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x8C33D080] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x8C33D16A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x8C292898] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8C287472] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8C285C0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8C28AC68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x8C2857F8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8C33CED0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8C285C72] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8C28B05E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8C287F5A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x8C292722] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8C292766] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8C292902] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x8C29268C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x8C28A560] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x8C292816] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8C2926D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x8C28A94C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x8C2928BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8C33CC6E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x8C287DCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8C287ADC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8C285CD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8C285D3E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x8C33CFCC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8C285892] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8C285A64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8C2859F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8C28763C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x8C28779E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8C285AEC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x8C33CD3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x8C2872CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x8C285DA4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x8C33CBA0] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwSaveKeyEx + 13B1 830838E9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830A33D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 138B 830AA658 4 Bytes [A6, 5B, 28, 8C] .text ntoskrnl.exe!KeRemoveQueueEx + 1413 830AA6E0 4 Bytes [84, 66, 28, 8C] .text ntoskrnl.exe!KeRemoveQueueEx + 1467 830AA734 8 Bytes [F8, 26, 29, 8C, 44, 27, 29, ...] .text ntoskrnl.exe!KeRemoveQueueEx + 1473 830AA740 4 Bytes [DE, 28, 29, 8C] .text ntoskrnl.exe!KeRemoveQueueEx + 148F 830AA75C 4 Bytes [66, 26, 29, 8C] .text ... PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 108 8325D991 4 Bytes CALL 8C288641 \SystemRoot\system32\drivers\aswSnx.sys PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 122 8329A43B 4 Bytes CALL 8C288657 \SystemRoot\system32\drivers\aswSnx.sys ---- User code sections - GMER 2.1 ---- .text C:\windows\System32\svchost.exe[344] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\windows\system32\csrss.exe[472] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\windows\system32\wininit.exe[524] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\windows\system32\csrss.exe[536] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\windows\system32\services.exe[580] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1320] kernel32.dll!SetUnhandledExceptionFilter 77703162 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1320] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\windows\system32\taskeng.exe[1376] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\windows\system32\Dwm.exe[1440] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\windows\Explorer.EXE[1448] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\windows\System32\spoolsv.exe[1656] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtCreateFile + 6 77B74A16 4 Bytes [28, 44, DE, 00] {SUB [ESI+EBX*8+0x0], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtCreateFile + B 77B74A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtMapViewOfSection + 6 77B75076 4 Bytes [28, 47, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtMapViewOfSection + B 77B7507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenFile + 6 77B75126 4 Bytes [68, 44, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenFile + B 77B7512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenProcess + 6 77B751D6 4 Bytes [A8, 45, DE, 00] {TEST AL, 0x45; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenProcess + B 77B751DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenProcessToken + 6 77B751E6 4 Bytes CALL 76B83030 C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenProcessToken + B 77B751EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenProcessTokenEx + 6 77B751F6 4 Bytes [A8, 46, DE, 00] {TEST AL, 0x46; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenProcessTokenEx + B 77B751FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenThread + 6 77B75256 4 Bytes [68, 45, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenThread + B 77B7525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenThreadToken + 6 77B75266 4 Bytes [68, 46, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenThreadToken + B 77B7526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenThreadTokenEx + 6 77B75276 4 Bytes CALL 76B830C1 C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenThreadTokenEx + B 77B7527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtQueryAttributesFile + 6 77B75386 4 Bytes [A8, 44, DE, 00] {TEST AL, 0x44; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtQueryAttributesFile + B 77B7538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtQueryFullAttributesFile + 6 77B75436 4 Bytes CALL 76B8327F C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtQueryFullAttributesFile + B 77B7543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtSetInformationFile + 6 77B75A86 4 Bytes [28, 45, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtSetInformationFile + B 77B75A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtSetInformationThread + 6 77B75AE6 4 Bytes [28, 46, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtSetInformationThread + B 77B75AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtUnmapViewOfSection + 6 77B75E06 4 Bytes [68, 47, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtUnmapViewOfSection + B 77B75E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!LdrUnloadDll 77B8BE7F 5 Bytes JMP 00EB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!LdrLoadDll 77B8F585 5 Bytes JMP 