GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-12-13 14:52:58 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST31000524AS rev.JC45 Running: gmer.exe; Driver: C:\Users\Rafi\AppData\Local\Temp\kxldrpod.sys ---- System - GMER 1.0.15 ---- SSDT A82963CE ZwCreateSection SSDT A82963D8 ZwRequestWaitReplyPort SSDT A82963D3 ZwSetContextThread SSDT A82963DD ZwSetSecurityObject SSDT A82963E2 ZwSystemDebugControl SSDT A829636F ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E55579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E79F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 340 82E81840 4 Bytes [CE, 63, 29, A8] .text ntkrnlpa.exe!RtlSidHashLookup + 69C 82E81B9C 4 Bytes [D8, 63, 29, A8] .text ntkrnlpa.exe!RtlSidHashLookup + 6E0 82E81BE0 4 Bytes [D3, 63, 29, A8] .text ntkrnlpa.exe!RtlSidHashLookup + 75C 82E81C5C 4 Bytes [DD, 63, 29, A8] .text ntkrnlpa.exe!RtlSidHashLookup + 7B0 82E81CB0 4 Bytes [E2, 63, 29, A8] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x94A0A000, 0x147F58, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtCreateFile + 6 77044A16 4 Bytes [28, 64, 73, 00] {SUB [EBX+ESI*2+0x0], AH} .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtCreateFile + B 77044A1B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtMapViewOfSection + 6 77045076 4 Bytes [28, 67, 73, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtMapViewOfSection + B 7704507B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenFile + 6 77045126 4 Bytes [68, 64, 73, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenFile + B 7704512B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenProcess + 6 770451D6 4 Bytes [A8, 65, 73, 00] {TEST AL, 0x65; JAE 0x4} .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenProcess + B 770451DB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenProcessToken + B 770451EB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenProcessTokenEx + 6 770451F6 4 Bytes [A8, 66, 73, 00] {TEST AL, 0x66; JAE 0x4} .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenProcessTokenEx + B 770451FB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenThread + 6 77045256 4 Bytes [68, 65, 73, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenThread + B 7704525B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenThreadToken + 6 77045266 4 Bytes [68, 66, 73, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenThreadToken + B 7704526B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenThreadTokenEx + B 7704527B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtQueryAttributesFile + 6 77045386 4 Bytes [A8, 64, 73, 00] {TEST AL, 0x64; JAE 0x4} .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtQueryAttributesFile + B 7704538B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtQueryFullAttributesFile + B 7704543B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtSetInformationFile + 6 77045A86 4 Bytes [28, 65, 73, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtSetInformationFile + B 77045A8B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtSetInformationThread + 6 77045AE6 4 Bytes [28, 66, 73, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtSetInformationThread + B 77045AEB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtUnmapViewOfSection + 6 77045E06 4 Bytes [68, 67, 73, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtUnmapViewOfSection + B 77045E0B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtCreateFile + 6 77044A16 4 Bytes [28, E4, F7, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtCreateFile + B 77044A1B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtMapViewOfSection + 6 77045076 4 Bytes [28, E7, F7, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtMapViewOfSection + B 7704507B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtOpenFile + 6 77045126 4 Bytes [68, E4, F7, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtOpenFile + B 7704512B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtOpenProcess + 6 770451D6 4 Bytes [A8, E5, F7, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtOpenProcess + B 770451DB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtOpenProcessToken + B 770451EB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtOpenProcessTokenEx + 6 770451F6 4 Bytes [A8, E6, F7, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtOpenProcessTokenEx + B 770451FB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtOpenThread + 6 77045256 4 Bytes [68, E5, F7, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtOpenThread + B 7704525B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtOpenThreadToken + 6 77045266 4 Bytes [68, E6, F7, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtOpenThreadToken + B 7704526B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtOpenThreadTokenEx + B 7704527B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtQueryAttributesFile + 6 77045386 4 Bytes [A8, E4, F7, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtQueryAttributesFile + B 7704538B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtQueryFullAttributesFile + B 7704543B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtSetInformationFile + 6 77045A86 4 Bytes [28, E5, F7, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtSetInformationFile + B 77045A8B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtSetInformationThread + 6 77045AE6 4 Bytes [28, E6, F7, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtSetInformationThread + B 77045AEB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtUnmapViewOfSection + 6 77045E06 4 Bytes [68, E7, F7, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[1540] ntdll.dll!NtUnmapViewOfSection + B 77045E0B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtCreateFile + 6 77044A16 4 Bytes [28, 48, 97, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtCreateFile + B 77044A1B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtMapViewOfSection + 6 77045076 4 Bytes [28, 4B, 97, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtMapViewOfSection + B 7704507B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenFile + 6 77045126 4 Bytes [68, 48, 97, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenFile + B 7704512B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenProcess + 6 770451D6 4 Bytes [A8, 49, 97, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenProcess + B 770451DB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenProcessToken + B 