GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-14 08:25:50 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD252HJ rev.1AC01110 232,89GB Running: s0nr0t0o.exe; Driver: C:\DOCUME~1\Ja\USTAWI~1\Temp\kgpdqpob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xB61D4ACC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xB64F031C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xB61D55AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xB621B620] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xB61E16A0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xB61E16EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xB61E1886] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xB621AFD4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xB61E160E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xB61E1730] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xB61E1656] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xB61D5AE0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xB61E1840] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xB61D6398] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xB61D4B32] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xB621BCE6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xB621BF9C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xB61D9BEA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xB621BB51] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xB621B9BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0xB64F03F4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xB61D471E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xB64F07D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xB61D4B98] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xB61D9FE0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xB61D6EDC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xB61E16CA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xB61E170E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xB61E18AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xB621B330] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xB61E1634] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xB61D94E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xB61E17BE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xB61E167E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xB61D98CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xB61E1864] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xB64F0574] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xB621B837] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xB61D6CF4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xB621B689] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xB61D684A] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xB64FDD2C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwReplaceKey [0xB64FE698] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xB621A617] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xB61D4BFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xB61D4C64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xB61D6212] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xB61D47B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xB61D498A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xB621BDED] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xB61D4918] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xB61D6562] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xB61D66C4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xB61D4A12] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xB61D6050] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xB61D61F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0xB64ED7BE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xB61D4CCA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xB61D5606] INT 0x62 ? 8B283BF8 INT 0x63 ? 8B09BBF8 INT 0x82 ? 8B283BF8 INT 0xA4 ? 8B09BBF8 INT 0xB4 ? 8B09BBF8 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D98 80504680 4 Bytes JMP 96B61D9B .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [FE, 4B, 1D, B6, 64, 4C, 1D, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [62, 65, 1D, B6, C4, 66, 1D, ...] ? spvb.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8E37360, 0x37388D, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB5539300, 0x3AE88, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA380300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 34, 7C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 37, 7C, 00] {SUB [EDI], DH; JL 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 34, 7C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 35, 7C, 00] {TEST AL, 0x35; JL 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91524E .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 36, 7C, 00] {TEST AL, 0x36; JL 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 35, 7C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 36, 7C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9152BF .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 34, 7C, 00] {TEST AL, 0x34; JL 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9153ED .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 35, 7C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 36, 7C, 00] {SUB [ESI], DH; JL 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 37, 7C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00AA01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[296] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00AA03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtCreateFile + 6 7C90D0B4 2 Bytes [28, B8] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtCreateFile + 9 7C90D0B7 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtCreateFile + 9 7C90D0B7 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtMapViewOfSection + 6 7C90D524 2 Bytes [28, BB] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtMapViewOfSection + 9 7C90D527 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtMapViewOfSection + 9 7C90D527 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenFile + 6 7C90D5A4 2 Bytes [68, B8] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenFile + 9 7C90D5A7 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenFile + 9 7C90D5A7 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcess + 6 7C90D604 2 Bytes [A8, B9] {TEST AL, 0xb9} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcess + 9 7C90D607 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcess + 9 7C90D607 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcessToken + 6 7C90D614 2 Bytes CALL 