GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-09 06:40:49 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10 TOSHIBA_MK1652GSX rev.LV011C 149,05GB Running: 6gyfrok1.exe; Driver: C:\DOCUME~1\ami\USTAWI~1\Temp\pxtdypog.sys ---- System - GMER 2.1 ---- SSDT 88FEAC90 ZwAssignProcessToJobObject SSDT spat.sys ZwCreateKey [0xB7EB50E0] SSDT 88FEB200 ZwDebugActiveProcess SSDT 88FEB2F0 ZwDuplicateObject SSDT spat.sys ZwEnumerateKey [0xB7ECDDA4] SSDT spat.sys ZwEnumerateValueKey [0xB7ECE132] SSDT spat.sys ZwOpenKey [0xB7EB50C0] SSDT 88FEA590 ZwOpenProcess SSDT 88FEA800 ZwOpenThread SSDT 88FEAFD0 ZwProtectVirtualMemory SSDT spat.sys ZwQueryKey [0xB7ECE20A] SSDT spat.sys ZwQueryValueKey [0xB7ECE08A] SSDT 88FEB0E0 ZwQueueApcThread SSDT 88FEAEC0 ZwSetContextThread SSDT 88FEAD90 ZwSetInformationThread SSDT 88FE7DA0 ZwSetSecurityObject SSDT spat.sys ZwSetValueKey [0xB7ECE29C] SSDT 88FEAB90 ZwSuspendProcess SSDT 88FEAA80 ZwSuspendThread SSDT 88FEA6E0 ZwTerminateProcess SSDT 88FEAA50 ZwTerminateThread SSDT 88FEB6D0 ZwWriteVirtualMemory INT 0x73 ? 8A907BF8 INT 0x73 ? 8A907BF8 INT 0x73 ? 8A907BF8 INT 0x94 ? 8A60BBF8 INT 0xA4 ? 8A60BBF8 ---- Kernel code sections - GMER 2.1 ---- ? spat.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB5E8D360, 0x3CEED5, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[316] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 20, C4, 01] {SBB [EAX], AH; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[316] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[552] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, DC, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, DF, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, DC, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, DD, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9124F6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, DE, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, DD, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, DE, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912567 .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, DC, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912695 .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, DD, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, DE, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, DF, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 74, E4, 00] {SUB [ESP+0x0], DH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 77, E4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 74, E4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 75, E4, 00] {TEST AL, 0x75; IN AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91BA8E .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 76, E4, 00] {TEST AL, 0x76; IN AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 75, E4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 76, E4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91BAFF .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 74, E4, 00] {TEST AL, 0x74; IN AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91BC2D .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 75, E4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 76, E4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 77, E4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1112] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 20, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 23, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 20, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 21, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F43A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 22, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 21, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 22, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F4AB .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 20, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F5D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 21, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 22, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 23, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 04, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 07, 73, 00] {SUB [EDI], AL; JAE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 04, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 05, 73, 00] {TEST AL, 0x5; JAE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91491E .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 06, 73, 00] {TEST AL, 0x6; JAE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 05, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 06, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91498F .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 04, 73, 00] {TEST AL, 0x4; JAE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B914ABD .