GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-23 10:41:33 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 FUJITSU_MHZ2160BH_G2 rev.8909 Running: lbsbln9x.exe; Driver: C:\Users\Admin\AppData\Local\Temp\fxddikoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwAllocateVirtualMemory [0x8B253D22] SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwCreateThread [0x8B2563EC] SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwCreateThreadEx [0x8B256528] SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwFreeVirtualMemory [0x8B2540A0] SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwQueueApcThread [0x8B25657E] SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwQueueApcThreadEx [0x8B2565CE] SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwSetContextThread [0x8B25661E] SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwWriteVirtualMemory [0x8B2541E4] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x910F4BAE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x910F49D2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x910F4B0C] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 82E82599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EA7092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 23C 82EAE88C 4 Bytes [22, 3D, 25, 8B] .text ntkrnlpa.exe!RtlSidHashLookup + 34C 82EAE99C 8 Bytes [EC, 63, 25, 8B, 28, 65, 25, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 3FC 82EAEA4C 4 Bytes [A0, 40, 25, 8B] .text ntkrnlpa.exe!RtlSidHashLookup + 624 82EAEC74 8 Bytes [7E, 65, 25, 8B, CE, 65, 25, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 6E0 82EAED30 4 Bytes [1E, 66, 25, 8B] .text ... PAGE ntkrnlpa.exe!ZwLoadDriver 82FE0313 7 Bytes JMP 910F4B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 830483BE 5 Bytes JMP 910F05D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 830620CD 5 Bytes JMP 910F2012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!NtCreateSection 83070303 7 Bytes JMP 910F49D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 8311A4DE 7 Bytes JMP 910F4BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtCreateFile + 6 779D46B6 4 Bytes [28, 00, 33, 00] {SUB [EAX], AL; XOR EAX, [EAX]} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtCreateFile + B 779D46BB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtMapViewOfSection + 6 779D4D16 1 Byte [28] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtMapViewOfSection + 6 779D4D16 4 Bytes [28, 03, 33, 00] {SUB [EBX], AL; XOR EAX, [EAX]} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtMapViewOfSection + B 779D4D1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenFile + 6 779D4DC6 4 Bytes [68, 00, 33, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenFile + B 779D4DCB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenProcess + 6 779D4E76 4 Bytes [A8, 01, 33, 00] {TEST AL, 0x1; XOR EAX, [EAX]} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenProcess + B 779D4E7B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenProcessToken + B 779D4E8B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenProcessTokenEx + 6 779D4E96 4 Bytes [A8, 02, 33, 00] {TEST AL, 0x2; XOR EAX, [EAX]} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenProcessTokenEx + B 779D4E9B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenThread + 6 779D4EF6 4 Bytes [68, 01, 33, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenThread + B 779D4EFB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenThreadToken + 6 779D4F06 4 Bytes [68, 02, 33, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenThreadToken + B 779D4F0B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenThreadTokenEx + B 779D4F1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtQueryAttributesFile + 6 779D5026 4 Bytes [A8, 00, 33, 00] {TEST AL, 0x0; XOR EAX, [EAX]} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtQueryAttributesFile + B 779D502B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtQueryFullAttributesFile + B 779D50DB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtSetInformationFile + 6 779D5726 4 Bytes [28, 01, 33, 00] {SUB [ECX], AL; XOR EAX, [EAX]} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtSetInformationFile + B 779D572B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtSetInformationThread + 6 779D5786 4 Bytes [28, 02, 33, 00] {SUB [EDX], AL; XOR EAX, [EAX]} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtSetInformationThread + B 779D578B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 1 Byte [68] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 4 Bytes [68, 03, 33, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtUnmapViewOfSection + B 779D5AAB 1 Byte [E2] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1288] kernel32.dll!SetUnhandledExceptionFilter 761430E2 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe[1928] ntdll.dll!KiUserApcDispatcher 779D6038 5 Bytes JMP 00020ED3 .text C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe[1928] USER32.dll!NotifyWinEvent + 48B 75E3F724 4 Bytes [36, 0F, 02, 00] {LAR EAX, SS:[EAX]} .text C:\Program Files\DrWeb\dwservice.exe[1960] USER32.dll!NotifyWinEvent + 48B 75E3F724 4 Bytes [36, 0F, 02, 00] {LAR EAX, SS:[EAX]} .text C:\Program Files\DrWeb\dwnetfilter.exe[2040] kernel32.dll!SetUnhandledExceptionFilter 761430E2 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\DrWeb\dwnetfilter.exe[2040] USER32.dll!NotifyWinEvent + 48B 75E3F724 4 Bytes [36, 0F, 02, 00] {LAR EAX, SS:[EAX]} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtCreateFile + 6 779D46B6 4 Bytes [28, 00, 1D, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtCreateFile + B 779D46BB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtMapViewOfSection + 6 779D4D16 1 Byte [28] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtMapViewOfSection + 6 779D4D16 4 Bytes [28, 03, 1D, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtMapViewOfSection + B 