GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-24 09:22:09 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250320AS rev.0303 232,89GB Running: qiywl2ek.exe; Driver: C:\Users\JRo\AppData\Local\Temp\kfddypow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x996B0AD6] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x9978D83C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x996B15B4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x996BD6B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x996BD704] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x996BD89E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x996BD626] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x9978DC16] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x996BD66E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x9978DEA6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x996BD858] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x996B23A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x996B0B3C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwDuplicateObject [0x9978E094] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0x9978D914] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwLoadDriver [0x9978AAA4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x9978DCF6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x996B0BA2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x996B5FE8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x996B2EE6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x996BD6E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x996BD726] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x996BD8C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x996BD64C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x996B54EA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x996BD7D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x996BD696] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x996B58D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x996BD87C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x9978DA94] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x996B2CFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0x996B2854] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x996B0C08] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x996B0C6E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x9978DDF2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x996B07C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x996B0994] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x996B0922] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x996B256C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x996B26CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x996B0A1C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x9978DB62] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x996B21FC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0x9978AAD4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x996B0CD4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x9978D9C6] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x9978DF90] INT 0x51 ? 8C2C6CB8 INT 0x61 ? 8C2C6CB8 INT 0xA2 ? 8B2E7CB8 INT 0xA2 ? 8B2E7CB8 INT 0xA2 ? 8B2E7CB8 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 888E36D0 4 Bytes [D6, 0A, 6B, 99] {SALC ; OR CH, [EBX-0x67]} .text ntkrnlpa.exe!KeSetEvent + 131 888E36F4 4 Bytes [3C, D8, 78, 99] {CMP AL, 0xd8; JS 0xffffff9d} .text ntkrnlpa.exe!KeSetEvent + 191 888E3754 4 Bytes [B4, 15, 6B, 99] .text ntkrnlpa.exe!KeSetEvent + 1D1 888E3794 8 Bytes [B8, D6, 6B, 99, 04, D7, 6B, ...] .text ntkrnlpa.exe!KeSetEvent + 1DD 888E37A0 4 Bytes [9E, D8, 6B, 99] {SAHF ; FSUBR DWORD [EBX-0x67]} .text ... .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x88F51774] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1028] kernel32.dll!SetUnhandledExceptionFilter 76B0A9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1676] kernel32.dll!SetUnhandledExceptionFilter 76B0A9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!LdrLoadDll 779C9318 5 Bytes JMP 004601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!LdrUnloadDll 779DB600 5 Bytes JMP 004603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtCreateFile + 6 77A040D6 4 Bytes [28, D8, 30, 00] {SUB AL, BL; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtCreateFile + B 77A040DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtMapViewOfSection + 6 77A04826 4 Bytes [28, DB, 30, 00] {SUB BL, BL; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtMapViewOfSection + B 77A0482B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtOpenFile + 6 77A048B6 4 Bytes [68, D8, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtOpenFile + B 77A048BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtOpenProcess + 6 77A04936 4 Bytes [A8, D9, 30, 00] {TEST AL, 0xd9; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtOpenProcess + B 77A0493B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtOpenProcessToken + 6 77A04946 4 Bytes CALL 76A07A24 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtOpenProcessToken + B 77A0494B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtOpenProcessTokenEx + 6 77A04956 4 Bytes [A8, DA, 30, 00] {TEST AL, 0xda; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtOpenProcessTokenEx + B 77A0495B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtOpenThread + 6 77A049A6 4 Bytes [68, D9, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtOpenThread + B 77A049AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtOpenThreadToken + 6 77A049B6 4 Bytes [68, DA, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtOpenThreadToken + B 77A049BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtOpenThreadTokenEx + 6 77A049C6 4 Bytes CALL 76A07AA5 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtOpenThreadTokenEx + B 77A049CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtQueryAttributesFile + 6 77A04A56 4 Bytes [A8, D8, 30, 00] {TEST AL, 