770451EB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenProcessTokenEx + 6 770451F6 4 Bytes [A8, 4A, 97, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenProcessTokenEx + B 770451FB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenThread + 6 77045256 4 Bytes [68, 49, 97, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenThread + B 7704525B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenThreadToken + 6 77045266 4 Bytes [68, 4A, 97, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenThreadToken + B 7704526B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenThreadTokenEx + B 7704527B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtQueryAttributesFile + 6 77045386 4 Bytes [A8, 48, 97, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtQueryAttributesFile + B 7704538B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtQueryFullAttributesFile + B 7704543B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtSetInformationFile + 6 77045A86 4 Bytes [28, 49, 97, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtSetInformationFile + B 77045A8B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtSetInformationThread + 6 77045AE6 4 Bytes [28, 4A, 97, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtSetInformationThread + B 77045AEB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtUnmapViewOfSection + 6 77045E06 4 Bytes [68, 4B, 97, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtUnmapViewOfSection + B 77045E0B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtCreateFile + 6 77044A16 4 Bytes [28, 14, BC, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtCreateFile + B 77044A1B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtMapViewOfSection + 6 77045076 4 Bytes [28, 17, BC, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtMapViewOfSection + B 7704507B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenFile + 6 77045126 4 Bytes [68, 14, BC, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenFile + B 7704512B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenProcess + 6 770451D6 4 Bytes [A8, 15, BC, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenProcess + B 770451DB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenProcessToken + B 770451EB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenProcessTokenEx + 6 770451F6 4 Bytes [A8, 16, BC, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenProcessTokenEx + B 770451FB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenThread + 6 77045256 4 Bytes [68, 15, BC, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenThread + B 7704525B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenThreadToken + 6 77045266 4 Bytes [68, 16, BC, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenThreadToken + B 7704526B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenThreadTokenEx + B 7704527B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtQueryAttributesFile + 6 77045386 4 Bytes [A8, 14, BC, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtQueryAttributesFile + B 7704538B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtQueryFullAttributesFile + B 7704543B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtSetInformationFile + 6 77045A86 4 Bytes [28, 15, BC, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtSetInformationFile + B 77045A8B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtSetInformationThread + 6 77045AE6 4 Bytes [28, 16, BC, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtSetInformationThread + B 77045AEB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtUnmapViewOfSection + 6 77045E06 4 Bytes [68, 17, BC, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtUnmapViewOfSection + B 77045E0B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtCreateFile + 6 77044A16 4 Bytes [28, EC, 26, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtCreateFile + B 77044A1B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtMapViewOfSection + 6 77045076 4 Bytes [28, EF, 26, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtMapViewOfSection + B 7704507B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenFile + 6 77045126 4 Bytes [68, EC, 26, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenFile + B 7704512B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcess + 6 770451D6 4 Bytes [A8, ED, 26, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcess + B 770451DB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcessToken + B 770451EB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcessTokenEx + 6 770451F6 4 Bytes [A8, EE, 26, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcessTokenEx + B 770451FB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThread + 6 77045256 4 Bytes [68, ED, 26, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThread + B 7704525B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThreadToken + 6 77045266 4 Bytes [68, EE, 26, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThreadToken + B 7704526B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThreadTokenEx + B 7704527B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtQueryAttributesFile + 6 77045386 4 Bytes [A8, EC, 26, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtQueryAttributesFile + B 7704538B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtQueryFullAttributesFile + B 7704543B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtSetInformationFile + 6 77045A86 4 Bytes [28, ED, 26, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtSetInformationFile + B 77045A8B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtSetInformationThread + 6 77045AE6 4 Bytes [28, EE, 26, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtSetInformationThread + B 77045AEB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtUnmapViewOfSection + 6 77045E06 4 Bytes [68, EF, 26, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtUnmapViewOfSection + B 77045E0B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtCreateFile + 6 77044A16 4 Bytes [28, 5C, 31, 00] {SUB [ECX+ESI+0x0], BL} .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtCreateFile + B 77044A1B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtMapViewOfSection + 6 77045076 4 Bytes [28, 5F, 31, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtMapViewOfSection + B 7704507B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenFile + 6 77045126 4 Bytes [68, 5C, 31, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenFile + B 7704512B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcess + 6 770451D6 4 Bytes [A8, 5D, 31, 00] {TEST AL, 0x5d; XOR [EAX], EAX} .