GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-13 18:00:06 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD2000JB-00KFA0 rev.08.05J08 186,31GB Running: gmer.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\pgtdypoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xB3F69AD6] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xB41E583C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xB3F6A5B4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xB3FB06A0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xB3F766B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xB3F76704] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xB3F7689E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xB3FB0054] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xB3F76626] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xB3F76748] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xB3F7666E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xB3F6AAEA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xB3F76858] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xB3F6B3A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xB3F69B3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xB3FB0D66] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xB3FB101C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xB3F6EBF2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xB3FB0BD1] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xB3FB0A3C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0xB41E5914] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xB3F69728] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xB41E5CF6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xB3F69BA2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xB3F6EFE8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xB3F6BEE6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xB3F766E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xB3F76726] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xB3F768C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xB3FB03B0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xB3F7664C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xB3F6E4EA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xB3F767D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xB3F76696] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xB3F6E8D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xB3F7687C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xB41E5A94] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xB3FB08B7] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xB3F6BCFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xB3FB0709] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xB3F6B854] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xB41F3B28] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwReplaceKey [0xB41F44EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xB3FAF697] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xB3F69C08] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xB3F69C6E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xB3F6B21C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xB3F697C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xB3F69994] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xB3FB0E6D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xB3F69922] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xB3F6B56C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xB3F6B6CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xB3F69A1C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xB3F6B05A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xB3F6B1FC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0xB41E2AD4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xB3F69CD4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xB3F6A610] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C98 80504534 8 Bytes [EA, AA, F6, B3, 58, 68, F7, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2D80 8050461C 8 Bytes [E8, EF, F6, B3, E6, BE, F6, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2DAC 80504648 4 Bytes [EA, E4, F6, B3] .text ntkrnlpa.exe!ZwCallbackReturn + 2DC4 80504660 4 Bytes [D6, E8, F6, B3] .text ntkrnlpa.exe!ZwCallbackReturn + 2F10 805047AC 12 Bytes [08, 9C, F6, B3, 6E, 9C, F6, ...] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B8 4 Bytes CALL B3F6C5B7 \SystemRoot\system32\drivers\aswSnx.sys .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6FD43A0, 0x8A1A15, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 18, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 1B, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 18, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 19, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90FB32 .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 1A, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 19, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 1A, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90FBA3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 18, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90FCD1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 19, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 1A, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 1B, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 006001F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 006003FC .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1716] kernel32.dll!SetUnhandledExceptionFilter 7C844935 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1788] kernel32.dll!SetUnhandledExceptionFilter 7C844935 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, CC, 69, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, CF, 69, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, CC, 69, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, CD, 69, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B913FE6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, CE, 69, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, CD, 69, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, CE, 69, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B914057 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, CC, 69, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B914185 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, CD, 69, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, CE, 69, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, CF, 69, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 009601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4124] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 009603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 20, C4, 01] {SBB [EAX], AH; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] KERNEL32.dll!WriteFile 7C810E27 5 Bytes JMP 087152C0 C:\DOCUME~1\Admin\USTAWI~1\Temp\{868964C0-B199-4513-B5B0-9A54359F3214}.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 20, E3, 00] {SUB [EAX], AH; JECXZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 23, E3, 00] {SUB [EBX], AH; JECXZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 20, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 21, E3, 00] {TEST AL, 0x21; JECXZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91B93A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 22, E3, 00] {TEST AL, 0x22; JECXZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 21, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 22, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91B9AB .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 20, E3, 00] {TEST AL, 0x20; JECXZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91BAD9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 21, E3, 00] {SUB [ECX], AH; JECXZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 22, E3, 00] {SUB [EDX], AH; JECXZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 23, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 011101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4896] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 011103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, B8, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, BB, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, B8, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, B9, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91CDD2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, BA, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, B9, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, BA, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91CE43 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, B8, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91CF71 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, B9, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, BA, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, BB, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 012501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 012503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 24, E6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 27, E6, 00] {SUB [EDI], AH; OUT 0x0, AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 24, E6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 25, E6, 00] {TEST AL, 0x25; OUT 0x0, AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91BC3E .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 26, E6, 00] {TEST AL, 0x26; OUT 0x0, AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 25, E6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 26, E6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91BCAF .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 24, E6, 00] {TEST AL, 0x24; OUT 0x0, AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91BDDD .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 25, E6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 26, E6, 00] {SUB [ESI], AH; OUT 0x0, AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 27, E6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 011401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4916] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 011403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C4, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, C7, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C4, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C5, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B918EDE .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, C6, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C5, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, C6, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B918F4F .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C4, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91907D .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C5, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, C6, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, C7, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00E601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00E603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes CALL 5F8FD198 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, EB, DF, 00] {SUB BL, CH; FILD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes CALL 5F8FD688 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes JMP 5F8FD6E8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91B602 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes JMP E2FF00DF .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes JMP 5F8FD748 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes JMP E2FF00DF .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91B673 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes CALL 5F8FD7F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91B7A1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes JMP 5F8FDD48 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes JMP E2FF00DF .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, EB, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 010D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5372] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 010D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C8, 87, 00] {SUB AL, CL; XCHG [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, CB, 87, 00] {SUB BL, CL; XCHG [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C8, 87, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C9, 87, 00] {TEST AL, 0xc9; XCHG [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B915DE2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, CA, 87, 00] {TEST AL, 0xca; XCHG [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C9, 87, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, CA, 87, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B915E53 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C8, 87, 00] {TEST AL, 0xc8; XCHG [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B915F81 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C9, 87, 00] {SUB CL, CL; XCHG [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, CA, 87, 00] {SUB DL, CL; XCHG [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, CB, 87, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00B501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00B503FC ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[920] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[920] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- Device \Driver\Tcpip \Device\Ip aswStmXP.sys Device \Driver\Tcpip \Device\Tcp aswStmXP.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.sys Device \Driver\Tcpip \Device\Udp aswStmXP.sys Device \Driver\Tcpip \Device\RawIp aswStmXP.sys Device \Driver\Tcpip \Device\IPMULTICAST aswStmXP.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- EOF - GMER 2.1 ----