GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-08 01:22:04 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-7 WDC_WD5000AADS-00S9B0 rev.01.00A01 465,76GB Running: jhnmqgsg.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uwddakob.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 82E7E339 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB7D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2820] ntdll.dll!LdrLoadDll 779C22B8 5 Bytes JMP 6920A8A8 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2820] USER32.dll!RegisterMessagePumpHook + 2F1 77AC8B9E 7 Bytes JMP 6500AC59 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2820] USER32.dll!IsDialogMessageW + 340 77AD4444 7 Bytes JMP 6500AD2E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2820] USER32.dll!GetWindowInfo 77AD4B5E 5 Bytes JMP 6500CDA9 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2820] USER32.dll!ToUnicodeEx + 71 77AE2223 7 Bytes JMP 6500B5C8 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3492] ntdll.dll!NtCreateFile 779A55C8 5 Bytes JMP 642EB983 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3492] ntdll.dll!NtFlushBuffersFile 779A5958 5 Bytes JMP 642EB6C3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3492] ntdll.dll!NtQueryFullAttributesFile 779A5FE8 5 Bytes JMP 642EB7F8 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3492] ntdll.dll!NtReadFile 779A62B8 5 Bytes JMP 642EB6FD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3492] ntdll.dll!NtReadFileScatter 779A62C8 5 Bytes JMP 64672E91 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3492] ntdll.dll!NtWriteFile 779A6A68 5 Bytes JMP 642EBB27 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3492] ntdll.dll!NtWriteFileGather 779A6A78 5 Bytes JMP 64672EE1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3492] ntdll.dll!LdrLoadDll 779C22B8 5 Bytes JMP 6920A8A8 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3492] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 77588996 7 Bytes JMP 6465B5A5 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3492] kernel32.dll!GetEnvironmentStringsA + 11 77592FB1 7 Bytes JMP 6465BFAC C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3492] kernel32.dll!BaseThreadInitThunk + C9 77593CFC 7 Bytes JMP 643BAFF1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3492] USER32.dll!GetWindowInfo 77AD4B5E 5 Bytes JMP 6513AE81 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3492] GDI32.dll!GetViewportOrgEx + 26C 7674884B 7 Bytes JMP 6465AF5D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtCreateFile + 6 779A55CE 4 Bytes [28, E0, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtCreateFile + B 779A55D3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtCreateKey + 6 779A560E 4 Bytes [68, E1, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtCreateKey + B 779A5613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtCreateMutant + 6 779A564E 4 Bytes [68, E2, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtCreateMutant + B 779A5653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtCreateSection + 6 779A56EE 4 Bytes [A8, E2, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtCreateSection + B 779A56F3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtMapViewOfSection + 6 779A5C2E 4 Bytes CALL 769A6417 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtMapViewOfSection + B 779A5C33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtOpenFile + 6 779A5CDE 4 Bytes [68, E0, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtOpenFile + B 779A5CE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtOpenKey + 6 779A5D0E 4 Bytes [A8, E1, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtOpenKey + B 779A5D13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtOpenKeyEx + 6 779A5D1E 4 Bytes CALL 769A6504 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtOpenKeyEx + B 779A5D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtOpenMutant + 6 779A5D5E 4 Bytes [28, E2, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtOpenMutant + B 779A5D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtOpenProcess + 6 779A5D8E 4 Bytes [68, E3, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtOpenProcess + B 779A5D93 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtOpenProcessToken + 6 779A5D9E 4 Bytes [A8, E3, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtOpenProcessToken + B 779A5DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtOpenProcessTokenEx + 6 779A5DAE 4 Bytes [68, E4, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtOpenProcessTokenEx + B 779A5DB3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtOpenSection + 6 779A5DCE 4 Bytes CALL 769A65B5 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtOpenSection + B 779A5DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtOpenThread + 6 779A5E0E 4 Bytes [28, E3, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtOpenThread + B 779A5E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtOpenThreadToken + 6 779A5E1E 4 Bytes [28, E4, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtOpenThreadToken + B 779A5E23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtOpenThreadTokenEx + 6 779A5E2E 4 Bytes [A8, E4, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtOpenThreadTokenEx + B 779A5E33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtQueryAttributesFile + 6 779A5F3E 4 Bytes [A8, E0, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtQueryAttributesFile + B 779A5F43 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtQueryFullAttributesFile + 6 779A5FEE 4 Bytes CALL 769A67D3 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtQueryFullAttributesFile + B 779A5FF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtSetInformationFile + 6 779A663E 4 Bytes [28, E1, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtSetInformationFile + B 779A6643 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtSetInformationThread + 6 779A669E 4 Bytes CALL 769A6E86 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtSetInformationThread + B 779A66A3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtUnmapViewOfSection + 6 779A69BE 4 Bytes [28, E5, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ntdll.dll!NtUnmapViewOfSection + B 779A69C3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] kernel32.dll!CreateProcessW 7754204D 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] kernel32.dll!CreateProcessA 77542082 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!DeleteObject 76745F14 5 Bytes JMP 001701B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!SelectObject 76746640 5 Bytes JMP 001705F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!SetTextColor 76746906 5 Bytes JMP 00170A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!SetBkMode 767469B1 5 Bytes JMP 001708F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!DeleteDC 76746EAA 5 Bytes JMP 00170170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!GetDeviceCaps 76746F7F 5 Bytes JMP 001703B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!ExtSelectClipRgn 76747114 5 Bytes JMP 001702F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!SelectClipRgn 76747242 5 Bytes JMP 001705B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!SetStretchBltMode 76747705 5 Bytes JMP 001706B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!GetCurrentObject 76747917 5 Bytes JMP 00170370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!GetTextMetricsW 76747B8F 5 Bytes JMP 00170E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!GetTextAlign 76747DAF 5 Bytes JMP 00170D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!IntersectClipRect 76747DFE 5 Bytes JMP 001703F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!ExtTextOutW 76748192 5 Bytes JMP 00170970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!SetTextAlign 7674828E 5 Bytes JMP 001709F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!GetClipBox 76748525 5 Bytes JMP 00170330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!MoveToEx 76748C21 5 Bytes JMP 00170470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!StretchDIBits 7674A53E 5 Bytes JMP 00170770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!RestoreDC 7674A67B 5 Bytes JMP 00170530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!SaveDC 7674A74B 5 Bytes JMP 00170570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!GetTextExtentPoint32W 7674B4B5 5 Bytes JMP 00170670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!GetTextFaceW 7674B73A 2 Bytes JMP 00170D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!GetTextFaceW + 3 7674B73D 2 Bytes [A2, 89] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!GetFontData 7674BCC4 5 Bytes JMP 00170C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!SetWorldTransform 7674C90A 5 Bytes JMP 001706F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!CreateDCA 7674CCA9 5 Bytes JMP 001700B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!CreateDCW 7674CF79 5 Bytes JMP 001700F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!CreateICW 7674CFD0 5 Bytes JMP 00170130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!GetTextMetricsA 7674D0F2 5 Bytes JMP 00170DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!Rectangle 7674F1FF 5 Bytes JMP 001709B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!LineTo 7674F59B 5 Bytes JMP 00170430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!SetICMMode 7674FAA4 5 Bytes JMP 00170DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!ExtTextOutA 767503F9 5 Bytes JMP 00170930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!GetTextExtentPoint32A 767507B0 5 Bytes JMP 00170630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!ExtEscape 76752949 5 Bytes JMP 001702B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!Escape 76753939 5 Bytes JMP 00170270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!GetTextFaceA 76753E6A 5 Bytes JMP 00170CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!SetPolyFillMode 7675D851 5 Bytes JMP 00170B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!SetMiterLimit 7675DA0D 5 Bytes JMP 00170B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!EndPage 767600D7 5 Bytes JMP 00170230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!ResetDCW 7676050D 5 Bytes JMP 00170AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!GetGlyphOutlineW 7676C1BA 5 Bytes JMP 00170CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!CreateScalableFontResourceW 7676E817 5 Bytes JMP 00170BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!AddFontResourceW 7676EC13 5 Bytes JMP 00170BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!RemoveFontResourceW 7676F109 5 Bytes JMP 00170C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!AbortDoc 76774C63 5 Bytes JMP 00170030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!EndDoc 767750AA 5 Bytes JMP 001701F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!StartPage 76775195 5 Bytes JMP 00170730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!StartDocW 76775BB0 5 Bytes JMP 001707F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!BeginPath 7677635D 5 Bytes JMP 00170830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!SelectClipPath 767763B4 5 Bytes JMP 00170AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!CloseFigure 7677640F 5 Bytes JMP 00170070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!EndPath 76776466 5 Bytes JMP 00170A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!StrokePath 76776699 5 Bytes JMP 001707B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!FillPath 76776726 5 Bytes JMP 00170870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!PolylineTo 76776B94 5 Bytes JMP 001704F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!PolyBezierTo 76776C25 5 Bytes JMP 