00EB01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] KERNEL32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\windows\system32\taskhost.exe[1796] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\windows\system32\svchost.exe[1888] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1956] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\windows\system32\svchost.exe[2016] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtCreateFile + 6 77B74A16 4 Bytes [28, 44, A2, 00] {SUB [EDX+0x0], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtCreateFile + B 77B74A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtMapViewOfSection + 6 77B75076 4 Bytes [28, 47, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtMapViewOfSection + B 77B7507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenFile + 6 77B75126 4 Bytes [68, 44, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenFile + B 77B7512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenProcess + 6 77B751D6 4 Bytes [A8, 45, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenProcess + B 77B751DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenProcessToken + B 77B751EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenProcessTokenEx + 6 77B751F6 4 Bytes [A8, 46, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenProcessTokenEx + B 77B751FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenThread + 6 77B75256 4 Bytes [68, 45, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenThread + B 77B7525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenThreadToken + 6 77B75266 4 Bytes [68, 46, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenThreadToken + B 77B7526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtOpenThreadTokenEx + B 77B7527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtQueryAttributesFile + 6 77B75386 4 Bytes [A8, 44, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtQueryAttributesFile + B 77B7538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtQueryFullAttributesFile + B 77B7543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtSetInformationFile + 6 77B75A86 4 Bytes [28, 45, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtSetInformationFile + B 77B75A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtSetInformationThread + 6 77B75AE6 4 Bytes [28, 46, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtSetInformationThread + B 77B75AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtUnmapViewOfSection + 6 77B75E06 4 Bytes [68, 47, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!NtUnmapViewOfSection + B 77B75E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!LdrUnloadDll 77B8BE7F 5 Bytes JMP 00A803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] ntdll.dll!LdrLoadDll 77B8F585 5 Bytes JMP 00A801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2168] KERNEL32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\windows\system32\igfxext.exe[2300] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2556] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[2580] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[2692] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtMapViewOfSection + 6 77B75076 4 Bytes [18, 20, 97, 73] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtMapViewOfSection + B 77B7507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!LdrUnloadDll 77B8BE7F 5 Bytes JMP 000E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!LdrLoadDll 77B8F585 5 Bytes JMP 000E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] KERNEL32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3256] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\windows\system32\SearchIndexer.exe[3312] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\windows\system32\wbem\unsecapp.exe[3400] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3428] kernel32.dll!SetUnhandledExceptionFilter 77703162 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3428] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3436] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[3600] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\Program Files\ipla\ipla.exe[3624] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtCreateFile + 6 77B74A16 4 Bytes [28, 80, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtCreateFile + B 77B74A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtMapViewOfSection + 6 77B75076 4 Bytes [28, 83, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtMapViewOfSection + B 77B7507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenFile + 6 77B75126 4 Bytes [68, 80, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenFile + B 77B7512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenProcess + 6 77B751D6 4 Bytes [A8, 81, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenProcess + B 77B751DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenProcessToken + B 77B751EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenProcessTokenEx + 6 77B751F6 4 Bytes [A8, 82, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenProcessTokenEx + B 77B751FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenThread + 6 77B75256 4 Bytes [68, 81, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenThread + B 77B7525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenThreadToken + 6 77B75266 4 Bytes [68, 82, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenThreadToken + B 77B7526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenThreadTokenEx + B 77B7527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtQueryAttributesFile + 6 77B75386 4 Bytes [A8, 80, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtQueryAttributesFile + B 77B7538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtQueryFullAttributesFile + B 77B7543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtSetInformationFile + 6 77B75A86 4 Bytes [28, 81, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtSetInformationFile + B 77B75A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtSetInformationThread + 6 77B75AE6 4 Bytes [28, 82, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtSetInformationThread + B 77B75AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtUnmapViewOfSection + 6 77B75E06 4 Bytes [68, 83, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtUnmapViewOfSection + B 77B75E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!LdrUnloadDll 77B8BE7F 5 Bytes JMP 00A803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!LdrLoadDll 77B8F585 5 Bytes JMP 00A801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3696] KERNEL32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\Program Files\CCleaner\CCleaner.exe[3732] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\Users\samsung\AppData\Roaming\Dropbox\bin\Dropbox.exe[3748] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3764] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtCreateFile + 6 77B74A16 4 Bytes [28, 48, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtCreateFile + B 77B74A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtMapViewOfSection + 6 77B75076 4 Bytes [28, 4B, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtMapViewOfSection + B 77B7507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenFile + 6 77B75126 4 Bytes [68, 48, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenFile + B 77B7512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcess + 6 77B751D6 4 Bytes [A8, 49, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcess + B 77B751DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcessToken + 6 77B751E6 4 Bytes CALL 76B84734 C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcessToken + B 77B751EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcessTokenEx + 6 77B751F6 4 Bytes [A8, 4A, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcessTokenEx + B 77B751FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThread + 6 77B75256 4 Bytes [68, 49, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThread + B 77B7525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThreadToken + 6 77B75266 4 Bytes [68, 4A, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThreadToken + B 77B7526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThreadTokenEx + 6 77B75276 4 Bytes CALL 76B847C5 C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThreadTokenEx + B 77B7527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtQueryAttributesFile + 6 77B75386 4 Bytes [A8, 48, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtQueryAttributesFile + B 77B7538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtQueryFullAttributesFile + 6 77B75436 4 Bytes CALL 76B84983 C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtQueryFullAttributesFile + B 77B7543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtSetInformationFile + 6 77B75A86 4 Bytes [28, 49, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtSetInformationFile + B 77B75A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtSetInformationThread + 6 77B75AE6 4 Bytes [28, 4A, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtSetInformationThread + B 77B75AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtUnmapViewOfSection + 6 77B75E06 4 Bytes [68, 4B, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtUnmapViewOfSection + B 77B75E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!LdrUnloadDll 77B8BE7F 5 Bytes JMP 011203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!LdrLoadDll 77B8F585 5 Bytes JMP 011201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] KERNEL32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\windows\system32\wbem\unsecapp.exe[3908] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\Users\samsung\Desktop\Nowy folder (2)\4f3wykq4.exe[4284] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtCreateFile + 6 77B74A16 4 Bytes [28, 94, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtCreateFile + B 77B74A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtMapViewOfSection + 6 77B75076 4 Bytes [28, 97, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtMapViewOfSection + B 77B7507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenFile + 6 77B75126 4 Bytes [68, 94, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenFile + B 77B7512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenProcess + 6 77B751D6 4 Bytes [A8, 95, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenProcess + B 77B751DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenProcessToken + B 77B751EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenProcessTokenEx + 6 77B751F6 4 Bytes [A8, 96, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenProcessTokenEx + B 77B751FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenThread + 6 77B75256 4 Bytes [68, 95, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenThread + B 77B7525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenThreadToken + 6 77B75266 4 Bytes [68, 96, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenThreadToken + B 77B7526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenThreadTokenEx + B 77B7527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtQueryAttributesFile + 6 77B75386 4 Bytes [A8, 94, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtQueryAttributesFile + B 77B7538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtQueryFullAttributesFile + B 77B7543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtSetInformationFile + 6 77B75A86 4 Bytes [28, 95, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtSetInformationFile + B 77B75A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtSetInformationThread + 6 77B75AE6 4 Bytes [28, 96, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtSetInformationThread + B 77B75AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtUnmapViewOfSection + 6 77B75E06 4 Bytes [68, 97, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtUnmapViewOfSection + B 77B75E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!LdrUnloadDll 77B8BE7F 5 Bytes JMP 006803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!LdrLoadDll 77B8F585 5 Bytes JMP 006801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] KERNEL32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4380] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtCreateFile + 6 77B74A16 4 Bytes [28, 6C, 34, 00] {SUB [ESP+ESI+0x0], CH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtCreateFile + B 77B74A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtMapViewOfSection + 6 77B75076 4 Bytes [28, 6F, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtMapViewOfSection + B 77B7507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtOpenFile + 6 77B75126 4 Bytes [68, 6C, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtOpenFile + B 77B7512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtOpenProcess + 6 77B751D6 4 Bytes [A8, 6D, 34, 00] {TEST AL, 0x6d; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtOpenProcess + B 77B751DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtOpenProcessToken + B 77B751EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtOpenProcessTokenEx + 6 77B751F6 4 Bytes [A8, 6E, 34, 00] {TEST AL, 0x6e; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtOpenProcessTokenEx + B 77B751FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtOpenThread + 6 77B75256 4 Bytes [68, 6D, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtOpenThread + B 77B7525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtOpenThreadToken + 6 77B75266 4 Bytes [68, 6E, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtOpenThreadToken + B 77B7526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtOpenThreadTokenEx + B 77B7527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtQueryAttributesFile + 6 77B75386 4 Bytes [A8, 6C, 34, 00] {TEST AL, 0x6c; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtQueryAttributesFile + B 77B7538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtQueryFullAttributesFile + B 77B7543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtSetInformationFile + 6 77B75A86 4 Bytes [28, 6D, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtSetInformationFile + B 77B75A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtSetInformationThread + 6 77B75AE6 4 Bytes [28, 6E, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtSetInformationThread + B 77B75AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtUnmapViewOfSection + 6 77B75E06 4 Bytes [68, 6F, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!NtUnmapViewOfSection + B 77B75E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!LdrUnloadDll 77B8BE7F 5 Bytes JMP 004103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] ntdll.dll!LdrLoadDll 77B8F585 5 Bytes JMP 004101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4728] KERNEL32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtCreateFile + 6 77B74A16 4 Bytes [28, 0C, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtCreateFile + B 77B74A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtMapViewOfSection + 6 77B75076 4 Bytes [28, 0F, 73, 00] {SUB [EDI], CL; JAE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtMapViewOfSection + B 77B7507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenFile + 6 77B75126 4 Bytes [68, 0C, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenFile + B 77B7512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcess + 6 77B751D6 4 Bytes [A8, 0D, 73, 00] {TEST AL, 0xd; JAE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcess + B 77B751DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcessToken + B 77B751EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcessTokenEx + 6 77B751F6 4 Bytes [A8, 0E, 73, 00] {TEST AL, 0xe; JAE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcessTokenEx + B 77B751FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenThread + 6 77B75256 4 Bytes [68, 0D, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenThread + B 77B7525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenThreadToken + 6 77B75266 4 Bytes [68, 0E, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenThreadToken + B 77B7526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenThreadTokenEx + B 77B7527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtQueryAttributesFile + 6 77B75386 4 Bytes [A8, 0C, 73, 00] {TEST AL, 0xc; JAE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtQueryAttributesFile + B 77B7538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtQueryFullAttributesFile + B 77B7543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtSetInformationFile + 6 77B75A86 4 Bytes [28, 0D, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtSetInformationFile + B 77B75A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtSetInformationThread + 6 77B75AE6 4 Bytes [28, 0E, 73, 00] {SUB [ESI], CL; JAE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtSetInformationThread + B 77B75AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtUnmapViewOfSection + 6 77B75E06 4 Bytes [68, 0F, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtUnmapViewOfSection + B 77B75E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!LdrUnloadDll 77B8BE7F 5 Bytes JMP 008003FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!LdrLoadDll 77B8F585 5 Bytes JMP 008001F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] KERNEL32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtCreateFile + 6 77B74A16 4 Bytes [28, A0, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtCreateFile + B 77B74A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + 6 77B75076 4 Bytes [28, A3, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + B 77B7507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenFile + 6 77B75126 4 Bytes [68, A0, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenFile + B 77B7512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcess + 6 77B751D6 4 Bytes [A8, A1, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcess + B 77B751DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessToken + B 77B751EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessTokenEx + 6 77B751F6 4 Bytes [A8, A2, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessTokenEx + B 77B751FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThread + 6 77B75256 4 Bytes [68, A1, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThread + B 77B7525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadToken + 6 77B75266 4 Bytes [68, A2, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadToken + B 77B7526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadTokenEx + B 77B7527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryAttributesFile + 6 77B75386 4 Bytes [A8, A0, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryAttributesFile + B 77B7538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryFullAttributesFile + B 77B7543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationFile + 6 77B75A86 4 Bytes [28, A1, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationFile + B 77B75A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationThread + 6 77B75AE6 4 Bytes [28, A2, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationThread + B 77B75AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + 6 77B75E06 4 Bytes [68, A3, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + B 77B75E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!LdrUnloadDll 77B8BE7F 5 Bytes JMP 007B03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!LdrLoadDll 77B8F585 5 Bytes JMP 007B01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] KERNEL32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\windows\System32\svchost.exe[5268] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE[5316] kernel32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtCreateFile + 6 77B74A16 4 Bytes [28, D0, E1, 00] {SUB AL, DL; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtCreateFile + B 77B74A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtMapViewOfSection + 6 77B75076 4 Bytes [28, D3, E1, 00] {SUB BL, DL; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtMapViewOfSection + B 77B7507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenFile + 6 77B75126 4 Bytes [68, D0, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenFile + B 77B7512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenProcess + 6 