GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-04 21:58:48 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 FUJITSU_MHW2100BH rev.8918 93,16GB Running: gmer.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxldipow.sys ---- System - GMER 2.2 ---- INT 0x51 ? 9EEB07D8 INT 0x52 ? 98957558 INT 0x61 ? 9EEB0A58 INT 0x62 ? 989577D8 INT 0x72 ? 98957A58 INT 0x82 ? 9D475058 INT 0xA0 ? 9D475CD8 INT 0xA1 ? 9EEB0CD8 INT 0xA2 ? 9EE53A58 INT 0xA3 ? 9D4757D8 INT 0xA8 ? 9D452058 INT 0xA9 ? 9D4522D8 INT 0xAA ? 9D452558 INT 0xAB ? 9D4527D8 INT 0xAC ? 9D452A58 INT 0xAD ? 9D452CD8 INT 0xAE ? 98957058 INT 0xAF ? 989572D8 INT 0xB0 ? 9EEB02D8 INT 0xB1 ? 98957CD8 INT 0xB3 ? 9D475558 ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwRenameKey + 1549 82C4FEC5 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C8A272 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\Drivers\spoh.sys System nie może odnaleźć określonej ścieżki. ! .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9AA0C000, 0x1E7580, 0xE8000020] ? \DAEMON Tools Lite\Engine.dll System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtCreateFile + 6 77C85136 4 Bytes [28, 8C, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtCreateFile + B 77C8513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtMapViewOfSection + 6 77C85796 4 Bytes [28, 8F, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtMapViewOfSection + B 77C8579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenFile + 6 77C85846 4 Bytes [68, 8C, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenFile + B 77C8584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenProcess + 6 77C858F6 4 Bytes [A8, 8D, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenProcess + B 77C858FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenProcessToken + 6 77C85906 4 Bytes CALL 76C8BA98 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenProcessToken + B 77C8590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenProcessTokenEx + 6 77C85916 4 Bytes [A8, 8E, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenProcessTokenEx + B 77C8591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenThread + 6 77C85976 4 Bytes [68, 8D, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenThread + B 77C8597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenThreadToken + 6 77C85986 4 Bytes [68, 8E, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenThreadToken + B 77C8598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenThreadTokenEx + 6 77C85996 4 Bytes CALL 76C8BB29 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenThreadTokenEx + B 77C8599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtQueryAttributesFile + 6 77C85AA6 4 Bytes [A8, 8C, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtQueryAttributesFile + B 77C85AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtQueryFullAttributesFile + 6 77C85B56 4 Bytes CALL 76C8BCE7 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtQueryFullAttributesFile + B 77C85B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtSetInformationFile + 6 77C861A6 4 Bytes [28, 8D, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtSetInformationFile + B 77C861AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtSetInformationThread + 6 77C86206 4 Bytes [28, 8E, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtSetInformationThread + B 77C8620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtUnmapViewOfSection + 6 77C86526 4 Bytes [68, 8F, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtUnmapViewOfSection + B 77C8652B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtCreateFile + 6 77C85136 4 Bytes [28, 94, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtCreateFile + B 77C8513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtMapViewOfSection + 6 77C85796 4 Bytes [28, 97, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtMapViewOfSection + B 77C8579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenFile + 6 77C85846 4 Bytes [68, 94, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenFile + B 77C8584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenProcess + 6 77C858F6 4 Bytes [A8, 95, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenProcess + B 77C858FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenProcessToken + 6 77C85906 4 Bytes CALL 76C8EAA0 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenProcessToken + B 77C8590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenProcessTokenEx + 6 77C85916 4 Bytes [A8, 96, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenProcessTokenEx + B 77C8591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenThread + 6 77C85976 4 Bytes [68, 95, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenThread + B 77C8597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenThreadToken + 6 77C85986 4 Bytes [68, 96, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenThreadToken + B 77C8598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenThreadTokenEx + 6 77C85996 4 Bytes CALL 76C8EB31 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenThreadTokenEx + B 77C8599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtQueryAttributesFile + 6 77C85AA6 4 Bytes [A8, 94, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtQueryAttributesFile + B 77C85AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtQueryFullAttributesFile + 6 77C85B56 4 Bytes CALL 76C8ECEF C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtQueryFullAttributesFile + B 77C85B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtSetInformationFile + 6 77C861A6 4 Bytes [28, 95, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtSetInformationFile + B 77C861AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtSetInformationThread + 6 77C86206 4 Bytes [28, 96, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtSetInformationThread + B 77C8620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtUnmapViewOfSection + 6 77C86526 4 Bytes [68, 97, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtUnmapViewOfSection + B 77C8652B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtCreateFile + 6 77C85136 4 Bytes [28, B0, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtCreateFile + B 77C8513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtMapViewOfSection + 6 77C85796 4 Bytes [28, B3, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtMapViewOfSection + B 77C8579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtOpenFile + 6 77C85846 4 Bytes [68, B0, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtOpenFile + B 77C8584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtOpenProcess + 6 77C858F6 4 Bytes [A8, B1, 84, 00] {TEST AL, 0xb1; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtOpenProcess + B 77C858FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtOpenProcessToken + 6 77C85906 4 Bytes CALL 76C8DDBC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtOpenProcessToken + B 77C8590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtOpenProcessTokenEx + 6 77C85916 4 Bytes [A8, B2, 84, 00] {TEST AL, 0xb2; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtOpenProcessTokenEx + B 77C8591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtOpenThread + 6 77C85976 4 Bytes [68, B1, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtOpenThread + B 77C8597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtOpenThreadToken + 6 77C85986 4 Bytes [68, B2, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtOpenThreadToken + B 77C8598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtOpenThreadTokenEx + 6 77C85996 4 Bytes CALL 76C8DE4D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtOpenThreadTokenEx + B 77C8599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtQueryAttributesFile + 6 77C85AA6 4 Bytes [A8, B0, 84, 00] {TEST AL, 0xb0; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtQueryAttributesFile + B 77C85AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtQueryFullAttributesFile + 6 77C85B56 4 Bytes CALL 76C8E00B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtQueryFullAttributesFile + B 77C85B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtSetInformationFile + 6 77C861A6 4 Bytes [28, B1, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtSetInformationFile + B 77C861AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtSetInformationThread + 6 77C86206 4 Bytes [28, B2, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtSetInformationThread + B 77C8620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtUnmapViewOfSection + 6 77C86526 4 Bytes [68, B3, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3980] ntdll.dll!NtUnmapViewOfSection + B 77C8652B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtCreateFile + 6 77C85136 4 Bytes [28, 7C, 2C, 00] {SUB [ESP+EBP+0x0], BH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtCreateFile + B 77C8513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + 6 77C85796 4 Bytes [28, 7F, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + B 77C8579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenFile + 6 77C85846 4 Bytes [68, 7C, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenFile + B 77C8584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcess + 6 77C858F6 4 Bytes [A8, 7D, 2C, 00] {TEST AL, 0x7d; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcess + B 77C858FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessToken + 6 77C85906 4 Bytes CALL 76C88588 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessToken + B 77C8590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessTokenEx + 6 77C85916 4 Bytes [A8, 7E, 2C, 00] {TEST AL, 0x7e; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessTokenEx + B 77C8591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThread + 6 77C85976 4 Bytes [68, 7D, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThread + B 77C8597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadToken + 6 77C85986 4 Bytes [68, 7E, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadToken + B 77C8598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadTokenEx + 6 77C85996 4 Bytes CALL 76C88619 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadTokenEx + B 77C8599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryAttributesFile + 6 77C85AA6 4 Bytes [A8, 7C, 2C, 00] {TEST AL, 0x7c; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryAttributesFile + B 77C85AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryFullAttributesFile + 6 77C85B56 4 Bytes CALL 76C887D7 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryFullAttributesFile + B 77C85B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationFile + 6 77C861A6 4 Bytes [28, 7D, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationFile + B 77C861AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationThread + 6 77C86206 4 Bytes [28, 7E, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationThread + B 77C8620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + 6 77C86526 4 Bytes [68, 7F, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + B 77C8652B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtCreateFile + 6 77C85136 4 Bytes [28, BC, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtCreateFile + B 77C8513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtMapViewOfSection + 6 77C85796 4 Bytes [28, BF, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtMapViewOfSection + B 77C8579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenFile + 6 77C85846 4 Bytes [68, BC, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenFile + B 77C8584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcess + 6 77C858F6 4 Bytes [A8, BD, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcess + B 77C858FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcessToken + 6 77C85906 4 Bytes CALL 76C911C8 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcessToken + B 77C8590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcessTokenEx + 6 77C85916 4 Bytes [A8, BE, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcessTokenEx + B 77C8591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThread + 6 77C85976 4 Bytes [68, BD, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThread + B 77C8597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThreadToken + 6 77C85986 4 Bytes [68, BE, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThreadToken + B 77C8598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThreadTokenEx + 6 77C85996 4 Bytes CALL 76C91259 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThreadTokenEx + B 77C8599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtQueryAttributesFile + 6 77C85AA6 4 Bytes [A8, BC, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtQueryAttributesFile + B 77C85AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtQueryFullAttributesFile + 6 77C85B56 4 Bytes CALL 76C91417 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtQueryFullAttributesFile + B 77C85B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtSetInformationFile + 6 77C861A6 4 Bytes [28, BD, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtSetInformationFile + B 77C861AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtSetInformationThread + 6 77C86206 4 Bytes [28, BE, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtSetInformationThread + B 77C8620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtUnmapViewOfSection + 6 77C86526 4 Bytes [68, BF, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtUnmapViewOfSection + B 77C8652B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtMapViewOfSection + 6 77C85796 4 Bytes [18, 40, C6, 5E] {SBB [EAX-0x3a], AL; POP ESI} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtMapViewOfSection + B 77C8579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtCreateFile + 6 77C85136 4 Bytes [28, AC, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtCreateFile + B 77C8513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtMapViewOfSection + 6 77C85796 4 Bytes [28, AF, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtMapViewOfSection + B 77C8579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenFile + 6 77C85846 4 Bytes [68, AC, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenFile + B 77C8584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenProcess + 6 77C858F6 4 Bytes [A8, AD, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenProcess + B 77C858FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenProcessToken + 6 77C85906 4 Bytes CALL 76C922B8 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenProcessToken + B 77C8590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenProcessTokenEx + 6 77C85916 4 Bytes [A8, AE, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenProcessTokenEx + B 77C8591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenThread + 6 77C85976 4 Bytes [68, AD, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenThread + B 77C8597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenThreadToken + 6 77C85986 4 Bytes [68, AE, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenThreadToken + B 77C8598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenThreadTokenEx + 6 77C85996 4 Bytes CALL 76C92349 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtOpenThreadTokenEx + B 77C8599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtQueryAttributesFile + 6 77C85AA6 4 Bytes [A8, AC, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtQueryAttributesFile + B 77C85AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtQueryFullAttributesFile + 6 77C85B56 4 Bytes CALL 76C92507 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtQueryFullAttributesFile + B 77C85B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtSetInformationFile + 6 77C861A6 4 Bytes [28, AD, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtSetInformationFile + B 77C861AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtSetInformationThread + 6 77C86206 4 Bytes [28, AE, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtSetInformationThread + B 77C8620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtUnmapViewOfSection + 6 77C86526 4 Bytes [68, AF, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5400] ntdll.dll!NtUnmapViewOfSection + B 77C8652B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtCreateFile + 6 77C85136 4 Bytes [28, A8, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtCreateFile + B 77C8513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtMapViewOfSection + 6 77C85796 4 Bytes [28, AB, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtMapViewOfSection + B 77C8579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenFile + 6 77C85846 4 