779D4D1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtOpenFile + 6 779D4DC6 4 Bytes [68, 00, 1D, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtOpenFile + B 779D4DCB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtOpenProcess + 6 779D4E76 4 Bytes [A8, 01, 1D, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtOpenProcess + B 779D4E7B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtOpenProcessToken + B 779D4E8B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtOpenProcessTokenEx + 6 779D4E96 4 Bytes [A8, 02, 1D, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtOpenProcessTokenEx + B 779D4E9B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtOpenThread + 6 779D4EF6 4 Bytes [68, 01, 1D, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtOpenThread + B 779D4EFB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtOpenThreadToken + 6 779D4F06 4 Bytes [68, 02, 1D, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtOpenThreadToken + B 779D4F0B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtOpenThreadTokenEx + B 779D4F1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtQueryAttributesFile + 6 779D5026 4 Bytes [A8, 00, 1D, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtQueryAttributesFile + B 779D502B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtQueryFullAttributesFile + B 779D50DB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtSetInformationFile + 6 779D5726 4 Bytes [28, 01, 1D, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtSetInformationFile + B 779D572B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtSetInformationThread + 6 779D5786 4 Bytes [28, 02, 1D, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtSetInformationThread + B 779D578B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 1 Byte [68] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 4 Bytes [68, 03, 1D, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3684] ntdll.dll!NtUnmapViewOfSection + B 779D5AAB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtCreateFile + 6 779D46B6 4 Bytes [28, 00, 28, 00] {SUB [EAX], AL; SUB [EAX], AL} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtCreateFile + B 779D46BB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtMapViewOfSection + 6 779D4D16 1 Byte [28] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtMapViewOfSection + 6 779D4D16 4 Bytes [28, 03, 28, 00] {SUB [EBX], AL; SUB [EAX], AL} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtMapViewOfSection + B 779D4D1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtOpenFile + 6 779D4DC6 4 Bytes [68, 00, 28, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtOpenFile + B 779D4DCB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtOpenProcess + 6 779D4E76 4 Bytes [A8, 01, 28, 00] {TEST AL, 0x1; SUB [EAX], AL} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtOpenProcess + B 779D4E7B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtOpenProcessToken + B 779D4E8B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtOpenProcessTokenEx + 6 779D4E96 4 Bytes [A8, 02, 28, 00] {TEST AL, 0x2; SUB [EAX], AL} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtOpenProcessTokenEx + B 779D4E9B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtOpenThread + 6 779D4EF6 4 Bytes [68, 01, 28, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtOpenThread + B 779D4EFB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtOpenThreadToken + 6 779D4F06 4 Bytes [68, 02, 28, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtOpenThreadToken + B 779D4F0B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtOpenThreadTokenEx + B 779D4F1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtQueryAttributesFile + 6 779D5026 4 Bytes [A8, 00, 28, 00] {TEST AL, 0x0; SUB [EAX], AL} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtQueryAttributesFile + B 779D502B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtQueryFullAttributesFile + B 779D50DB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtSetInformationFile + 6 779D5726 4 Bytes [28, 01, 28, 00] {SUB [ECX], AL; SUB [EAX], AL} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtSetInformationFile + B 779D572B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtSetInformationThread + 6 779D5786 4 Bytes [28, 02, 28, 00] {SUB [EDX], AL; SUB [EAX], AL} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtSetInformationThread + B 779D578B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 1 Byte [68] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 4 Bytes [68, 03, 28, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[3724] ntdll.dll!NtUnmapViewOfSection + B 779D5AAB 1 Byte [E2] .text C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe[3924] USER32.dll!NotifyWinEvent + 48B 75E3F724 4 Bytes [36, 0F, 02, 00] {LAR EAX, SS:[EAX]} .text C:\Program Files\DrWeb\spideragent.exe[4084] USER32.dll!NotifyWinEvent + 48B 75E3F724 4 Bytes [36, 0F, 02, 00] {LAR EAX, SS:[EAX]} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtCreateFile + 6 779D46B6 4 Bytes [28, 00, 19, 00] {SUB [EAX], AL; SBB [EAX], EAX} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtCreateFile + B 779D46BB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtMapViewOfSection + 6 779D4D16 1 Byte [28] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtMapViewOfSection + 6 779D4D16 4 Bytes [28, 03, 19, 00] {SUB [EBX], AL; SBB [EAX], EAX} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtMapViewOfSection + B 779D4D1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenFile + 6 779D4DC6 4 Bytes [68, 00, 19, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenFile + B 779D4DCB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenProcess + 6 779D4E76 4 Bytes [A8, 01, 19, 00] {TEST AL, 0x1; SBB [EAX], EAX} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenProcess + B 779D4E7B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenProcessToken + B 