77B751D6 4 Bytes [A8, D1, E1, 00] {TEST AL, 0xd1; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenProcess + B 77B751DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenProcessToken + 6 77B751E6 4 Bytes CALL 76B833BC C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenProcessToken + B 77B751EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenProcessTokenEx + 6 77B751F6 4 Bytes [A8, D2, E1, 00] {TEST AL, 0xd2; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenProcessTokenEx + B 77B751FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenThread + 6 77B75256 4 Bytes [68, D1, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenThread + B 77B7525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenThreadToken + 6 77B75266 4 Bytes [68, D2, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenThreadToken + B 77B7526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenThreadTokenEx + 6 77B75276 4 Bytes CALL 76B8344D C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenThreadTokenEx + B 77B7527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtQueryAttributesFile + 6 77B75386 4 Bytes [A8, D0, E1, 00] {TEST AL, 0xd0; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtQueryAttributesFile + B 77B7538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtQueryFullAttributesFile + 6 77B75436 4 Bytes CALL 76B8360B C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtQueryFullAttributesFile + B 77B7543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtSetInformationFile + 6 77B75A86 4 Bytes [28, D1, E1, 00] {SUB CL, DL; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtSetInformationFile + B 77B75A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtSetInformationThread + 6 77B75AE6 4 Bytes [28, D2, E1, 00] {SUB DL, DL; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtSetInformationThread + B 77B75AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtUnmapViewOfSection + 6 77B75E06 4 Bytes [68, D3, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtUnmapViewOfSection + B 77B75E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!LdrUnloadDll 77B8BE7F 5 Bytes JMP 00FD03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!LdrLoadDll 77B8F585 5 Bytes JMP 00FD01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] KERNEL32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtCreateFile + 6 77B74A16 4 Bytes [28, 1C, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtCreateFile + B 77B74A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtMapViewOfSection + 6 77B75076 4 Bytes [28, 1F, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtMapViewOfSection + B 77B7507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenFile + 6 77B75126 4 Bytes [68, 1C, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenFile + B 77B7512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenProcess + 6 77B751D6 4 Bytes [A8, 1D, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenProcess + B 77B751DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenProcessToken + B 77B751EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenProcessTokenEx + 6 77B751F6 4 Bytes [A8, 1E, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenProcessTokenEx + B 77B751FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenThread + 6 77B75256 4 Bytes [68, 1D, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenThread + B 77B7525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenThreadToken + 6 77B75266 4 Bytes [68, 1E, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenThreadToken + B 77B7526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenThreadTokenEx + B 77B7527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtQueryAttributesFile + 6 77B75386 4 Bytes [A8, 1C, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtQueryAttributesFile + B 77B7538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtQueryFullAttributesFile + B 77B7543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtSetInformationFile + 6 77B75A86 4 Bytes [28, 1D, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtSetInformationFile + B 77B75A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtSetInformationThread + 6 77B75AE6 4 Bytes [28, 1E, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtSetInformationThread + B 77B75AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtUnmapViewOfSection + 6 77B75E06 4 Bytes [68, 1F, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtUnmapViewOfSection + B 77B75E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!LdrUnloadDll 77B8BE7F 5 Bytes JMP 005203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!LdrLoadDll 77B8F585 5 Bytes JMP 005201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5932] KERNEL32.dll!GetBinaryTypeW + 70 77717984 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\windows\Explorer.EXE[1448] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74822494] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\windows\Explorer.EXE[1448] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74805624] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\windows\Explorer.EXE[1448] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748056E2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\windows\Explorer.EXE[1448] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [7482250F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\windows\Explorer.EXE[1448] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74818573] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\windows\Explorer.EXE[1448] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74814D27] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\windows\Explorer.EXE[1448] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748150CE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\windows\Explorer.EXE[1448] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748151A3] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\windows\Explorer.EXE[1448] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [748166D0] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\windows\Explorer.EXE[1448] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748182CA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\windows\Explorer.EXE[1448] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74818819] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\windows\Explorer.EXE[1448] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7481907A] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\windows\Explorer.EXE[1448] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7481E21D] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\windows\Explorer.EXE[1448] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74814C59] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----