GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-16 12:00:54 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\0000005d ST332062 rev.3.AA 298,09GB Running: bjowwzrg.exe; Driver: C:\Users\Damian\AppData\Local\Temp\awrdrpog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x91431ACC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x914EE31C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x914325AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x9143E67A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x9143E6C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x9143E860] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x9143E5E8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x914EE6F6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x9143E630] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x914EE986] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x914EEA70] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x9143E81A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x91433398] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x91431B32] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwDuplicateObject [0x914EEB74] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0x914EE3F4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwLoadDriver [0x914EB78E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x914EE7D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x91431B98] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x91436FE0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x91433EDC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x9143E6A4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x9143E6E8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x9143E884] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x9143E60E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x914364E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x9143E798] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x9143E658] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x914368CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x9143E83E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x914EE574] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x91433CF4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x91433A02] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x91431BFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x91431C64] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x914EE8D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x914317B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x9143198A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x91431918] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x91433562] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x914336C4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x91431A12] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x914EE642] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x914331F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0x914EB7BE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x91431CCA] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x914EE4A6] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8364B579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8366FF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 214 83677714 4 Bytes [CC, 1A, 43, 91] {INT 3 ; SBB AL, [EBX-0x6f]} .text ntkrnlpa.exe!RtlSidHashLookup + 23C 8367773C 4 Bytes [1C, E3, 4E, 91] {SBB AL, 0xe3; DEC ESI; XCHG ECX, EAX} .text ntkrnlpa.exe!RtlSidHashLookup + 29C 8367779C 4 Bytes [AA, 25, 43, 91] .text ntkrnlpa.exe!RtlSidHashLookup + 2F0 836777F0 8 Bytes [7A, E6, 43, 91, C6, E6, 43, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 2FC 836777FC 4 Bytes CALL 85210944 .text ... .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8955FFEE] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92615000, 0x2BFBF0, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtMapViewOfSection + 6 77475076 4 Bytes [18, 20, A4, 66] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtMapViewOfSection + B 7747507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!LdrUnloadDll 7748BE7F 5 Bytes JMP 000E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!LdrLoadDll 7748F585 5 Bytes JMP 000E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtCreateFile + 6 77474A16 4 Bytes CALL 5A464B1D .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtCreateFile + B 77474A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtMapViewOfSection + 6 77475076 4 Bytes [28, EB, 02, 01] {SUB BL, CH; ADD AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtMapViewOfSection + B 7747507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtOpenFile + 6 77475126 4 Bytes CALL 5A46522D .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtOpenFile + B 7747512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtOpenProcess + 6 774751D6 4 Bytes JMP 5A4652DD .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtOpenProcess + B 774751DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtOpenProcessToken + 6 774751E6 4 Bytes CALL 764854D4 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtOpenProcessToken + B 774751EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtOpenProcessTokenEx + 6 774751F6 4 Bytes JMP E2FF0102 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtOpenProcessTokenEx + B 774751FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtOpenThread + 6 77475256 4 Bytes JMP 5A46535D .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtOpenThread + B 7747525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtOpenThreadToken + 6 77475266 4 Bytes JMP E2FF0102 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtOpenThreadToken + B 7747526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtOpenThreadTokenEx + 6 77475276 4 Bytes CALL 76485565 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtOpenThreadTokenEx + B 7747527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtQueryAttributesFile + 6 77475386 4 Bytes CALL 5A46548D .