779D4E8B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenProcessTokenEx + 6 779D4E96 4 Bytes [A8, 02, 19, 00] {TEST AL, 0x2; SBB [EAX], EAX} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenProcessTokenEx + B 779D4E9B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenThread + 6 779D4EF6 4 Bytes [68, 01, 19, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenThread + B 779D4EFB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenThreadToken + 6 779D4F06 4 Bytes [68, 02, 19, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenThreadToken + B 779D4F0B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenThreadTokenEx + B 779D4F1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtQueryAttributesFile + 6 779D5026 4 Bytes [A8, 00, 19, 00] {TEST AL, 0x0; SBB [EAX], EAX} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtQueryAttributesFile + B 779D502B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtQueryFullAttributesFile + B 779D50DB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtSetInformationFile + 6 779D5726 4 Bytes [28, 01, 19, 00] {SUB [ECX], AL; SBB [EAX], EAX} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtSetInformationFile + B 779D572B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtSetInformationThread + 6 779D5786 4 Bytes [28, 02, 19, 00] {SUB [EDX], AL; SBB [EAX], EAX} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtSetInformationThread + B 779D578B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 1 Byte [68] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 4 Bytes [68, 03, 19, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtUnmapViewOfSection + B 779D5AAB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtCreateFile + 6 779D46B6 4 Bytes [28, 00, 43, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtCreateFile + B 779D46BB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtMapViewOfSection + 6 779D4D16 1 Byte [28] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtMapViewOfSection + 6 779D4D16 4 Bytes [28, 03, 43, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtMapViewOfSection + B 779D4D1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenFile + 6 779D4DC6 4 Bytes [68, 00, 43, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenFile + B 779D4DCB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenProcess + 6 779D4E76 4 Bytes [A8, 01, 43, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenProcess + B 779D4E7B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenProcessToken + B 779D4E8B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenProcessTokenEx + 6 779D4E96 4 Bytes [A8, 02, 43, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenProcessTokenEx + B 779D4E9B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenThread + 6 779D4EF6 4 Bytes [68, 01, 43, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenThread + B 779D4EFB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenThreadToken + 6 779D4F06 4 Bytes [68, 02, 43, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenThreadToken + B 779D4F0B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtOpenThreadTokenEx + B 779D4F1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtQueryAttributesFile + 6 779D5026 4 Bytes [A8, 00, 43, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtQueryAttributesFile + B 779D502B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtQueryFullAttributesFile + B 779D50DB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtSetInformationFile + 6 779D5726 4 Bytes [28, 01, 43, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtSetInformationFile + B 779D572B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtSetInformationThread + 6 779D5786 4 Bytes [28, 02, 43, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtSetInformationThread + B 779D578B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 1 Byte [68] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 4 Bytes [68, 03, 43, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4860] ntdll.dll!NtUnmapViewOfSection + B 779D5AAB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtCreateFile + 6 779D46B6 4 Bytes [28, 00, 2E, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtCreateFile + B 779D46BB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtMapViewOfSection + 6 779D4D16 1 Byte [28] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtMapViewOfSection + 6 779D4D16 4 Bytes [28, 03, 2E, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtMapViewOfSection + B 779D4D1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtOpenFile + 6 779D4DC6 4 Bytes [68, 00, 2E, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtOpenFile + B 779D4DCB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtOpenProcess + 6 779D4E76 4 Bytes [A8, 01, 2E, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtOpenProcess + B 779D4E7B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtOpenProcessToken + B 779D4E8B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtOpenProcessTokenEx + 6 779D4E96 4 Bytes [A8, 02, 2E, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtOpenProcessTokenEx + B 779D4E9B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtOpenThread + 6 779D4EF6 4 Bytes [68, 01, 2E, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtOpenThread + B 779D4EFB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtOpenThreadToken + 6 779D4F06 4 Bytes [68, 02, 2E, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtOpenThreadToken + B 779D4F0B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtOpenThreadTokenEx + B 779D4F1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtQueryAttributesFile + 6 779D5026 4 Bytes [A8, 00, 2E, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtQueryAttributesFile + B 779D502B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtQueryFullAttributesFile + B 779D50DB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtSetInformationFile + 6 779D5726 4 Bytes [28, 01, 