7B91D4D2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcessToken + 9 7C90D617 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcessToken + 9 7C90D617 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 2 Bytes [A8, BA] {TEST AL, 0xba} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcessTokenEx + 9 7C90D627 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcessTokenEx + 9 7C90D627 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThread + 6 7C90D664 2 Bytes [68, B9] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThread + 9 7C90D667 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThread + 9 7C90D667 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThreadToken + 6 7C90D674 2 Bytes [68, BA] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThreadToken + 9 7C90D677 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThreadToken + 9 7C90D677 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 2 Bytes CALL 7B91D543 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThreadTokenEx + 9 7C90D687 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThreadTokenEx + 9 7C90D687 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 2 Bytes [A8, B8] {TEST AL, 0xb8} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtQueryAttributesFile + 9 7C90D717 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtQueryAttributesFile + 9 7C90D717 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 2 Bytes CALL 7B91D671 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtQueryFullAttributesFile + 9 7C90D7B7 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtQueryFullAttributesFile + 9 7C90D7B7 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtSetInformationFile + 6 7C90DC64 2 Bytes [28, B9] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtSetInformationFile + 9 7C90DC67 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtSetInformationFile + 9 7C90DC67 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 2 Bytes [28, BA] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtSetInformationThread + 9 7C90DCB7 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtSetInformationThread + 9 7C90DCB7 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 2 Bytes [68, BB] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtUnmapViewOfSection + 9 7C90DF17 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtUnmapViewOfSection + 9 7C90DF17 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 012C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 012C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 10, 74, 00] {SUB [EAX], DL; JZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 13, 74, 00] {SUB [EBX], DL; JZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 10, 74, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 11, 74, 00] {TEST AL, 0x11; JZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B914A2A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 12, 74, 00] {TEST AL, 0x12; JZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 11, 74, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 12, 74, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B914A9B .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 10, 74, 00] {TEST AL, 0x10; JZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B914BC9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 11, 74, 00] {SUB [ECX], DL; JZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 12, 74, 00] {SUB [EDX], DL; JZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 13, 74, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00A203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 84, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 87, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 84, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 85, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED9E .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 86, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 85, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 86, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EE0F .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 84, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EF3D .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 85, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 86, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 87, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 005201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 005203FC .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1856] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 0C, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 0F, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 0C, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 0D, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B911426 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 0E, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 0D, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 0E, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B911497 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 0C, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9115C5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 0D, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 0E, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 0F, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007901F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 007903FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 40, A3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 43, A3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 40, A3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 41, A3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91795A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 42, A3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 41, A3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 42, A3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9179CB .