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtQueryAttributesFile + B 7747538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtQueryFullAttributesFile + 6 77475436 4 Bytes CALL 76485723 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtQueryFullAttributesFile + B 7747543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtSetInformationFile + 6 77475A86 4 Bytes JMP 5A465B8D .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtSetInformationFile + B 77475A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtSetInformationThread + 6 77475AE6 4 Bytes JMP E2FF0102 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtSetInformationThread + B 77475AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtUnmapViewOfSection + 6 77475E06 4 Bytes [68, EB, 02, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtUnmapViewOfSection + B 77475E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!LdrUnloadDll 7748BE7F 5 Bytes JMP 010F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!LdrLoadDll 7748F585 5 Bytes JMP 010F01F8 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1504] kernel32.dll!SetUnhandledExceptionFilter 76FE3142 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtCreateFile + 6 77474A16 4 Bytes [28, 24, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtCreateFile + B 77474A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtMapViewOfSection + 6 77475076 4 Bytes [28, 27, E0, 00] {SUB [EDI], AH; LOOPNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtMapViewOfSection + B 7747507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenFile + 6 77475126 4 Bytes [68, 24, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenFile + B 7747512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenProcess + 6 774751D6 4 Bytes [A8, 25, E0, 00] {TEST AL, 0x25; LOOPNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenProcess + B 774751DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenProcessToken + 6 774751E6 4 Bytes CALL 76483210 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenProcessToken + B 774751EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenProcessTokenEx + 6 774751F6 4 Bytes [A8, 26, E0, 00] {TEST AL, 0x26; LOOPNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenProcessTokenEx + B 774751FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenThread + 6 77475256 4 Bytes [68, 25, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenThread + B 7747525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenThreadToken + 6 77475266 4 Bytes [68, 26, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenThreadToken + B 7747526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenThreadTokenEx + 6 77475276 4 Bytes CALL 764832A1 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenThreadTokenEx + B 7747527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtQueryAttributesFile + 6 77475386 4 Bytes [A8, 24, E0, 00] {TEST AL, 0x24; LOOPNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtQueryAttributesFile + B 7747538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtQueryFullAttributesFile + 6 77475436 4 Bytes CALL 7648345F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtQueryFullAttributesFile + B 7747543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtSetInformationFile + 6 77475A86 4 Bytes [28, 25, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtSetInformationFile + B 77475A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtSetInformationThread + 6 77475AE6 4 Bytes [28, 26, E0, 00] {SUB [ESI], AH; LOOPNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtSetInformationThread + B 77475AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtUnmapViewOfSection + 6 77475E06 4 Bytes [68, 27, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtUnmapViewOfSection + B 77475E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!LdrUnloadDll 7748BE7F 5 Bytes JMP 00F103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!LdrLoadDll 7748F585 5 Bytes JMP 00F101F8 .text C:\Program Files\AVAST Software\Avast\avastui.exe[2108] kernel32.dll!SetUnhandledExceptionFilter 76FE3142 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtCreateFile + 6 77474A16 4 Bytes [28, B4, F9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtCreateFile + B 77474A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtMapViewOfSection + 6 77475076 4 Bytes [28, B7, F9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtMapViewOfSection + B 7747507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenFile + 6 77475126 4 Bytes [68, B4, F9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenFile + B 7747512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenProcess + 6 774751D6 4 Bytes [A8, B5, F9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenProcess + B 774751DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenProcessToken + 6 774751E6 4 Bytes CALL 76484BA0 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenProcessToken + B 774751EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenProcessTokenEx + 6 774751F6 4 Bytes [A8, B6, F9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenProcessTokenEx + B 774751FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenThread + 6 77475256 4 Bytes [68, B5, F9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenThread + B 7747525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenThreadToken + 6 77475266 4 Bytes [68, B6, F9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenThreadToken + B 7747526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenThreadTokenEx + 6 77475276 4 Bytes CALL 76484C31 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenThreadTokenEx + B 7747527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtQueryAttributesFile + 6 77475386 4 Bytes [A8, B4, F9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtQueryAttributesFile + B 