2E, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtSetInformationFile + B 779D572B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtSetInformationThread + 6 779D5786 4 Bytes [28, 02, 2E, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtSetInformationThread + B 779D578B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 1 Byte [68] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 4 Bytes [68, 03, 2E, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4924] ntdll.dll!NtUnmapViewOfSection + B 779D5AAB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtCreateFile + 6 779D46B6 4 Bytes [28, 00, 35, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtCreateFile + B 779D46BB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtMapViewOfSection + 6 779D4D16 1 Byte [28] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtMapViewOfSection + 6 779D4D16 4 Bytes [28, 03, 35, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtMapViewOfSection + B 779D4D1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenFile + 6 779D4DC6 4 Bytes [68, 00, 35, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenFile + B 779D4DCB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenProcess + 6 779D4E76 4 Bytes [A8, 01, 35, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenProcess + B 779D4E7B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenProcessToken + B 779D4E8B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenProcessTokenEx + 6 779D4E96 4 Bytes [A8, 02, 35, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenProcessTokenEx + B 779D4E9B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenThread + 6 779D4EF6 4 Bytes [68, 01, 35, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenThread + B 779D4EFB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenThreadToken + 6 779D4F06 4 Bytes [68, 02, 35, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenThreadToken + B 779D4F0B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenThreadTokenEx + B 779D4F1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtQueryAttributesFile + 6 779D5026 4 Bytes [A8, 00, 35, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtQueryAttributesFile + B 779D502B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtQueryFullAttributesFile + B 779D50DB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtSetInformationFile + 6 779D5726 4 Bytes [28, 01, 35, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtSetInformationFile + B 779D572B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtSetInformationThread + 6 779D5786 4 Bytes [28, 02, 35, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtSetInformationThread + B 779D578B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 1 Byte [68] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 4 Bytes [68, 03, 35, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtUnmapViewOfSection + B 779D5AAB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtCreateFile + 6 779D46B6 4 Bytes [28, 00, 1F, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtCreateFile + B 779D46BB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtMapViewOfSection + 6 779D4D16 1 Byte [28] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtMapViewOfSection + 6 779D4D16 4 Bytes [28, 03, 1F, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtMapViewOfSection + B 779D4D1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenFile + 6 779D4DC6 4 Bytes [68, 00, 1F, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenFile + B 779D4DCB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenProcess + 6 779D4E76 4 Bytes [A8, 01, 1F, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenProcess + B 779D4E7B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenProcessToken + B 779D4E8B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenProcessTokenEx + 6 779D4E96 4 Bytes [A8, 02, 1F, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenProcessTokenEx + B 779D4E9B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenThread + 6 779D4EF6 4 Bytes [68, 01, 1F, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenThread + B 779D4EFB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenThreadToken + 6 779D4F06 4 Bytes [68, 02, 1F, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenThreadToken + B 779D4F0B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenThreadTokenEx + B 779D4F1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtQueryAttributesFile + 6 779D5026 4 Bytes [A8, 00, 1F, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtQueryAttributesFile + B 779D502B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtQueryFullAttributesFile + B 779D50DB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtSetInformationFile + 6 779D5726 4 Bytes [28, 01, 1F, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtSetInformationFile + B 779D572B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtSetInformationThread + 6 779D5786 4 Bytes [28, 02, 1F, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtSetInformationThread + B 779D578B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 1 Byte [68] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 4 Bytes [68, 03, 1F, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtUnmapViewOfSection + B 779D5AAB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtCreateFile + 6 779D46B6 4 Bytes [28, 00, 45, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtCreateFile + B 779D46BB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtMapViewOfSection + 6 779D4D16 1 Byte [28] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtMapViewOfSection + 6 779D4D16 4 Bytes [28, 03, 45, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtMapViewOfSection + B 779D4D1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenFile + 6 779D4DC6 4 Bytes [68, 00, 45, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenFile + B 779D4DCB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcess + 6 779D4E76 4 Bytes [A8, 01, 45, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcess + B 779D4E7B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessToken + B 779D4E8B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessTokenEx + 6 779D4E96 4 Bytes [A8, 02, 45, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessTokenEx + B 779D4E9B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThread + 6 779D4EF6 4 Bytes [68, 01, 45, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThread + B 779D4EFB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadToken + 6 779D4F06 4 Bytes [68, 02, 45, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadToken + B 779D4F0B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadTokenEx + B 779D4F1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryAttributesFile + 6 779D5026 4 Bytes [A8, 00, 45, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryAttributesFile + B 779D502B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryFullAttributesFile + B 779D50DB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationFile + 6 779D5726 4 Bytes [28, 01, 45, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationFile + B 779D572B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationThread + 6 779D5786 4 Bytes [28, 02, 45, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationThread + B 779D578B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 1 Byte [68] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 4 Bytes [68, 03, 45, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtUnmapViewOfSection + B 779D5AAB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtCreateFile + 6 779D46B6 4 Bytes [28, 00, 17, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtCreateFile + B 779D46BB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtMapViewOfSection + 6 779D4D16 1 Byte [28] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtMapViewOfSection + 6 779D4D16 4 Bytes [28, 03, 17, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtMapViewOfSection + B 779D4D1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenFile + 6 779D4DC6 4 Bytes [68, 00, 17, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenFile + B 779D4DCB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcess + 6 779D4E76 4 Bytes [A8, 01, 17, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcess + B 779D4E7B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessToken + B 779D4E8B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessTokenEx + 6 779D4E96 4 Bytes [A8, 02, 17, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessTokenEx + B 779D4E9B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThread + 6 779D4EF6 4 Bytes [68, 01, 17, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThread + B 779D4EFB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadToken + 6 779D4F06 4 Bytes [68, 02, 17, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadToken + B 779D4F0B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadTokenEx + B 779D4F1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryAttributesFile + 6 779D5026 4 Bytes [A8, 00, 17, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryAttributesFile + B 779D502B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryFullAttributesFile + B 779D50DB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationFile + 6 779D5726 4 Bytes [28, 01, 17, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationFile + B 779D572B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationThread + 6 779D5786 4 Bytes [28, 02, 17, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationThread + B 779D578B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 1 Byte [68] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 4 Bytes [68, 03, 17, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtUnmapViewOfSection + B 779D5AAB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtCreateFile + 6 779D46B6 4 Bytes [28, 00, 45, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtCreateFile + B 779D46BB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtMapViewOfSection + 6 779D4D16 1 Byte [28] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtMapViewOfSection + 6 779D4D16 4 Bytes [28, 03, 45, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtMapViewOfSection + B 779D4D1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenFile + 6 779D4DC6 4 Bytes [68, 00, 45, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenFile + B 779D4DCB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcess + 6 779D4E76 4 Bytes [A8, 01, 45, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcess + B 779D4E7B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcessToken + B 779D4E8B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcessTokenEx + 6 779D4E96 4 Bytes [A8, 02, 45, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcessTokenEx + B 779D4E9B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThread + 6 779D4EF6 4 Bytes [68, 01, 45, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThread + B 779D4EFB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThreadToken + 6 779D4F06 4 Bytes [68, 02, 45, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThreadToken + B 779D4F0B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThreadTokenEx + B 779D4F1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtQueryAttributesFile + 6 779D5026 4 Bytes [A8, 00, 45, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtQueryAttributesFile + B 779D502B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtQueryFullAttributesFile + B 779D50DB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtSetInformationFile + 6 779D5726 4 Bytes [28, 01, 45, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtSetInformationFile + B 779D572B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtSetInformationThread + 6 779D5786 4 Bytes [28, 02, 45, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtSetInformationThread + B 779D578B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 1 Byte [68] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 4 Bytes [68, 03, 45, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtUnmapViewOfSection + B 779D5AAB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtCreateFile + 6 779D46B6 4 Bytes [28, 00, 3E, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtCreateFile + B 779D46BB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtMapViewOfSection + 6 779D4D16 1 Byte [28] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtMapViewOfSection + 6 779D4D16 4 Bytes [28, 03, 3E, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtMapViewOfSection + B 779D4D1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenFile + 6 779D4DC6 4 Bytes [68, 00, 3E, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenFile + B 779D4DCB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcess + 6 779D4E76 4 Bytes [A8, 01, 3E, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcess + B 779D4E7B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcessToken + B 779D4E8B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcessTokenEx + 6 779D4E96 4 Bytes [A8, 02, 3E, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcessTokenEx + B 779D4E9B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThread + 6 779D4EF6 4 Bytes [68, 01, 3E, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThread + B 779D4EFB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThreadToken + 6 779D4F06 4 Bytes [68, 02, 3E, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThreadToken + B 779D4F0B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThreadTokenEx + B 779D4F1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryAttributesFile + 6 779D5026 4 Bytes [A8, 00, 3E, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryAttributesFile + B 779D502B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryFullAttributesFile + B 779D50DB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationFile + 6 779D5726 4 Bytes [28, 01, 3E, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationFile + B 779D572B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationThread + 6 779D5786 4 Bytes [28, 02, 3E, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationThread + B 779D578B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 1 Byte [68] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 4 Bytes [68, 03, 3E, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtUnmapViewOfSection + B 779D5AAB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtCreateFile + 6 779D46B6 4 Bytes [28, 00, 3C, 00] {SUB [EAX], AL; CMP AL, 0x0} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtCreateFile + B 779D46BB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtMapViewOfSection + 6 779D4D16 1 Byte [28] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtMapViewOfSection + 6 779D4D16 4 Bytes [28, 03, 3C, 00] {SUB [EBX], AL; CMP AL, 0x0} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtMapViewOfSection + B 779D4D1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenFile + 6 779D4DC6 4 Bytes [68, 00, 3C, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenFile + B 779D4DCB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenProcess + 6 779D4E76 4 Bytes [A8, 01, 3C, 00] {TEST AL, 0x1; CMP AL, 0x0} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenProcess + B 779D4E7B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenProcessToken + B 779D4E8B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenProcessTokenEx + 6 779D4E96 4 Bytes [A8, 02, 3C, 00] {TEST AL, 0x2; CMP AL, 0x0} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenProcessTokenEx + B 779D4E9B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenThread + 6 779D4EF6 4 Bytes [68, 01, 3C, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenThread + B 779D4EFB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenThreadToken + 6 779D4F06 4 Bytes [68, 02, 3C, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenThreadToken + B 779D4F0B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenThreadTokenEx + B 779D4F1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtQueryAttributesFile + 6 779D5026 4 Bytes [A8, 00, 3C, 00] {TEST AL, 0x0; CMP AL, 0x0} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtQueryAttributesFile + B 779D502B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtQueryFullAttributesFile + B 779D50DB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtSetInformationFile + 6 779D5726 4 Bytes [28, 01, 3C, 00] {SUB [ECX], AL; CMP AL, 0x0} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtSetInformationFile + B 779D572B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtSetInformationThread + 6 779D5786 4 Bytes [28, 02, 3C, 00] {SUB [EDX], AL; CMP AL, 0x0} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtSetInformationThread + B 779D578B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 1 Byte [68] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 4 Bytes [68, 03, 3C, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtUnmapViewOfSection + B 779D5AAB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtCreateFile + 6 779D46B6 4 Bytes [28, 00, 42, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtCreateFile + B 779D46BB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtMapViewOfSection + 6 779D4D16 1 Byte [28] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtMapViewOfSection + 6 779D4D16 4 Bytes [28, 03, 42, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtMapViewOfSection + B 779D4D1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtOpenFile + 6 779D4DC6 4 Bytes [68, 00, 42, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtOpenFile + B 779D4DCB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtOpenProcess + 6 779D4E76 4 Bytes [A8, 01, 42, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtOpenProcess + B 779D4E7B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtOpenProcessToken + B 779D4E8B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtOpenProcessTokenEx + 6 779D4E96 4 Bytes [A8, 02, 42, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtOpenProcessTokenEx + B 779D4E9B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtOpenThread + 6 779D4EF6 4 Bytes [68, 01, 42, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtOpenThread + B 779D4EFB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtOpenThreadToken + 6 779D4F06 4 Bytes [68, 02, 42, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtOpenThreadToken + B 779D4F0B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtOpenThreadTokenEx + B 779D4F1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtQueryAttributesFile + 6 779D5026 4 Bytes [A8, 00, 42, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtQueryAttributesFile + B 779D502B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtQueryFullAttributesFile + B 779D50DB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtSetInformationFile + 6 779D5726 4 Bytes [28, 01, 42, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtSetInformationFile + B 779D572B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtSetInformationThread + 6 779D5786 4 Bytes [28, 02, 42, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtSetInformationThread + B 779D578B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 1 Byte [68] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 4 Bytes [68, 03, 42, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[5720] ntdll.dll!NtUnmapViewOfSection + B 779D5AAB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtCreateFile + 6 779D46B6 4 Bytes [28, 00, 2B, 00] {SUB [EAX], AL; SUB EAX, [EAX]} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtCreateFile + B 779D46BB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtMapViewOfSection + 6 779D4D16 1 Byte [28] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtMapViewOfSection + 6 779D4D16 4 Bytes [28, 03, 2B, 00] {SUB [EBX], AL; SUB EAX, [EAX]} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtMapViewOfSection + B 779D4D1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenFile + 6 779D4DC6 4 Bytes [68, 00, 2B, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenFile + B 779D4DCB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcess + 6 779D4E76 4 Bytes [A8, 01, 2B, 00] {TEST AL, 0x1; SUB EAX, [EAX]} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcess + B 779D4E7B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcessToken + B 779D4E8B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcessTokenEx + 6 779D4E96 4 Bytes [A8, 02, 2B, 00] {TEST AL, 0x2; SUB EAX, [EAX]} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcessTokenEx + B 779D4E9B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThread + 6 779D4EF6 4 Bytes [68, 01, 2B, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThread + B 779D4EFB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThreadToken + 6 779D4F06 4 Bytes [68, 02, 2B, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThreadToken + B 779D4F0B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThreadTokenEx + B 779D4F1B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtQueryAttributesFile + 6 779D5026 4 Bytes [A8, 00, 2B, 00] {TEST AL, 0x0; SUB EAX, [EAX]} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtQueryAttributesFile + B 779D502B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtQueryFullAttributesFile + B 779D50DB 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtSetInformationFile + 6 779D5726 4 Bytes [28, 01, 2B, 00] {SUB [ECX], AL; SUB EAX, [EAX]} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtSetInformationFile + B 779D572B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtSetInformationThread + 6 779D5786 4 Bytes [28, 02, 2B, 00] {SUB [EDX], AL; SUB EAX, [EAX]} .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtSetInformationThread + B 779D578B 1 Byte [E2] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 1 Byte [68] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtUnmapViewOfSection + 6 779D5AA6 4 Bytes [68, 03, 2B, 00] .text C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtUnmapViewOfSection + B 779D5AAB 1 Byte [E2] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746C24FA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746A565B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746A5719] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746C2575] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746B85D9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746B4D8D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746B5134] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746B5209] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746B6736] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746B8330] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [746B887F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746B90E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [746BE283] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [746B4CBF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) AttachedDevice \Driver\tdx \Device\RawIp dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ---- Threads - GMER 1.0.15 ---- Thread System [4:3676] C1E36F2E ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x20 0xFD 0x38 0x8E ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0xCF 0x16 0x20 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x28 0x04 0xD2 0x2D ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x20 0xFD 0x38 0x8E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0xCF 0x16 0x20 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x28 0x04 0xD2 0x2D ... ---- Files - GMER 1.0.15 ---- File C:\Users\Bednarczyk\AppData\Local\Temp\fla49CC.tmp 0 bytes ---- EOF - GMER 1.0.15 ----