001704B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] GDI32.dll!PolyDraw 76776CD7 5 Bytes JMP 001708B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!ActivateKeyboardLayout 77AC8203 5 Bytes JMP 001804F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!ScreenToClient 77ACA506 7 Bytes JMP 00180670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!RegisterClipboardFormatA 77ACC091 5 Bytes JMP 001802F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!RegisterClipboardFormatW 77ACDF8D 5 Bytes JMP 001802B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!SetCursor 77AD3075 5 Bytes JMP 00180530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!MonitorFromWindow 77AD3622 7 Bytes JMP 00180630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!PostMessageW 77AD447B 5 Bytes JMP 001805F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!IsWindowVisible 77AD4D69 7 Bytes JMP 001806B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!GetClientRect 77AD54DD 7 Bytes JMP 001805B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!MapWindowPoints 77AD5CAA 5 Bytes JMP 00180570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!GetParent 77AD6029 7 Bytes JMP 001806F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!EmptyClipboard 77AE290C 5 Bytes JMP 00180130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!SetClipboardData 77AE2962 5 Bytes JMP 00180170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!GetClipboardData 77AE2BA7 5 Bytes JMP 00180030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!GetClipboardFormatNameW 77AE5FD2 5 Bytes JMP 00180230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!SetClipboardViewer 77AE6FF6 5 Bytes JMP 001804B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!GetClipboardFormatNameA 77AE700A 5 Bytes JMP 00180270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!ChangeClipboardChain 77AF147C 5 Bytes JMP 00180430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!GetTopWindow 77AF24D9 7 Bytes JMP 00180730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!CloseClipboard 77AF446C 5 Bytes JMP 001800B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!OpenClipboard 77AF447E 5 Bytes JMP 00180070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!IsClipboardFormatAvailable 77AF44FF 5 Bytes JMP 001800F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!GetClipboardSequenceNumber 77AF4513 5 Bytes JMP 00180330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!GetClipboardOwner 77AF4525 5 Bytes JMP 00180370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!CountClipboardFormats 77AF470A 5 Bytes JMP 001801F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!EnumClipboardFormats 77AF47EC 5 Bytes JMP 001801B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!GetOpenClipboardWindow 77AF480B 5 Bytes JMP 001803F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!SetCursorPos 77B0C1B0 5 Bytes JMP 00180770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!GetClipboardViewer 77B24AF7 5 Bytes JMP 00180470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] USER32.dll!GetPriorityClipboardFormat 77B24BF9 5 Bytes JMP 001803B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ole32.dll!OleSetClipboard 76480045 5 Bytes JMP 00190030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ole32.dll!OleIsCurrentClipboard 764836B2 5 Bytes JMP 00190070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe[3828] ole32.dll!OleGetClipboard 764AFDCD 5 Bytes JMP 001900B0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtMapViewOfSection + 6 779A5C2E 4 Bytes [18, 20, 71, 5D] {SBB [EAX], AH; JNO 0x61} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtMapViewOfSection + B 779A5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtCreateFile + 6 779A55CE 4 Bytes [28, DC, 87, 00] {SUB AH, BL; XCHG [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtCreateFile + B 779A55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtMapViewOfSection + 6 779A5C2E 4 Bytes [28, DF, 87, 00] {SUB BH, BL; XCHG [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtMapViewOfSection + B 779A5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtOpenFile + 6 779A5CDE 4 Bytes [68, DC, 87, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtOpenFile + B 779A5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtOpenProcess + 6 779A5D8E 4 Bytes [A8, DD, 87, 00] {TEST AL, 0xdd; XCHG [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtOpenProcess + B 779A5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtOpenProcessToken + 6 779A5D9E 4 Bytes CALL 769AE580 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtOpenProcessToken + B 779A5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtOpenProcessTokenEx + 6 779A5DAE 4 Bytes [A8, DE, 87, 00] {TEST AL, 0xde; XCHG [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtOpenProcessTokenEx + B 779A5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtOpenThread + 6 779A5E0E 4 Bytes [68, DD, 87, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtOpenThread + B 779A5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtOpenThreadToken + 6 779A5E1E 4 Bytes [68, DE, 87, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtOpenThreadToken + B 779A5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtOpenThreadTokenEx + 6 779A5E2E 4 Bytes CALL 769AE611 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtOpenThreadTokenEx + B 779A5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtQueryAttributesFile + 6 779A5F3E 4 Bytes [A8, DC, 87, 00] {TEST AL, 0xdc; XCHG [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtQueryAttributesFile + B 779A5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtQueryFullAttributesFile + 6 779A5FEE 4 Bytes CALL 769AE7CF C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtQueryFullAttributesFile + B 779A5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtSetInformationFile + 6 779A663E 4 Bytes [28, DD, 