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 05, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 06, 73, 00] {SUB [ESI], AL; JAE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 07, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 68, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 6B, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 68, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 69, D5, 00] {TEST AL, 0x69; AAD 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91AB82 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 6A, D5, 00] {TEST AL, 0x6a; AAD 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 69, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 6A, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91ABF3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 68, D5, 00] {TEST AL, 0x68; AAD 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91AD21 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 69, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 6A, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 6B, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A8, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, AB, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A8, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A9, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91C2C2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, AA, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A9, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, AA, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91C333 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A8, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91C461 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A9, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, AA, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, AB, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2372] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 10, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 13, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 10, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 11, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912E2A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 12, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 11, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 12, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912E9B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 10, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912FC9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 11, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 12, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 13, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, DC, 88, 00] {SUB AH, BL; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, DF, 88, 00] {SUB BH, BL; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, DC, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, DD, 88, 00] {TEST AL, 0xdd; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B915EF6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, DE, 88, 00] {TEST AL, 0xde; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, DD, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, DE, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B915F67 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, DC, 88, 00] {TEST AL, 0xdc; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916095 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, DD, 88, 00] {SUB CH, BL; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, DE, 88, 00] {SUB DH, BL; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, DF, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2944] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 84, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 87, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 84, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 85, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91579E .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 86, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 85, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 86, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91580F .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 84, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91593D .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 85, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 86, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 87, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, CC, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, CF, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, CC, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, CD, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EDE6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, CE, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, CD, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, CE, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EE57 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, CC, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EF85 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, CD, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, CE, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, CF, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\Explorer.EXE[208] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!RegSetValueW] [77E26116] C:\WINDOWS\system32\ADVAPI32.dll IAT C:\WINDOWS\Explorer.EXE[208] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!RegEnumKeyExW] [77DC7BD9] C:\WINDOWS\system32\ADVAPI32.dll IAT C:\WINDOWS\Explorer.EXE[208] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!GetUserNameW] [77DD496D] C:\WINDOWS\system32\ADVAPI32.dll IAT C:\WINDOWS\Explorer.EXE[208] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!RegNotifyChangeKeyValue] [77DCD8FE] C:\WINDOWS\system32\ADVAPI32.dll IAT C:\WINDOWS\Explorer.EXE[208] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!RegEnumValueW] [77DC7EED] C:\WINDOWS\system32\ADVAPI32.dll