7747538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtQueryFullAttributesFile + 6 77475436 4 Bytes CALL 76484DEF C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtQueryFullAttributesFile + B 7747543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtSetInformationFile + 6 77475A86 4 Bytes [28, B5, F9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtSetInformationFile + B 77475A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtSetInformationThread + 6 77475AE6 4 Bytes [28, B6, F9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtSetInformationThread + B 77475AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtUnmapViewOfSection + 6 77475E06 4 Bytes [68, B7, F9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtUnmapViewOfSection + B 77475E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!LdrUnloadDll 7748BE7F 5 Bytes JMP 010603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!LdrLoadDll 7748F585 5 Bytes JMP 010601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtCreateFile + 6 77474A16 4 Bytes [28, CC, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtCreateFile + B 77474A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtMapViewOfSection + 6 77475076 4 Bytes [28, CF, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtMapViewOfSection + B 7747507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenFile + 6 77475126 4 Bytes [68, CC, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenFile + B 7747512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcess + 6 774751D6 4 Bytes [A8, CD, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcess + B 774751DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcessToken + 6 774751E6 4 Bytes CALL 76481DB8 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcessToken + B 774751EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcessTokenEx + 6 774751F6 4 Bytes [A8, CE, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcessTokenEx + B 774751FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThread + 6 77475256 4 Bytes [68, CD, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThread + B 7747525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThreadToken + 6 77475266 4 Bytes [68, CE, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThreadToken + B 7747526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThreadTokenEx + 6 77475276 4 Bytes CALL 76481E49 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThreadTokenEx + B 7747527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtQueryAttributesFile + 6 77475386 4 Bytes [A8, CC, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtQueryAttributesFile + B 7747538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtQueryFullAttributesFile + 6 77475436 4 Bytes CALL 76482007 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtQueryFullAttributesFile + B 7747543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationFile + 6 77475A86 4 Bytes [28, CD, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationFile + B 77475A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationThread + 6 77475AE6 4 Bytes [28, CE, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationThread + B 77475AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtUnmapViewOfSection + 6 77475E06 4 Bytes [68, CF, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtUnmapViewOfSection + B 77475E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!LdrUnloadDll 7748BE7F 5 Bytes JMP 00DC03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!LdrLoadDll 7748F585 5 Bytes JMP 00DC01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtCreateFile + 6 77474A16 4 Bytes [28, 44, 8B, 00] {SUB [EBX+ECX*4+0x0], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtCreateFile + B 77474A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtMapViewOfSection + 6 77475076 4 Bytes [28, 47, 8B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtMapViewOfSection + B 7747507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenFile + 6 77475126 4 Bytes [68, 44, 8B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenFile + B 7747512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcess + 6 774751D6 4 Bytes [A8, 45, 8B, 00] {TEST AL, 0x45; MOV EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcess + B 774751DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcessToken + B 774751EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcessTokenEx + 6 774751F6 4 Bytes [A8, 46, 8B, 00] {TEST AL, 0x46; MOV EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcessTokenEx + B 774751FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThread + 6 77475256 4 Bytes [68, 45, 8B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThread + B 7747525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThreadToken + 6 77475266 4 Bytes [68, 46, 8B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThreadToken + B 7747526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThreadTokenEx + B 7747527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtQueryAttributesFile + 6 77475386 4 Bytes [A8, 44, 8B, 00] {TEST AL, 0x44; MOV EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtQueryAttributesFile + B 7747538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtQueryFullAttributesFile + B 7747543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtSetInformationFile + 6 77475A86 4 Bytes [28, 45, 8B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtSetInformationFile + B 77475A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtSetInformationThread + 6 77475AE6 4 Bytes [28, 46, 8B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtSetInformationThread + B 77475AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtUnmapViewOfSection + 6 77475E06 4 Bytes [68, 47, 8B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtUnmapViewOfSection + B 77475E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!LdrUnloadDll 7748BE7F 5 Bytes JMP 00A803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!LdrLoadDll 