Bytes [68, A8, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenFile + B 77C8584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenProcess + 6 77C858F6 4 Bytes [A8, A9, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenProcess + B 77C858FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenProcessToken + 6 77C85906 4 Bytes CALL 76C8B5B4 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenProcessToken + B 77C8590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenProcessTokenEx + 6 77C85916 4 Bytes [A8, AA, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenProcessTokenEx + B 77C8591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenThread + 6 77C85976 4 Bytes [68, A9, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenThread + B 77C8597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenThreadToken + 6 77C85986 4 Bytes [68, AA, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenThreadToken + B 77C8598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenThreadTokenEx + 6 77C85996 4 Bytes CALL 76C8B645 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenThreadTokenEx + B 77C8599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtQueryAttributesFile + 6 77C85AA6 4 Bytes [A8, A8, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtQueryAttributesFile + B 77C85AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtQueryFullAttributesFile + 6 77C85B56 4 Bytes CALL 76C8B803 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtQueryFullAttributesFile + B 77C85B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtSetInformationFile + 6 77C861A6 4 Bytes [28, A9, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtSetInformationFile + B 77C861AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtSetInformationThread + 6 77C86206 4 Bytes [28, AA, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtSetInformationThread + B 77C8620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtUnmapViewOfSection + 6 77C86526 4 Bytes [68, AB, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtUnmapViewOfSection + B 77C8652B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtCreateFile + 6 77C85136 4 Bytes [28, 98, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtCreateFile + B 77C8513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtMapViewOfSection + 6 77C85796 4 Bytes [28, 9B, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtMapViewOfSection + B 77C8579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtOpenFile + 6 77C85846 4 Bytes [68, 98, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtOpenFile + B 77C8584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtOpenProcess + 6 77C858F6 4 Bytes [A8, 99, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtOpenProcess + B 77C858FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtOpenProcessToken + 6 77C85906 4 Bytes CALL 76C8C4A4 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtOpenProcessToken + B 77C8590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtOpenProcessTokenEx + 6 77C85916 4 Bytes [A8, 9A, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtOpenProcessTokenEx + B 77C8591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtOpenThread + 6 77C85976 4 Bytes [68, 99, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtOpenThread + B 77C8597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtOpenThreadToken + 6 77C85986 4 Bytes [68, 9A, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtOpenThreadToken + B 77C8598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtOpenThreadTokenEx + 6 77C85996 4 Bytes CALL 76C8C535 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtOpenThreadTokenEx + B 77C8599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtQueryAttributesFile + 6 77C85AA6 4 Bytes [A8, 98, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtQueryAttributesFile + B 77C85AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtQueryFullAttributesFile + 6 77C85B56 4 Bytes CALL 76C8C6F3 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtQueryFullAttributesFile + B 77C85B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtSetInformationFile + 6 77C861A6 4 Bytes [28, 99, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtSetInformationFile + B 77C861AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtSetInformationThread + 6 77C86206 4 Bytes [28, 9A, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtSetInformationThread + B 77C8620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtUnmapViewOfSection + 6 77C86526 4 Bytes [68, 9B, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5432] ntdll.dll!NtUnmapViewOfSection + B 77C8652B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtCreateFile + 6 77C85136 4 Bytes [28, 44, 20, 00] {SUB [EAX+0x0], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtCreateFile + B 77C8513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtMapViewOfSection + 6 77C85796 4 Bytes [28, 47, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtMapViewOfSection + B 77C8579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenFile + 6 77C85846 4 Bytes [68, 44, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenFile + B 77C8584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcess + 6 77C858F6 4 Bytes [A8, 45, 20, 00] {TEST AL, 0x45; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcess + B 77C858FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcessToken + 6 77C85906 4 Bytes CALL 76C87950 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcessToken + B 77C8590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcessTokenEx + 6 77C85916 4 Bytes [A8, 46, 20, 00] {TEST AL, 0x46; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcessTokenEx + B 77C8591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThread + 6 77C85976 4 Bytes [68, 45, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThread + B 77C8597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThreadToken + 6 77C85986 4 Bytes [68, 46, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThreadToken + B 77C8598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThreadTokenEx + 6 77C85996 4 Bytes CALL 76C879E1 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThreadTokenEx + B 77C8599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtQueryAttributesFile + 6 77C85AA6 4 Bytes [A8, 44, 20, 00] {TEST AL, 0x44; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtQueryAttributesFile + B 77C85AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtQueryFullAttributesFile + 6 77C85B56 4 Bytes CALL 76C87B9F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtQueryFullAttributesFile + B 77C85B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtSetInformationFile + 6 77C861A6 4 Bytes [28, 45, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtSetInformationFile + B 77C861AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtSetInformationThread + 6 77C86206 4 Bytes [28, 46, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtSetInformationThread + B 77C8620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtUnmapViewOfSection + 6 77C86526 4 Bytes [68, 47, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtUnmapViewOfSection + B 77C8652B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtCreateFile + 6 77C85136 4 Bytes [28, 90, 4A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtCreateFile + B 77C8513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtMapViewOfSection + 6 77C85796 4 Bytes [28, 93, 4A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtMapViewOfSection + B 77C8579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenFile + 6 77C85846 4 Bytes [68, 90, 4A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenFile + B 77C8584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcess + 6 77C858F6 4 Bytes [A8, 91, 4A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcess + B 77C858FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcessToken + 6 77C85906 4 Bytes CALL 76C8A39C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcessToken + B 77C8590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcessTokenEx + 6 77C85916 4 Bytes [A8, 92, 4A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcessTokenEx + B 77C8591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThread + 6 77C85976 4 Bytes [68, 91, 4A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThread + B 77C8597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThreadToken + 6 77C85986 4 Bytes [68, 92, 4A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThreadToken + B 77C8598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThreadTokenEx + 6 77C85996 4 Bytes CALL 76C8A42D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThreadTokenEx + B 77C8599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtQueryAttributesFile + 6 77C85AA6 4 Bytes [A8, 90, 4A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtQueryAttributesFile + B 77C85AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtQueryFullAttributesFile + 6 77C85B56 4 Bytes CALL 76C8A5EB C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtQueryFullAttributesFile + B 77C85B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationFile + 6 77C861A6 4 Bytes [28, 91, 4A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationFile + B 77C861AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationThread + 6 77C86206 4 Bytes [28, 92, 4A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationThread + B 77C8620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtUnmapViewOfSection + 6 77C86526 4 Bytes [68, 93, 4A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtUnmapViewOfSection + B 77C8652B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtCreateFile + 6 77C85136 4 Bytes [28, 58, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtCreateFile + B 77C8513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtMapViewOfSection + 6 77C85796 4 Bytes [28, 5B, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtMapViewOfSection + B 77C8579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenFile + 6 77C85846 4 Bytes [68, 58, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenFile + B 77C8584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenProcess + 6 77C858F6 4 Bytes [A8, 59, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenProcess + B 77C858FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenProcessToken + 6 77C85906 4 Bytes CALL 76C8AD64 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenProcessToken + B 77C8590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenProcessTokenEx + 6 77C85916 4 Bytes [A8, 5A, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenProcessTokenEx + B 77C8591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenThread + 6 77C85976 4 Bytes [68, 59, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenThread + B 77C8597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenThreadToken + 6 77C85986 4 Bytes [68, 5A, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenThreadToken + B 77C8598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenThreadTokenEx + 6 77C85996 4 Bytes CALL 76C8ADF5 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtOpenThreadTokenEx + B 77C8599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtQueryAttributesFile + 6 77C85AA6 4 Bytes [A8, 58, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtQueryAttributesFile + B 77C85AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtQueryFullAttributesFile + 6 77C85B56 4 Bytes CALL 76C8AFB3 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtQueryFullAttributesFile + B 77C85B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtSetInformationFile + 6 77C861A6 4 Bytes [28, 59, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtSetInformationFile + B 77C861AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtSetInformationThread + 6 77C86206 4 Bytes [28, 5A, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtSetInformationThread + B 77C8620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtUnmapViewOfSection + 6 77C86526 4 Bytes [68, 5B, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5456] ntdll.dll!NtUnmapViewOfSection + B 77C8652B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtCreateFile + 6 77C85136 4 Bytes [28, EC, 30, 00] {SUB AH, CH; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtCreateFile + B 77C8513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtMapViewOfSection + 6 77C85796 4 Bytes [28, EF, 30, 00] {SUB BH, CH; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtMapViewOfSection + B 77C8579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtOpenFile + 6 77C85846 4 Bytes [68, EC, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtOpenFile + B 77C8584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtOpenProcess + 6 77C858F6 4 Bytes [A8, ED, 30, 00] {TEST AL, 0xed; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtOpenProcess + B 77C858FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtOpenProcessToken + 6 77C85906 4 Bytes CALL 76C889F8 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtOpenProcessToken + B 77C8590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtOpenProcessTokenEx + 6 77C85916 4 Bytes [A8, EE, 30, 00] {TEST AL, 0xee; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtOpenProcessTokenEx + B 77C8591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtOpenThread + 6 77C85976 4 Bytes [68, ED, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtOpenThread + B 77C8597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtOpenThreadToken + 6 77C85986 4 Bytes [68, EE, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtOpenThreadToken + B 77C8598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtOpenThreadTokenEx + 6 77C85996 4 Bytes CALL 76C88A89 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtOpenThreadTokenEx + B 77C8599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtQueryAttributesFile + 6 77C85AA6 4 Bytes [A8, EC, 30, 00] {TEST AL, 0xec; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtQueryAttributesFile + B 77C85AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtQueryFullAttributesFile + 6 77C85B56 4 Bytes CALL 76C88C47 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtQueryFullAttributesFile + B 77C85B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtSetInformationFile + 6 77C861A6 4 Bytes [28, ED, 30, 00] {SUB CH, CH; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtSetInformationFile + B 77C861AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtSetInformationThread + 6 77C86206 4 Bytes [28, EE, 30, 00] {SUB DH, CH; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtSetInformationThread + B 77C8620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtUnmapViewOfSection + 6 77C86526 4 Bytes [68, EF, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6880] ntdll.dll!NtUnmapViewOfSection + B 77C8652B 1 Byte [E2] ---- Devices - GMER 2.2 ---- Device \FileSystem\Ntfs \Ntfs 988BB1F8 Device \Driver\BTHUSB \Device\0000009c bthport.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys Device \Driver\BTHUSB \Device\0000009e bthport.sys ---- Trace I/O - GMER 2.2 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll >>UNKNOWN [0x8558d1f8]<< 8558d1f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x98ab8030] 98ab8030 Trace 3 CLASSPNP.SYS[8b7af59e] -> nt!IofCallDriver -> [0x98ab77b8] 98ab77b8 Trace 5 hpdskflt.sys[8b819f92] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x98982908] 98982908 Trace \Driver\atapi[0x9896ab48] -> IRP_MJ_CREATE -> 0x8558d1f8 8558d1f8 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b7d0cf8 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b7d0cf8@c8df7c150798 0xD2 0xEB 0xB7 0xCE ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b7d0cf8@183f47774b3a 0xD9 0xD9 0xCD 0x3A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6C 0xBD 0xBB 0xD9 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x36 0x30 0x41 0x99 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF2 0x1B 0xC2 0x86 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b7d0cf8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b7d0cf8@c8df7c150798 0xD2 0xEB 0xB7 0xCE ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b7d0cf8@183f47774b3a 0xD9 0xD9 0xCD 0x3A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6C 0xBD 0xBB 0xD9 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x36 0x30 0x41 0x99 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF2 0x1B 0xC2 0x86 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@7824AAEC 1783 Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@NewClientID 167 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{9FF74F57-7613-11E3-8EB0-806E6F6E6963} 9059121256 ---- EOF - GMER 2.2 ----