0xd8; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtQueryAttributesFile + B 77A04A5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtQueryFullAttributesFile + 6 77A04B06 4 Bytes CALL 76A07BE3 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtQueryFullAttributesFile + B 77A04B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtSetInformationFile + 6 77A04FE6 4 Bytes [28, D9, 30, 00] {SUB CL, BL; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtSetInformationFile + B 77A04FEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtSetInformationThread + 6 77A05036 4 Bytes [28, DA, 30, 00] {SUB DL, BL; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtSetInformationThread + B 77A0503B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtUnmapViewOfSection + 6 77A052D6 4 Bytes [68, DB, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1696] ntdll.dll!NtUnmapViewOfSection + B 77A052DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!LdrLoadDll 779C9318 5 Bytes JMP 000601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!LdrUnloadDll 779DB600 5 Bytes JMP 000603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtMapViewOfSection + 6 77A04826 4 Bytes [18, 20, 0A, 73] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtMapViewOfSection + B 77A0482B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!LdrLoadDll 779C9318 5 Bytes JMP 002A01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!LdrUnloadDll 779DB600 5 Bytes JMP 002A03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtCreateFile + 6 77A040D6 4 Bytes [28, BC, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtCreateFile + B 77A040DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtMapViewOfSection + 6 77A04826 4 Bytes [28, BF, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtMapViewOfSection + B 77A0482B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenFile + 6 77A048B6 4 Bytes [68, BC, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenFile + B 77A048BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenProcess + 6 77A04936 4 Bytes [A8, BD, 24, 00] {TEST AL, 0xbd; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenProcess + B 77A0493B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenProcessToken + 6 77A04946 4 Bytes CALL 76A06E08 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenProcessToken + B 77A0494B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenProcessTokenEx + 6 77A04956 4 Bytes [A8, BE, 24, 00] {TEST AL, 0xbe; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenProcessTokenEx + B 77A0495B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenThread + 6 77A049A6 4 Bytes [68, BD, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenThread + B 77A049AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenThreadToken + 6 77A049B6 4 Bytes [68, BE, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenThreadToken + B 77A049BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenThreadTokenEx + 6 77A049C6 4 Bytes CALL 76A06E89 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenThreadTokenEx + B 77A049CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtQueryAttributesFile + 6 77A04A56 4 Bytes [A8, BC, 24, 00] {TEST AL, 0xbc; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtQueryAttributesFile + B 77A04A5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtQueryFullAttributesFile + 6 77A04B06 4 Bytes CALL 76A06FC7 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtQueryFullAttributesFile + B 77A04B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtSetInformationFile + 6 77A04FE6 4 Bytes [28, BD, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtSetInformationFile + B 77A04FEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtSetInformationThread + 6 77A05036 4 Bytes [28, BE, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtSetInformationThread + B 77A0503B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtUnmapViewOfSection + 6 77A052D6 4 Bytes [68, BF, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtUnmapViewOfSection + B 77A052DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!LdrLoadDll 779C9318 5 Bytes JMP 005501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!LdrUnloadDll 779DB600 5 Bytes JMP 005503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtCreateFile + 6 77A040D6 4 Bytes [28, 30, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtCreateFile + B 77A040DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtMapViewOfSection + 6 77A04826 4 Bytes [28, 33, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtMapViewOfSection + B 77A0482B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenFile + 6 77A048B6 4 Bytes [68, 30, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenFile + B 77A048BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenProcess + 6 77A04936 4 Bytes [A8, 31, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenProcess + B 77A0493B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenProcessToken + 6 77A04946 4 Bytes CALL 76A0987C C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenProcessToken + B 77A0494B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenProcessTokenEx + 6 77A04956 4 Bytes [A8, 32, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenProcessTokenEx + B 77A0495B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenThread + 6 77A049A6 4 Bytes [68, 31, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenThread + B 77A049AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenThreadToken + 6 77A049B6 4 Bytes [68, 32, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenThreadToken + B 77A049BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenThreadTokenEx + 6 77A049C6 4 Bytes CALL 76A098FD C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenThreadTokenEx + B 77A049CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtQueryAttributesFile + 6 77A04A56 4 Bytes [A8, 30, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtQueryAttributesFile + B 77A04A5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtQueryFullAttributesFile + 6 77A04B06 4 Bytes CALL 76A09A3B C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtQueryFullAttributesFile + B 77A04B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtSetInformationFile + 6 77A04FE6 4 Bytes [28, 31, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtSetInformationFile + B 77A04FEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtSetInformationThread + 6 77A05036 4 Bytes [28, 32, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtSetInformationThread + B 77A0503B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtUnmapViewOfSection + 6 77A052D6 4 Bytes [68, 33, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtUnmapViewOfSection + B 77A052DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!LdrLoadDll 779C9318 5 Bytes JMP 007401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!LdrUnloadDll 779DB600 5 Bytes JMP 007403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtCreateFile + 6 77A040D6 4 Bytes [28, CC, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtCreateFile + B 77A040DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtMapViewOfSection + 6 77A04826 4 Bytes [28, CF, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtMapViewOfSection + B 77A0482B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenFile + 6 77A048B6 4 Bytes [68, CC, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenFile + B 77A048BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenProcess + 6 77A04936 4 Bytes [A8, CD, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenProcess + B 77A0493B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenProcessToken + 6 77A04946 4 Bytes CALL 76A0B918 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenProcessToken + B 77A0494B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenProcessTokenEx + 6 77A04956 4 Bytes [A8, CE, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenProcessTokenEx + B 77A0495B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenThread + 6 77A049A6 4 Bytes [68, CD, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenThread + B 77A049AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenThreadToken + 6 77A049B6 4 Bytes [68, CE, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenThreadToken + B 77A049BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenThreadTokenEx + 6 77A049C6 4 Bytes CALL 76A0B999 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenThreadTokenEx + B 77A049CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtQueryAttributesFile + 6 77A04A56 4 Bytes [A8, CC, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtQueryAttributesFile + B 77A04A5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtQueryFullAttributesFile + 6 77A04B06 4 Bytes CALL 76A0BAD7 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtQueryFullAttributesFile + B 77A04B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtSetInformationFile + 6 77A04FE6 4 Bytes [28, CD, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtSetInformationFile + B 77A04FEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtSetInformationThread + 6 77A05036 4 Bytes [28, CE, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtSetInformationThread + B 77A0503B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtUnmapViewOfSection + 6 77A052D6 4 Bytes [68, CF, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtUnmapViewOfSection + B 77A052DB 1 Byte [E2] .text C:\Program Files\AVAST Software\Avast\setup\instup.exe[3108] kernel32.dll!SetUnhandledExceptionFilter 76B0A9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!LdrLoadDll 779C9318 5 Bytes JMP 007F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!LdrUnloadDll 779DB600 5 Bytes JMP 007F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtCreateFile + 6 77A040D6 4 Bytes [28, DC, 79, 00] {SUB AH, BL; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtCreateFile + B 77A040DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtMapViewOfSection + 6 77A04826 4 Bytes [28, DF, 79, 00] {SUB BH, BL; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtMapViewOfSection + B 77A0482B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenFile + 6 77A048B6 4 Bytes [68, DC, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenFile + B 77A048BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcess + 6 77A04936 4 Bytes [A8, DD, 79, 00] {TEST AL, 0xdd; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcess + B 77A0493B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcessToken + 6 77A04946 4 Bytes CALL 76A0C328 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcessToken + B 77A0494B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcessTokenEx + 6 77A04956 4 Bytes [A8, DE, 79, 00] {TEST AL, 0xde; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcessTokenEx + B 77A0495B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThread + 6 77A049A6 4 Bytes [68, DD, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThread + B 77A049AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThreadToken + 6 77A049B6 4 Bytes [68, DE, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThreadToken + B 77A049BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThreadTokenEx + 6 77A049C6 4 Bytes CALL 76A0C3A9 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThreadTokenEx + B 77A049CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtQueryAttributesFile + 6 77A04A56 4 Bytes [A8, DC, 79, 00] {TEST AL, 0xdc; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtQueryAttributesFile + B 77A04A5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtQueryFullAttributesFile + 6 77A04B06 4 Bytes CALL 76A0C4E7 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtQueryFullAttributesFile + B 77A04B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtSetInformationFile + 6 77A04FE6 4 Bytes [28, DD, 79, 00] {SUB CH, BL; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtSetInformationFile + B 77A04FEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtSetInformationThread + 6 77A05036 4 Bytes [28, DE, 79, 00] {SUB