7748F585 5 Bytes JMP 00A801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtCreateFile + 6 77474A16 4 Bytes [28, 1C, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtCreateFile + B 77474A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + 6 77475076 4 Bytes [28, 1F, D2, 00] {SUB [EDI], BL; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + B 7747507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenFile + 6 77475126 4 Bytes [68, 1C, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenFile + B 7747512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcess + 6 774751D6 4 Bytes [A8, 1D, D2, 00] {TEST AL, 0x1d; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcess + B 774751DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessToken + 6 774751E6 4 Bytes CALL 76482408 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessToken + B 774751EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessTokenEx + 6 774751F6 4 Bytes [A8, 1E, D2, 00] {TEST AL, 0x1e; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessTokenEx + B 774751FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThread + 6 77475256 4 Bytes [68, 1D, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThread + B 7747525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadToken + 6 77475266 4 Bytes [68, 1E, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadToken + B 7747526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadTokenEx + 6 77475276 4 Bytes CALL 76482499 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadTokenEx + B 7747527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryAttributesFile + 6 77475386 4 Bytes [A8, 1C, D2, 00] {TEST AL, 0x1c; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryAttributesFile + B 7747538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryFullAttributesFile + 6 77475436 4 Bytes CALL 76482657 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryFullAttributesFile + B 7747543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationFile + 6 77475A86 4 Bytes [28, 1D, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationFile + B 77475A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationThread + 6 77475AE6 4 Bytes [28, 1E, D2, 00] {SUB [ESI], BL; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationThread + B 77475AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + 6 77475E06 4 Bytes [68, 1F, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + B 77475E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!LdrUnloadDll 7748BE7F 5 Bytes JMP 00D803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!LdrLoadDll 7748F585 5 Bytes JMP 00D801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtCreateFile + 6 77474A16 4 Bytes [28, 4C, 9B, 00] {SUB [EBX+EBX*4+0x0], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtCreateFile + B 77474A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtMapViewOfSection + 6 77475076 4 Bytes [28, 4F, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtMapViewOfSection + B 7747507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtOpenFile + 6 77475126 4 Bytes [68, 4C, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtOpenFile + B 7747512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtOpenProcess + 6 774751D6 4 Bytes [A8, 4D, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtOpenProcess + B 774751DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtOpenProcessToken + B 774751EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtOpenProcessTokenEx + 6 774751F6 4 Bytes [A8, 4E, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtOpenProcessTokenEx + B 774751FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtOpenThread + 6 77475256 4 Bytes [68, 4D, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtOpenThread + B 7747525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtOpenThreadToken + 6 77475266 4 Bytes [68, 4E, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtOpenThreadToken + B 7747526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtOpenThreadTokenEx + B 7747527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtQueryAttributesFile + 6 77475386 4 Bytes [A8, 4C, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtQueryAttributesFile + B 7747538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtQueryFullAttributesFile + B 7747543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtSetInformationFile + 6 77475A86 4 Bytes [28, 4D, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtSetInformationFile + B 77475A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtSetInformationThread + 6 77475AE6 4 Bytes [28, 4E, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtSetInformationThread + B 77475AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtUnmapViewOfSection + 6 77475E06 4 Bytes [68, 4F, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!NtUnmapViewOfSection + B 77475E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!LdrUnloadDll 7748BE7F 5 Bytes JMP 00A803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5244] ntdll.dll!LdrLoadDll 7748F585 5 Bytes JMP 00A801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtCreateFile + 6 77474A16 4 Bytes [28, 2C, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtCreateFile + B 77474A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtMapViewOfSection + 6 77475076 4 Bytes [28, 2F, E1, 00] {SUB [EDI], CH; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtMapViewOfSection + B 7747507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenFile + 6 77475126 4 Bytes [68, 2C, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenFile + B 7747512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcess + 6 774751D6 4 Bytes [A8, 2D, E1, 00] {TEST AL, 0x2d; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcess + B 774751DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcessToken + 6 774751E6 4 Bytes CALL 76483318 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcessToken + B 