IAT C:\WINDOWS\Explorer.EXE[208] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!RegQueryValueExA] [77DC7ABB] C:\WINDOWS\system32\ADVAPI32.dll IAT C:\WINDOWS\Explorer.EXE[208] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!RegOpenKeyExA] [77DC7852] C:\WINDOWS\system32\ADVAPI32.dll IAT C:\WINDOWS\Explorer.EXE[208] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!RegEnumKeyW] [77DCD5E4] C:\WINDOWS\system32\ADVAPI32.dll IAT C:\WINDOWS\Explorer.EXE[208] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!RegCloseKey] [77DC6C27] C:\WINDOWS\system32\ADVAPI32.dll IAT C:\WINDOWS\Explorer.EXE[208] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!RegCreateKeyW] [77DEBA55] C:\WINDOWS\system32\ADVAPI32.dll IAT C:\WINDOWS\Explorer.EXE[208] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!RegQueryInfoKeyW] [77DD49CE] C:\WINDOWS\system32\ADVAPI32.dll IAT C:\WINDOWS\Explorer.EXE[208] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!RegOpenKeyExW] [77DC6AAF] C:\WINDOWS\system32\ADVAPI32.dll IAT C:\WINDOWS\Explorer.EXE[208] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!RegQueryValueExW] [77DC6FFF] C:\WINDOWS\system32\ADVAPI32.dll IAT C:\WINDOWS\Explorer.EXE[208] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!RegCreateKeyExW] [77DC776C] C:\WINDOWS\system32\ADVAPI32.dll IAT C:\WINDOWS\Explorer.EXE[208] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!RegSetValueExW] [77DCD767] C:\WINDOWS\system32\ADVAPI32.dll IAT C:\WINDOWS\Explorer.EXE[208] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!RegDeleteValueW] [77DCEDF1] C:\WINDOWS\system32\ADVAPI32.dll IAT C:\WINDOWS\Explorer.EXE[208] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!RegQueryValueW] [77DCD87A] C:\WINDOWS\system32\ADVAPI32.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8A9061F8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys Device \Driver\ACPI \Device\00000040 ntkrnlpa.exe AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys Device \Driver\ACPI \Device\00000041 ntkrnlpa.exe Device \Driver\ACPI \Device\00000050 ntkrnlpa.exe Device \Driver\ACPI \Device\00000051 ntkrnlpa.exe Device \Driver\usbohci \Device\USBPDO-0 8A6F21F8 Device \Driver\ACPI \Device\00000045 ntkrnlpa.exe Device \Driver\ACPI \Device\00000052 ntkrnlpa.exe Device \Driver\usbehci \Device\USBPDO-1 8A6071F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A8961F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A8961F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A8961F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A8961F8 Device \Driver\ACPI \Device\00000046 ntkrnlpa.exe Device \Driver\ACPI \Device\00000053 ntkrnlpa.exe Device \Driver\usbohci \Device\USBPDO-2 8A6F21F8 Device \Driver\ACPI \Device\00000054 ntkrnlpa.exe Device \Driver\usbehci \Device\USBPDO-3 8A6071F8 Device \Driver\ACPI \Device\00000048 ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys Device \Driver\ACPI \Device\00000070 ntkrnlpa.exe Device \Driver\Ftdisk \Device\HarddiskVolume1 8A9081F8 Device \Driver\ACPI \Device\00000064 ntkrnlpa.exe Device \Driver\ACPI \Device\00000071 ntkrnlpa.exe Device \Driver\ACPI \Device\00000059 ntkrnlpa.exe Device \Driver\Cdrom \Device\CdRom0 8A5F2500 Device \Driver\atapi \Device\Ide\IdePort0 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\ACPI \Device\00000073 ntkrnlpa.exe Device \Driver\ACPI \Device\00000066 ntkrnlpa.exe Device \Driver\ACPI \Device\00000067 ntkrnlpa.exe Device \Driver\ACPI \Device\00000068 ntkrnlpa.exe Device \Driver\ACPI \Device\00000081 ntkrnlpa.exe Device \Driver\ACPI \Device\00000076 ntkrnlpa.exe Device \Driver\usbstor \Device\00000082 88FAC1F8 Device \Driver\usbstor \Device\00000083 88FAC1F8 Device \Driver\ACPI \Device\0000004a ntkrnlpa.exe Device \Driver\NetBT \Device\NetBt_Wins_Export 89DC01F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{F6C1D7E5-AAC0-4271-8AC1-26EFA3BF1B8C} 89DC01F8 Device \Driver\ACPI \Device\00000085 ntkrnlpa.exe Device \Driver\NetBT \Device\NetbiosSmb 89DC01F8 Device \Driver\ACPI \Device\0000005a ntkrnlpa.exe Device \Driver\ACPI \Device\0000004e ntkrnlpa.exe Device \Driver\ACPI \Device\0000005b ntkrnlpa.exe Device \Driver\ACPI \Device\0000005c ntkrnlpa.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{414C6A7F-BB16-41F3-BD2C-A26CA72A88AB} 89DC01F8 Device \Driver\ACPI \Device\0000006a ntkrnlpa.exe Device \Driver\ACPI \Device\0000006b ntkrnlpa.exe Device \Driver\usbohci \Device\USBFDO-0 8A6F21F8 Device \Driver\usbehci \Device\USBFDO-1 8A6071F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88F301F8 Device \Driver\usbohci \Device\USBFDO-2 8A6F21F8 Device \Driver\ACPI \Device\0000006e ntkrnlpa.exe Device \Driver\ACPI \Device\0000006f ntkrnlpa.exe Device \Driver\usbehci \Device\USBFDO-3 8A6071F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 88F301F8 Device \Driver\Ftdisk \Device\FtControl 8A9081F8 Device \Driver\ACPI \Device\0000007f ntkrnlpa.exe Device \FileSystem\Cdfs \Cdfs 88F01500 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ntkrnlpa.exe ACPI.sys hal.dll atapi.sys spat.sys >>UNKNOWN [0x8a8b6938]<< 8a8b6938 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7e0ab8] 8a7e0ab8 Trace 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000071[0x8a8f89e8] 8a8f89e8 Trace 5 ACPI.sys[b7e73620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x8a86d940] 8a86d940 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9C 0x55 0x78 0xD8 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9C 0x55 0x78 0xD8 ... ---- EOF - GMER 2.1 ----