DH, BL; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtSetInformationThread + B 77A0503B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtUnmapViewOfSection + 6 77A052D6 4 Bytes [68, DF, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtUnmapViewOfSection + B 77A052DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!LdrLoadDll 779C9318 5 Bytes JMP 00FB01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!LdrUnloadDll 779DB600 5 Bytes JMP 00FB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtCreateFile + 6 77A040D6 4 Bytes [28, F4, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtCreateFile + B 77A040DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtMapViewOfSection + 6 77A04826 4 Bytes [28, F7, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtMapViewOfSection + B 77A0482B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenFile + 6 77A048B6 4 Bytes [68, F4, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenFile + B 77A048BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcess + 6 77A04936 4 Bytes [A8, F5, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcess + B 77A0493B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessToken + 6 77A04946 4 Bytes CALL 76A13F40 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessToken + B 77A0494B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessTokenEx + 6 77A04956 4 Bytes [A8, F6, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessTokenEx + B 77A0495B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThread + 6 77A049A6 4 Bytes [68, F5, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThread + B 77A049AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadToken + 6 77A049B6 4 Bytes [68, F6, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadToken + B 77A049BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadTokenEx + 6 77A049C6 4 Bytes CALL 76A13FC1 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadTokenEx + B 77A049CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryAttributesFile + 6 77A04A56 4 Bytes [A8, F4, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryAttributesFile + B 77A04A5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryFullAttributesFile + 6 77A04B06 4 Bytes CALL 76A140FF C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryFullAttributesFile + B 77A04B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationFile + 6 77A04FE6 4 Bytes [28, F5, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationFile + B 77A04FEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationThread + 6 77A05036 4 Bytes [28, F6, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationThread + B 77A0503B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtUnmapViewOfSection + 6 77A052D6 4 Bytes [68, F7, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtUnmapViewOfSection + B 77A052DB 1 Byte [E2] .text C:\Program Files\CCleaner\CCleaner.exe[3816] USER32.dll!SetScrollRange 77B6D185 5 Bytes JMP 002F62A9 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3816] USER32.dll!GetScrollInfo 77B6F073 5 Bytes JMP 002F623C C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3816] USER32.dll!ShowScrollBar 77B6F8AE 5 Bytes JMP 002F626F C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3816] USER32.dll!SetScrollInfo 77B771D8 5 Bytes JMP 002F62E0 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3816] USER32.dll!EnableScrollBar 77B8AF53 5 Bytes JMP 002F6314 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3816] USER32.dll!GetScrollPos 77B9337D 5 Bytes JMP 002F6217 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3816] USER32.dll!GetScrollRange 77B934A5 5 Bytes JMP 002F61DF C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3816] USER32.dll!SetScrollPos 77B93602 5 Bytes JMP 002F61BA C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!LdrLoadDll 779C9318 5 Bytes JMP 00A001F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!LdrUnloadDll 779DB600 5 Bytes JMP 00A003FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtCreateFile + 6 77A040D6 4 Bytes [28, 90, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtCreateFile + B 77A040DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtMapViewOfSection + 6 77A04826 4 Bytes [28, 93, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtMapViewOfSection + B 77A0482B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenFile + 6 77A048B6 4 Bytes [68, 90, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenFile + B 77A048BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenProcess + 6 77A04936 4 Bytes [A8, 91, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenProcess + B 77A0493B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenProcessToken + 6 77A04946 4 Bytes CALL 76A0DFDC C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenProcessToken + B 77A0494B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenProcessTokenEx + 6 77A04956 4 Bytes [A8, 92, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenProcessTokenEx + B 77A0495B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenThread + 6 77A049A6 4 Bytes [68, 91, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenThread + B 77A049AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenThreadToken + 6 77A049B6 4 Bytes [68, 92, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenThreadToken + B 77A049BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenThreadTokenEx + 6 77A049C6 4 Bytes CALL 76A0E05D C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenThreadTokenEx + B 77A049CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtQueryAttributesFile + 6 77A04A56 4 Bytes [A8, 90, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtQueryAttributesFile + B 77A04A5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtQueryFullAttributesFile + 6 77A04B06 4 Bytes CALL 76A0E19B C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtQueryFullAttributesFile + B 77A04B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtSetInformationFile + 6 77A04FE6 4 Bytes [28, 91, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtSetInformationFile + B 77A04FEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtSetInformationThread + 6 77A05036 4 Bytes [28, 92, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtSetInformationThread + B 77A0503B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtUnmapViewOfSection + 6 77A052D6 4 Bytes [68, 93, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtUnmapViewOfSection + B 77A052DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!LdrLoadDll 779C9318 5 Bytes JMP 00CF01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!LdrUnloadDll 779DB600 5 Bytes JMP 00CF03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtCreateFile + 6 77A040D6 4 Bytes [28, DC, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtCreateFile + B 77A040DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtMapViewOfSection + 6 77A04826 4 Bytes [28, DF, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtMapViewOfSection + B 77A0482B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenFile + 6 77A048B6 4 Bytes [68, DC, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenFile + B 77A048BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenProcess + 6 77A04936 4 Bytes [A8, DD, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenProcess + B 77A0493B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenProcessToken + 6 77A04946 4 Bytes CALL 76A11328 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenProcessToken + B 77A0494B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenProcessTokenEx + 6 77A04956 4 Bytes [A8, DE, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenProcessTokenEx + B 77A0495B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenThread + 6 77A049A6 4 Bytes [68, DD, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenThread + B 77A049AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenThreadToken + 6 77A049B6 4 Bytes [68, DE, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenThreadToken + B 77A049BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenThreadTokenEx + 6 77A049C6 4 Bytes CALL 76A113A9 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenThreadTokenEx + B 77A049CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtQueryAttributesFile + 6 77A04A56 4 Bytes [A8, DC, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtQueryAttributesFile + B 77A04A5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtQueryFullAttributesFile + 6 77A04B06 4 Bytes CALL 76A114E7 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtQueryFullAttributesFile + B 77A04B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtSetInformationFile + 6 77A04FE6 4 Bytes [28, DD, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtSetInformationFile + B 77A04FEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtSetInformationThread + 6 77A05036 4 Bytes [28, DE, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtSetInformationThread + B 77A0503B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtUnmapViewOfSection + 6 77A052D6 4 Bytes [68, DF, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtUnmapViewOfSection + B 77A052DB 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74817817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74855B69] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7481BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7480F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7480E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74868F4D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7481DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7480FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7480FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7489CB6A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7483C840] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7480D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74806853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7480687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74812AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8B6EC1F8 Device \FileSystem\fastfat \FatCdrom 907CF1F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys Device \Driver\usbohci \Device\USBPDO-0 8C3BF1F8 Device \Driver\usbehci \Device\USBPDO-1 8C3C01F8 AttachedDevice \Driver\tdx \Device\Tcp aswRdr.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 ngvss.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 ngvss.sys Device \Driver\cdrom \Device\CdRom0 8CAAE1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8B6E91F8 Device \Driver\atapi \Device\Ide\IdePort0 8B6E91F8 Device \Driver\atapi \Device\Ide\IdePort1 8B6E91F8 Device \Driver\msahci \Device\Ide\PciIde0Channel0 8B6EA1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel1 8B6EA1F8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8b6e91f8]<< 8b6e91f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8c27c030] 8c27c030 Trace 3 CLASSPNP.SYS[921c48b3] -> nt!IofCallDriver -> [0x8c0d3b20] 8c0d3b20 Trace 5 acpi.sys[88f756bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8c12e8d8] 8c12e8d8 Trace \Driver\atapi[0x8c0a9f38] -> IRP_MJ_CREATE -> 0x8b6e91f8 8b6e91f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF6 0x13 0xE2 0xEA ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF6 0x13 0xE2 0xEA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF4 0x78 0x20 0xFF ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0x64 0x6E 0xED ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBF 0x25 0x57 0xBD ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF6 0x13 0xE2 0xEA ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF6 0x13 0xE2 0xEA ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF6 0x13 0xE2 0xEA ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF6 0x13 0xE2 0xEA ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF6 0x13 0xE2 0xEA ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF6 0x13 0xE2 0xEA ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF6 0x13 0xE2 0xEA ... Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\