774751EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcessTokenEx + 6 774751F6 4 Bytes [A8, 2E, E1, 00] {TEST AL, 0x2e; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcessTokenEx + B 774751FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThread + 6 77475256 4 Bytes [68, 2D, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThread + B 7747525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThreadToken + 6 77475266 4 Bytes [68, 2E, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThreadToken + B 7747526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThreadTokenEx + 6 77475276 4 Bytes CALL 764833A9 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThreadTokenEx + B 7747527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtQueryAttributesFile + 6 77475386 4 Bytes [A8, 2C, E1, 00] {TEST AL, 0x2c; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtQueryAttributesFile + B 7747538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtQueryFullAttributesFile + 6 77475436 4 Bytes CALL 76483567 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtQueryFullAttributesFile + B 7747543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtSetInformationFile + 6 77475A86 4 Bytes [28, 2D, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtSetInformationFile + B 77475A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtSetInformationThread + 6 77475AE6 4 Bytes [28, 2E, E1, 00] {SUB [ESI], CH; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtSetInformationThread + B 77475AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtUnmapViewOfSection + 6 77475E06 4 Bytes [68, 2F, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtUnmapViewOfSection + B 77475E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!LdrUnloadDll 7748BE7F 5 Bytes JMP 00ED03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!LdrLoadDll 7748F585 5 Bytes JMP 00ED01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtCreateFile + 6 77474A16 4 Bytes [28, 24, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtCreateFile + B 77474A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtMapViewOfSection + 6 77475076 4 Bytes [28, 27, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtMapViewOfSection + B 7747507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenFile + 6 77475126 4 Bytes [68, 24, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenFile + B 7747512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcess + 6 774751D6 4 Bytes [A8, 25, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcess + B 774751DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcessToken + 6 774751E6 4 Bytes CALL 76481010 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcessToken + B 774751EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcessTokenEx + 6 774751F6 4 Bytes [A8, 26, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcessTokenEx + B 774751FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThread + 6 77475256 4 Bytes [68, 25, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThread + B 7747525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThreadToken + 6 77475266 4 Bytes [68, 26, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThreadToken + B 7747526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThreadTokenEx + 6 77475276 4 Bytes CALL 764810A1 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThreadTokenEx + B 7747527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtQueryAttributesFile + 6 77475386 4 Bytes [A8, 24, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtQueryAttributesFile + B 7747538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtQueryFullAttributesFile + 6 77475436 4 Bytes CALL 7648125F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtQueryFullAttributesFile + B 7747543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtSetInformationFile + 6 77475A86 4 Bytes [28, 25, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtSetInformationFile + B 77475A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtSetInformationThread + 6 77475AE6 4 Bytes [28, 26, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtSetInformationThread + B 77475AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtUnmapViewOfSection + 6 77475E06 4 Bytes [68, 27, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtUnmapViewOfSection + B 77475E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!LdrUnloadDll 7748BE7F 5 Bytes JMP 00D403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!LdrLoadDll 7748F585 3 Bytes JMP 00D401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!LdrLoadDll + 4 7748F589 1 Byte [89] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtCreateFile + 6 77474A16 4 Bytes [28, EC, 51, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtCreateFile + B 77474A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtMapViewOfSection + 6 77475076 4 Bytes [28, EF, 51, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtMapViewOfSection + B 7747507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenFile + 6 77475126 4 Bytes [68, EC, 51, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenFile + B 7747512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenProcess + 6 774751D6 4 Bytes [A8, ED, 51, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenProcess + B 774751DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenProcessToken + B 774751EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenProcessTokenEx + 6 774751F6 4 Bytes [A8, EE, 51, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenProcessTokenEx + B 774751FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenThread + 6 77475256 4 Bytes [68, ED, 51, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenThread + B 7747525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenThreadToken + 6 77475266 4 Bytes [68, EE, 51, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenThreadToken + B 7747526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenThreadTokenEx + B 7747527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtQueryAttributesFile + 6 77475386 4 Bytes [A8, EC, 51, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtQueryAttributesFile + B 7747538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtQueryFullAttributesFile + B 7747543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtSetInformationFile + 6 77475A86 4 Bytes [28, ED, 51, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtSetInformationFile + B 77475A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtSetInformationThread + 6 77475AE6 4 Bytes [28, EE, 51, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtSetInformationThread + B 77475AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtUnmapViewOfSection + 6 77475E06 4 Bytes [68, EF, 51, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtUnmapViewOfSection + B 77475E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!LdrUnloadDll 7748BE7F 5 Bytes JMP 005E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!LdrLoadDll 7748F585 5 Bytes JMP 005E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtCreateFile + 6 77474A16 4 Bytes [28, 8C, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtCreateFile + B 77474A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtMapViewOfSection + 6 77475076 4 Bytes [28, 8F, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtMapViewOfSection + B 7747507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenFile + 6 77475126 4 Bytes [68, 8C, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenFile + B 7747512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenProcess + 6 774751D6 4 Bytes [A8, 8D, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenProcess + B 774751DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenProcessToken + B 774751EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenProcessTokenEx + 6 774751F6 4 Bytes [A8, 8E, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenProcessTokenEx + B 774751FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenThread + 6 77475256 4 Bytes [68, 8D, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenThread + B 7747525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenThreadToken + 6 77475266 4 Bytes [68, 8E, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenThreadToken + B 7747526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenThreadTokenEx + B 7747527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtQueryAttributesFile + 6 77475386 4 Bytes [A8, 8C, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtQueryAttributesFile + B 7747538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtQueryFullAttributesFile + B 7747543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtSetInformationFile + 6 77475A86 4 Bytes [28, 8D, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtSetInformationFile + B 77475A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtSetInformationThread + 6 77475AE6 4 Bytes [28, 8E, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtSetInformationThread + B 77475AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtUnmapViewOfSection + 6 77475E06 4 Bytes [68, 8F, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtUnmapViewOfSection + B 77475E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!LdrUnloadDll 7748BE7F 5 Bytes JMP 00B503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!LdrLoadDll 7748F585 5 Bytes JMP 00B501F8 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[3436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7404250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74042494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74025624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740256E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74038573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74034D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [740350CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740351A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [740366D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [740382CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74038819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7403907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7403E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74034C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 856621F8 Device \FileSystem\fastfat \FatCdrom 8760A1F8 Device \Driver\usbohci \Device\USBPDO-0 86BD11F8 Device \Driver\usbehci \Device\USBPDO-1 86BDA1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{7FDEB7AF-572F-4B79-9782-C635D1091E11} 86B431F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{D07899A1-2036-4866-9061-CC74C1A17511} 86B431F8 Device \Driver\dtsoftbus01 \Device\00000061 8699C1F8 Device \Driver\cdrom \Device\CdRom0 86ADA1F8 Device \Driver\cdrom \Device\CdRom1 86ADA1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8565F1F8 Device \Driver\atapi \Device\Ide\IdePort0 8565F1F8 Device \Driver\atapi \Device\Ide\IdePort1 8565F1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{2C031D38-E3BE-4BFE-998D-33F5F87A9F9D} 86B431F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 86B431F8 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl 8699C1F8 Device \Driver\nvstor \Device\RaidPort0 856601F8 Device \Driver\nvstor \Device\0000005d 856601F8 Device \Driver\nvstor \Device\RaidPort1 856601F8 Device \Driver\nvstor \Device\RaidPort2 856601F8 Device \Driver\usbohci \Device\USBFDO-0 86BD11F8 Device \Driver\usbehci \Device\USBFDO-1 86BDA1F8 Device \FileSystem\fastfat \Fat 8760A1F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x856601f8]<< 856601f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867ceac8] 867ceac8 Trace 3 CLASSPNP.SYS[89d0259e] -> nt!IofCallDriver -> [0x863934a0] 863934a0 Trace 5 ACPI.sys[8958d3b2] -> nt!IofCallDriver -> \Device\0000005d[0x86393948] 86393948 Trace \Driver\nvstor[0x86398930] -> IRP_MJ_CREATE -> 0x856601f8 856601f8 ---- EOF - GMER 2.1 ----