87, 00] {SUB CH, BL; XCHG [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtSetInformationFile + B 779A6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtSetInformationThread + 6 779A669E 4 Bytes [28, DE, 87, 00] {SUB DH, BL; XCHG [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtSetInformationThread + B 779A66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtUnmapViewOfSection + 6 779A69BE 4 Bytes [68, DF, 87, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4520] ntdll.dll!NtUnmapViewOfSection + B 779A69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtCreateFile + 6 779A55CE 4 Bytes [28, 64, 6E, 00] {SUB [ESI+EBP*2+0x0], AH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtCreateFile + B 779A55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtMapViewOfSection + 6 779A5C2E 4 Bytes [28, 67, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtMapViewOfSection + B 779A5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenFile + 6 779A5CDE 4 Bytes [68, 64, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenFile + B 779A5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcess + 6 779A5D8E 4 Bytes [A8, 65, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcess + B 779A5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcessToken + 6 779A5D9E 4 Bytes CALL 769ACC08 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcessToken + B 779A5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcessTokenEx + 6 779A5DAE 4 Bytes [A8, 66, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcessTokenEx + B 779A5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThread + 6 779A5E0E 4 Bytes [68, 65, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThread + B 779A5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThreadToken + 6 779A5E1E 4 Bytes [68, 66, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThreadToken + B 779A5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThreadTokenEx + 6 779A5E2E 4 Bytes CALL 769ACC99 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThreadTokenEx + B 779A5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtQueryAttributesFile + 6 779A5F3E 4 Bytes [A8, 64, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtQueryAttributesFile + B 779A5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtQueryFullAttributesFile + 6 779A5FEE 4 Bytes CALL 769ACE57 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtQueryFullAttributesFile + B 779A5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtSetInformationFile + 6 779A663E 4 Bytes [28, 65, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtSetInformationFile + B 779A6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtSetInformationThread + 6 779A669E 4 Bytes [28, 66, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtSetInformationThread + B 779A66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtUnmapViewOfSection + 6 779A69BE 4 Bytes [68, 67, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtUnmapViewOfSection + B 779A69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtCreateFile + 6 779A55CE 4 Bytes [28, 60, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtCreateFile + B 779A55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtMapViewOfSection + 6 779A5C2E 4 Bytes [28, 63, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtMapViewOfSection + B 779A5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenFile + 6 779A5CDE 4 Bytes [68, 60, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenFile + B 779A5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenProcess + 6 779A5D8E 4 Bytes [A8, 61, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenProcess + B 779A5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenProcessToken + 6 779A5D9E 4 Bytes CALL 769AF304 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenProcessToken + B 779A5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenProcessTokenEx + 6 779A5DAE 4 Bytes [A8, 62, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenProcessTokenEx + B 779A5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenThread + 6 779A5E0E 4 Bytes [68, 61, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenThread + B 779A5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenThreadToken + 6 779A5E1E 4 Bytes [68, 62, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenThreadToken + B 779A5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenThreadTokenEx + 6 779A5E2E 4 Bytes CALL 769AF395 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenThreadTokenEx + B 779A5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtQueryAttributesFile + 6 779A5F3E 4 Bytes [A8, 60, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtQueryAttributesFile + B 779A5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtQueryFullAttributesFile + 6 779A5FEE 4 Bytes CALL 769AF553 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtQueryFullAttributesFile + B 779A5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtSetInformationFile + 6 779A663E 4 Bytes [28, 61, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtSetInformationFile + B 779A6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtSetInformationThread + 6 779A669E 4 Bytes [28, 62, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtSetInformationThread + B 779A66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtUnmapViewOfSection + 6 779A69BE 4 Bytes [68, 63, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtUnmapViewOfSection + B 779A69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtCreateFile + 6 779A55CE 4 Bytes [28, 38, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtCreateFile + B 779A55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtMapViewOfSection + 6 779A5C2E 4 Bytes [28, 3B, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtMapViewOfSection + B 779A5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenFile + 6 779A5CDE 4 Bytes [68, 38, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenFile + B 779A5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenProcess + 6 779A5D8E 4 Bytes [A8, 39, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenProcess + B 779A5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenProcessToken + 6 779A5D9E 4 Bytes CALL 769AC4DC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenProcessToken + B 779A5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenProcessTokenEx + 6 779A5DAE 4 Bytes [A8, 3A, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenProcessTokenEx + B 779A5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenThread + 6 779A5E0E 4 Bytes [68, 39, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenThread + B 779A5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenThreadToken + 6 779A5E1E 4 Bytes [68, 3A, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenThreadToken + B 779A5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenThreadTokenEx + 6 779A5E2E 4 Bytes CALL 769AC56D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenThreadTokenEx + B 779A5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtQueryAttributesFile + 6 779A5F3E 4 Bytes [A8, 38, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtQueryAttributesFile + B 779A5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtQueryFullAttributesFile + 6 779A5FEE 4 Bytes CALL 769AC72B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtQueryFullAttributesFile + B 779A5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtSetInformationFile + 6 779A663E 4 Bytes [28, 39, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtSetInformationFile + B 779A6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtSetInformationThread + 6 779A669E 4 Bytes [28, 3A, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtSetInformationThread + B 779A66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtUnmapViewOfSection + 6 779A69BE 4 Bytes [68, 3B, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtUnmapViewOfSection + B 779A69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtCreateFile + 6 779A55CE 4 Bytes [28, 90, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtCreateFile + B 779A55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtMapViewOfSection + 6 779A5C2E 4 Bytes [28, 93, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtMapViewOfSection + B 779A5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenFile + 6 779A5CDE 4 Bytes [68, 90, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenFile + B 779A5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcess + 6 779A5D8E 4 Bytes [A8, 91, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcess + B 779A5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcessToken + 6 779A5D9E 4 Bytes CALL 769A7534 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcessToken + B 779A5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcessTokenEx + 6 779A5DAE 4 Bytes [A8, 92, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcessTokenEx + B 779A5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThread + 6 779A5E0E 4 Bytes [68, 91, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThread + B 779A5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThreadToken + 6 779A5E1E 4 Bytes [68, 92, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThreadToken + B 779A5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThreadTokenEx + 6 779A5E2E 4 Bytes CALL 769A75C5 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThreadTokenEx + B 779A5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtQueryAttributesFile + 6 779A5F3E 4 Bytes [A8, 90, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtQueryAttributesFile + B 779A5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtQueryFullAttributesFile + 6 779A5FEE 4 Bytes CALL 769A7783 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtQueryFullAttributesFile + B 779A5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtSetInformationFile + 6 779A663E 4 Bytes [28, 91, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtSetInformationFile + B 779A6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtSetInformationThread + 6 779A669E 4 Bytes [28, 92, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtSetInformationThread + B 779A66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtUnmapViewOfSection + 6 779A69BE 4 Bytes [68, 93, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtUnmapViewOfSection + B 779A69C3 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74582437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74565600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745656BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [745824B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74578514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74574CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7457506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74575144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74576671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7457826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [745787BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7457901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7457E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74574BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x27 0x7F 0xBD 0xF8 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC7 0x5A 0x30 0x30 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2A 0x2C 0x07 0x5C ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x41 0x99 0xF2 0x93 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x27 0x7F 0xBD 0xF8 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC7 0x5A 0x30 0x30 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2A 0x2C 0x07 0x5C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x41 0x99 0xF2 0x93 ... ---- EOF - GMER 2.1 ----