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcess + B 770451DB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessToken + B 770451EB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessTokenEx + 6 770451F6 4 Bytes [A8, 5E, 31, 00] {TEST AL, 0x5e; XOR [EAX], EAX} .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessTokenEx + B 770451FB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThread + 6 77045256 4 Bytes [68, 5D, 31, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThread + B 7704525B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadToken + 6 77045266 4 Bytes [68, 5E, 31, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadToken + B 7704526B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadTokenEx + B 7704527B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryAttributesFile + 6 77045386 4 Bytes [A8, 5C, 31, 00] {TEST AL, 0x5c; XOR [EAX], EAX} .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryAttributesFile + B 7704538B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryFullAttributesFile + B 7704543B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationFile + 6 77045A86 4 Bytes [28, 5D, 31, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationFile + B 77045A8B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationThread + 6 77045AE6 4 Bytes [28, 5E, 31, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationThread + B 77045AEB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtUnmapViewOfSection + 6 77045E06 4 Bytes [68, 5F, 31, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtUnmapViewOfSection + B 77045E0B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtCreateFile + 6 77044A16 4 Bytes [28, 78, E7, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtCreateFile + B 77044A1B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtMapViewOfSection + 6 77045076 4 Bytes [28, 7B, E7, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtMapViewOfSection + B 7704507B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenFile + 6 77045126 4 Bytes [68, 78, E7, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenFile + B 7704512B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcess + 6 770451D6 4 Bytes [A8, 79, E7, 00] {TEST AL, 0x79; OUT 0x0, EAX} .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcess + B 770451DB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcessToken + B 770451EB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcessTokenEx + 6 770451F6 4 Bytes [A8, 7A, E7, 00] {TEST AL, 0x7a; OUT 0x0, EAX} .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcessTokenEx + B 770451FB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThread + 6 77045256 4 Bytes [68, 79, E7, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThread + B 7704525B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThreadToken + 6 77045266 4 Bytes [68, 7A, E7, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThreadToken + B 7704526B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThreadTokenEx + B 7704527B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtQueryAttributesFile + 6 77045386 4 Bytes [A8, 78, E7, 00] {TEST AL, 0x78; OUT 0x0, EAX} .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtQueryAttributesFile + B 7704538B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtQueryFullAttributesFile + B 7704543B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtSetInformationFile + 6 77045A86 4 Bytes [28, 79, E7, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtSetInformationFile + B 77045A8B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtSetInformationThread + 6 77045AE6 4 Bytes [28, 7A, E7, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtSetInformationThread + B 77045AEB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtUnmapViewOfSection + 6 77045E06 4 Bytes [68, 7B, E7, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtUnmapViewOfSection + B 77045E0B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtCreateFile + 6 77044A16 4 Bytes [28, 80, B9, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtCreateFile + B 77044A1B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtMapViewOfSection + 6 77045076 4 Bytes [28, 83, B9, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtMapViewOfSection + B 7704507B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenFile + 6 77045126 4 Bytes [68, 80, B9, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenFile + B 7704512B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcess + 6 770451D6 4 Bytes [A8, 81, B9, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcess + B 770451DB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessToken + B 770451EB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessTokenEx + 6 770451F6 4 Bytes [A8, 82, B9, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessTokenEx + B 770451FB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThread + 6 77045256 4 Bytes [68, 81, B9, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThread + B 7704525B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadToken + 6 77045266 4 Bytes [68, 82, B9, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadToken + B 7704526B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadTokenEx + B 7704527B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryAttributesFile + 6 77045386 4 Bytes [A8, 80, B9, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryAttributesFile + B 7704538B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryFullAttributesFile + B 7704543B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationFile + 6 77045A86 4 Bytes [28, 81, B9, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationFile + B 77045A8B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationThread + 6 77045AE6 4 Bytes [28, 82, B9, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationThread + B 77045AEB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtUnmapViewOfSection + 6 77045E06 4 Bytes [68, 83, B9, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtUnmapViewOfSection + B 77045E0B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtCreateFile + 6 77044A16 4 Bytes [28, 84, 95, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtCreateFile + B 77044A1B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtMapViewOfSection + 6 77045076 4 Bytes [28, 87, 95, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtMapViewOfSection + B 7704507B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenFile + 6 77045126 4 Bytes [68, 84, 95, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenFile + B 7704512B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcess + 6 770451D6 4 Bytes [A8, 85, 95, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcess + B 770451DB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcessToken + B 770451EB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcessTokenEx + 6 770451F6 4 Bytes [A8, 86, 95, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcessTokenEx + B 770451FB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThread + 6 77045256 4 Bytes [68, 85, 95, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThread + B 7704525B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThreadToken + 6 77045266 4 Bytes [68, 86, 95, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThreadToken + B 7704526B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThreadTokenEx + B 7704527B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtQueryAttributesFile + 6 77045386 4 Bytes [A8, 84, 95, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtQueryAttributesFile + B 7704538B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtQueryFullAttributesFile + B 7704543B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtSetInformationFile + 6 77045A86 4 Bytes [28, 85, 95, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtSetInformationFile + B 77045A8B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtSetInformationThread + 6 77045AE6 4 Bytes [28, 86, 95, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtSetInformationThread + B 77045AEB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtUnmapViewOfSection + 6 77045E06 4 Bytes [68, 87, 95, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtUnmapViewOfSection + B 77045E0B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtCreateFile + 6 77044A16 4 Bytes [28, F0, 9B, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtCreateFile + B 77044A1B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtMapViewOfSection + 6 77045076 4 Bytes [28, F3, 9B, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtMapViewOfSection + B 7704507B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenFile + 6 77045126 4 Bytes [68, F0, 9B, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenFile + B 7704512B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenProcess + 6 770451D6 4 Bytes [A8, F1, 9B, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenProcess + B 770451DB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenProcessToken + B 770451EB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenProcessTokenEx + 6 770451F6 4 Bytes [A8, F2, 9B, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenProcessTokenEx + B 770451FB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenThread + 6 77045256 4 Bytes [68, F1, 9B, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenThread + B 7704525B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenThreadToken + 6 77045266 4 Bytes [68, F2, 9B, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenThreadToken + B 7704526B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenThreadTokenEx + B 7704527B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtQueryAttributesFile + 6 77045386 4 Bytes [A8, F0, 9B, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtQueryAttributesFile + B 7704538B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtQueryFullAttributesFile + B 7704543B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtSetInformationFile + 6 77045A86 4 Bytes [28, F1, 9B, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtSetInformationFile + B 77045A8B 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtSetInformationThread + 6 77045AE6 4 Bytes [28, F2, 9B, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtSetInformationThread + B 77045AEB 1 Byte [E2] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtUnmapViewOfSection + 6 77045E06 4 Bytes [68, F3, 9B, 00] .text C:\Users\Rafi\AppData\Local\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtUnmapViewOfSection + B 77045E0B 1 Byte [E2] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ????????? ???????z?????z?z???????????????????????u?z?z?z?z?z????tr???z?z?z?z?z?z?z?|?z??81?? NOEXECUTE=OPTIN? SAFEBOOT:MINIMAL SOS BOOTLOG NOGUIBOOT BOOTLOGO???hdaudio\func_01&ven_1002&dev_aa01&subsys_00aa0100&rev_1002??????Realtek NDIS Protocol Driver??????????????H??????????????2??????RT??@%SystemRoot%\system32\tcpipcfg.dll,-50004??????usbport.inf_x86_neutral_ba59fa32fc6a596d????machine.inf_x86_neutral_65848c2d7375a720?????????????z???????z???????.???????????????????????????????????f?f?f?u?u?u?j???e??wstorflt.inf_x86_neutral_f91032fad599ad3e????m?u?u?u?u?u?u?u?u?v?u?v?v?v?v?v?v???y?z?z?z?z?z????ic???l?z?z?z?z?z?z?|?z??f_??acpi.inf_x86_neutral_ddd3c514822f1b21???8086 8092 8102 8112 8132 8176 8186 8224 8230 8246???a720??????@???????????????)?????@?????????????????????????????????????????????d??????5???????????.?.?/?/?/?/?/?/?/???????a?d?j?j?u???t???????u??320500??????@cpu.inf,%amdppm.devicedesc%;AMD Processor? in??@%systemroot%\system32\rascfg.dll,-32007????@%systemroot%\system32\rascfg.dll,-32007????@%s ---- Files - GMER 1.0.15 ---- File C:\Users\Rafi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0013e6 27475 bytes File C:\Users\Rafi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0010f3 21063 bytes File C:\Users\Rafi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0011dd 161573 bytes File C:\Users\Rafi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0011de 22884 bytes File C:\Users\Rafi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0011df 50070 bytes File C:\Users\Rafi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0011e0 80908 bytes File C:\Users\Rafi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0011e2 270284 bytes File C:\Users\Rafi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0011e3 33538 bytes File C:\Users\Rafi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0011e4 26576 bytes File C:\Users\Rafi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0011e5 22623 bytes File C:\Users\Rafi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0011e6 17726 bytes File C:\Users\Rafi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0011e7 119976 bytes File C:\Users\Rafi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0011e8 135347 bytes ---- EOF - GMER 1.0.15 ----