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 40, A3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B917AF9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 41, A3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 42, A3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 43, A3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00D103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 7C, 21, 00] {SUB [ECX+0x0], BH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 7F, 21, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 7C, 21, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 7D, 21, 00] {TEST AL, 0x7d; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F796 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 7E, 21, 00] {TEST AL, 0x7e; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 7D, 21, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 7E, 21, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F807 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 7C, 21, 00] {TEST AL, 0x7c; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F935 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 7D, 21, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 7E, 21, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 7F, 21, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 005C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 005C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 4C, D7, 00] {SUB [EDI+EDX*8+0x0], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 4F, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 4C, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 4D, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91AD66 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 4E, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 4D, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 4E, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91ADD7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 4C, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91AF05 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 4D, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 4E, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 4F, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 010501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 010503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 20, C4, 01] {SBB [EAX], AH; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[832] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[832] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8B2101F8 AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys Device \Driver\usbuhci \Device\USBPDO-0 8B0981F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{6F95C182-4630-4158-8322-2717EB88B2F6} 8A6CD500 Device \Driver\usbuhci \Device\USBPDO-1 8B0981F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B2121F8 Device \Driver\dmio \Device\DmControl\DmConfig 8B2121F8 Device \Driver\dmio \Device\DmControl\DmPnP 8B2121F8 Device \Driver\dmio \Device\DmControl\DmInfo 8B2121F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{96B58E71-3D75-4E7F-9229-5EE99F79BF48} 8A6CD500 Device \Driver\usbuhci \Device\USBPDO-2 8B0981F8 Device \Driver\usbuhci \Device\USBPDO-3 8B0981F8 Device \Driver\usbehci \Device\USBPDO-4 8AFC11F8 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 8B2841F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8B2841F8 Device \Driver\Cdrom \Device\CdRom0 8AF731F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\usbstor \Device\00000080 8B17C500 Device \Driver\usbstor \Device\00000081 8B17C500 Device \Driver\usbstor \Device\00000082 8B17C500 Device \Driver\usbstor \Device\00000083 8B17C500 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A6CD500 Device \Driver\usbstor \Device\00000084 8B17C500 Device \Driver\NetBT \Device\NetbiosSmb 8A6CD500 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys Device \Driver\usbuhci \Device\USBFDO-0 8B0981F8 Device \Driver\usbstor \Device\0000007a 8B17C500 Device \Driver\usbuhci \Device\USBFDO-1 8B0981F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A6A41F8 Device \Driver\usbstor \Device\0000007b 8B17C500 Device \Driver\usbuhci \Device\USBFDO-2 8B0981F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A6A41F8 Device \Driver\usbuhci \Device\USBFDO-3 8B0981F8 Device \Driver\usbehci \Device\USBFDO-4 8AFC11F8 Device \Driver\Ftdisk \Device\FtControl 8B2841F8 Device \FileSystem\Cdfs \Cdfs 8A6C4500 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spvb.sys >>UNKNOWN [0x8b232938]<< 8b232938 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b151ab8] 8b151ab8 Trace 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000072[0x8b1b83b8] 8b1b83b8 Trace 5 ACPI.sys[b9e73620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b1c4940] 8b1c4940 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 14455 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC5 0xD3 0xF5 0xE4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x33 0x56 0x4B 0xC6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x02 0xAA 0xC6 0x35 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6F95C182-4630-4158-8322-2717EB88B2F6}@LeaseObtainedTime 1447456778 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6F95C182-4630-4158-8322-2717EB88B2F6}@T1 1447458578 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6F95C182-4630-4158-8322-2717EB88B2F6}@T2 1447459928 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6F95C182-4630-4158-8322-2717EB88B2F6}@LeaseTerminatesTime 1447460378 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{96B58E71-3D75-4E7F-9229-5EE99F79BF48}@LeaseObtainedTime 1447456772 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{96B58E71-3D75-4E7F-9229-5EE99F79BF48}@T1 1447458572 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{96B58E71-3D75-4E7F-9229-5EE99F79BF48}@T2 1447459922 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{96B58E71-3D75-4E7F-9229-5EE99F79BF48}@LeaseTerminatesTime 1447460372 Reg HKLM\SYSTEM\CurrentControlSet\Services\{6F95C182-4630-4158-8322-2717EB88B2F6}\Parameters\Tcpip@LeaseObtainedTime 1447456778 Reg HKLM\SYSTEM\CurrentControlSet\Services\{6F95C182-4630-4158-8322-2717EB88B2F6}\Parameters\Tcpip@T1 1447458578 Reg HKLM\SYSTEM\CurrentControlSet\Services\{6F95C182-4630-4158-8322-2717EB88B2F6}\Parameters\Tcpip@T2 1447459928 Reg HKLM\SYSTEM\CurrentControlSet\Services\{6F95C182-4630-4158-8322-2717EB88B2F6}\Parameters\Tcpip@LeaseTerminatesTime 1447460378 Reg HKLM\SYSTEM\CurrentControlSet\Services\{96B58E71-3D75-4E7F-9229-5EE99F79BF48}\Parameters\Tcpip@LeaseObtainedTime 1447456772 Reg HKLM\SYSTEM\CurrentControlSet\Services\{96B58E71-3D75-4E7F-9229-5EE99F79BF48}\Parameters\Tcpip@T1 1447458572 Reg HKLM\SYSTEM\CurrentControlSet\Services\{96B58E71-3D75-4E7F-9229-5EE99F79BF48}\Parameters\Tcpip@T2 1447459922 Reg HKLM\SYSTEM\CurrentControlSet\Services\{96B58E71-3D75-4E7F-9229-5EE99F79BF48}\Parameters\Tcpip@LeaseTerminatesTime 1447460372 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC5 0xD3 0xF5 0xE4 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x33 0x56 0x4B 0xC6 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x02 0xAA 0xC6 0x35 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC5 0xD3 0xF5 0xE4 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x33 0x56 0x4B 0xC6 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x02 0xAA 0xC6 0x35 ... ---- EOF - GMER 2.1 ----