GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-03-06 21:31:30 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000079 WDC_WD16 rev.12.0 149,05GB Running: f94slj2u.exe; Driver: C:\Users\Ilona\AppData\Local\Temp\uwdiqpog.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 830879E9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830C11C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\Drivers\spjz.sys Le chemin d’accès spécifié est introuvable. ! ---- User code sections - GMER 2.1 ---- .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtCreateFile + 6 77F055CE 4 Bytes [28, 98, 85, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtCreateFile + B 77F055D3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtMapViewOfSection + 6 77F05C2E 4 Bytes [28, 9B, 85, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtMapViewOfSection + B 77F05C33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenFile + 6 77F05CDE 4 Bytes [68, 98, 85, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenFile + B 77F05CE3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenProcess + 6 77F05D8E 4 Bytes [A8, 99, 85, 00] {TEST AL, 0x99; TEST [EAX], EAX} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenProcess + B 77F05D93 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenProcessToken + 6 77F05D9E 4 Bytes CALL 76F0E33C C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenProcessToken + B 77F05DA3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenProcessTokenEx + 6 77F05DAE 4 Bytes [A8, 9A, 85, 00] {TEST AL, 0x9a; TEST [EAX], EAX} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenProcessTokenEx + B 77F05DB3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenThread + 6 77F05E0E 4 Bytes [68, 99, 85, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenThread + B 77F05E13 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenThreadToken + 6 77F05E1E 4 Bytes [68, 9A, 85, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenThreadToken + B 77F05E23 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenThreadTokenEx + 6 77F05E2E 4 Bytes CALL 76F0E3CD C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenThreadTokenEx + B 77F05E33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtQueryAttributesFile + 6 77F05F3E 4 Bytes [A8, 98, 85, 00] {TEST AL, 0x98; TEST [EAX], EAX} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtQueryAttributesFile + B 77F05F43 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtQueryFullAttributesFile + 6 77F05FEE 4 Bytes CALL 76F0E58B C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtQueryFullAttributesFile + B 77F05FF3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtSetInformationFile + 6 77F0663E 4 Bytes [28, 99, 85, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtSetInformationFile + B 77F06643 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtSetInformationThread + 6 77F0669E 4 Bytes [28, 9A, 85, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtSetInformationThread + B 77F066A3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtUnmapViewOfSection + 6 77F069BE 4 Bytes [68, 9B, 85, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtUnmapViewOfSection + B 77F069C3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtCreateFile + 6 77F055CE 4 Bytes [28, 3C, D3, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtCreateFile + B 77F055D3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtMapViewOfSection + 6 77F05C2E 4 Bytes [28, 3F, D3, 00] {SUB [EDI], BH; ROL [EAX], CL} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtMapViewOfSection + B 77F05C33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenFile + 6 77F05CDE 4 Bytes [68, 3C, D3, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenFile + B 77F05CE3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenProcess + 6 77F05D8E 4 Bytes [A8, 3D, D3, 00] {TEST AL, 0x3d; ROL [EAX], CL} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenProcess + B 77F05D93 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenProcessToken + 6 77F05D9E 4 Bytes CALL 76F130E0 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenProcessToken + B 77F05DA3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenProcessTokenEx + 6 77F05DAE 4 Bytes [A8, 3E, D3, 00] {TEST AL, 0x3e; ROL [EAX], CL} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenProcessTokenEx + B 77F05DB3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenThread + 6 77F05E0E 4 Bytes [68, 3D, D3, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenThread + B 77F05E13 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenThreadToken + 6 77F05E1E 4 Bytes [68, 3E, D3, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenThreadToken + B 77F05E23 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenThreadTokenEx + 6 77F05E2E 4 Bytes CALL 76F13171 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenThreadTokenEx + B 77F05E33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtQueryAttributesFile + 6 77F05F3E 4 Bytes [A8, 3C, D3, 00] {TEST AL, 0x3c; ROL [EAX], CL} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtQueryAttributesFile + B 77F05F43 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtQueryFullAttributesFile + 6 77F05FEE 4 Bytes CALL 76F1332F C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtQueryFullAttributesFile + B 77F05FF3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtSetInformationFile + 6 77F0663E 4 Bytes [28, 3D, D3, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtSetInformationFile + B 77F06643 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtSetInformationThread + 6 77F0669E 4 Bytes [28, 3E, D3, 00] {SUB [ESI], BH; ROL [EAX], CL} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtSetInformationThread + B 77F066A3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtUnmapViewOfSection + 6 77F069BE 4 Bytes [68, 3F, D3, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtUnmapViewOfSection + B 77F069C3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtCreateFile + 6 77F055CE 4 Bytes [28, 14, 32, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtCreateFile + B 77F055D3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtMapViewOfSection + 6 77F05C2E 4 Bytes [28, 17, 32, 00] {SUB [EDI], DL; XOR AL, [EAX]} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtMapViewOfSection + B 77F05C33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenFile + 6 77F05CDE 4 Bytes [68, 14, 32, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenFile + B 77F05CE3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcess + 6 77F05D8E 4 Bytes [A8, 15, 32, 00] {TEST AL, 0x15; XOR AL, [EAX]} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcess + B 77F05D93 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcessToken + 6 77F05D9E 4 Bytes CALL 76F08FB8 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcessToken + B 77F05DA3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcessTokenEx + 6 77F05DAE 4 Bytes [A8, 16, 32, 00] {TEST AL, 0x16; XOR AL, [EAX]} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcessTokenEx + B 77F05DB3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThread + 6 77F05E0E 4 Bytes [68, 15, 32, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThread + B 77F05E13 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThreadToken + 6 77F05E1E 4 Bytes [68, 16, 32, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThreadToken + B 77F05E23 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThreadTokenEx + 6 77F05E2E 4 Bytes CALL 76F09049 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThreadTokenEx + B 77F05E33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtQueryAttributesFile + 6 77F05F3E 4 Bytes [A8, 14, 32, 00] {TEST AL, 0x14; XOR AL, [EAX]} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtQueryAttributesFile + B 77F05F43 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtQueryFullAttributesFile + 6 77F05FEE 4 Bytes CALL 76F09207 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtQueryFullAttributesFile + B 77F05FF3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtSetInformationFile + 6 77F0663E 4 Bytes [28, 15, 32, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtSetInformationFile + B 77F06643 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtSetInformationThread + 6 77F0669E 4 Bytes [28, 16, 32, 00] {SUB [ESI], DL; XOR AL, [EAX]} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtSetInformationThread + B 77F066A3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtUnmapViewOfSection + 6 77F069BE 4 Bytes [68, 17, 32, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtUnmapViewOfSection + B 77F069C3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtCreateFile + 6 77F055CE 4 Bytes [28, 30, 95, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtCreateFile + B 77F055D3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtMapViewOfSection + 6 77F05C2E 4 Bytes [28, 33, 95, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtMapViewOfSection + B 77F05C33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenFile + 6 77F05CDE 4 Bytes [68, 30, 95, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenFile + B 77F05CE3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenProcess + 6 77F05D8E 4 Bytes [A8, 31, 95, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenProcess + B 77F05D93 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenProcessToken + 6 77F05D9E 4 Bytes CALL 76F0F2D4 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenProcessToken + B 77F05DA3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenProcessTokenEx + 6 77F05DAE 4 Bytes [A8, 32, 95, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenProcessTokenEx + B 77F05DB3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenThread + 6 77F05E0E 4 Bytes [68, 31, 95, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenThread + B 77F05E13 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenThreadToken + 6 77F05E1E 4 Bytes [68, 32, 95, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenThreadToken + B 77F05E23 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenThreadTokenEx + 6 77F05E2E 4 Bytes CALL 76F0F365 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenThreadTokenEx + B 77F05E33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtQueryAttributesFile + 6 77F05F3E 4 Bytes [A8, 30, 95, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtQueryAttributesFile + B 77F05F43 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtQueryFullAttributesFile + 6 77F05FEE 4 Bytes CALL 76F0F523 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtQueryFullAttributesFile + B 77F05FF3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtSetInformationFile + 6 77F0663E 4 Bytes [28, 31, 95, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtSetInformationFile + B 77F06643 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtSetInformationThread + 6 77F0669E 4 Bytes [28, 32, 95, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtSetInformationThread + B 77F066A3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtUnmapViewOfSection + 6 77F069BE 4 Bytes [68, 33, 95, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtUnmapViewOfSection + B 77F069C3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtCreateFile + 6 77F055CE 4 Bytes [28, 5C, 1C, 00] {SUB [ESP+EBX+0x0], BL} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtCreateFile + B 77F055D3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtMapViewOfSection + 6 77F05C2E 4 Bytes [28, 5F, 1C, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtMapViewOfSection + B 77F05C33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenFile + 6 77F05CDE 4 Bytes [68, 5C, 1C, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenFile + B 77F05CE3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenProcess + 6 77F05D8E 4 Bytes [A8, 5D, 1C, 00] {TEST AL, 0x5d; SBB AL, 0x0} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenProcess + B 77F05D93 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenProcessToken + 6 77F05D9E 4 Bytes CALL 76F07A00 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenProcessToken + B 77F05DA3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenProcessTokenEx + 6 77F05DAE 4 Bytes [A8, 5E, 1C, 00] {TEST AL, 0x5e; SBB AL, 0x0} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenProcessTokenEx + B 77F05DB3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenThread + 6 77F05E0E 4 Bytes [68, 5D, 1C, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenThread + B 77F05E13 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenThreadToken + 6 77F05E1E 4 Bytes [68, 5E, 1C, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenThreadToken + B 77F05E23 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenThreadTokenEx + 6 77F05E2E 4 Bytes CALL 76F07A91 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenThreadTokenEx + B 77F05E33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtQueryAttributesFile + 6 77F05F3E 4 Bytes [A8, 5C, 1C, 00] {TEST AL, 0x5c; SBB AL, 0x0} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtQueryAttributesFile + B 77F05F43 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtQueryFullAttributesFile + 6 77F05FEE 4 Bytes CALL 76F07C4F C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtQueryFullAttributesFile + B 77F05FF3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtSetInformationFile + 6 77F0663E 4 Bytes [28, 5D, 1C, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtSetInformationFile + B 77F06643 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtSetInformationThread + 6 77F0669E 4 Bytes [28, 5E, 1C, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtSetInformationThread + B 77F066A3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtUnmapViewOfSection + 6 77F069BE 4 Bytes [68, 5F, 1C, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtUnmapViewOfSection + B 77F069C3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtCreateFile + 6 77F055CE 4 Bytes [28, 80, E0, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtCreateFile + B 77F055D3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtMapViewOfSection + 6 77F05C2E 4 Bytes [28, 83, E0, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtMapViewOfSection + B 77F05C33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenFile + 6 77F05CDE 4 Bytes [68, 80, E0, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenFile + B 77F05CE3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenProcess + 6 77F05D8E 4 Bytes [A8, 81, E0, 00] {TEST AL, 0x81; LOOPNZ 0x4} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenProcess + B 77F05D93 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenProcessToken + 6 77F05D9E 4 Bytes CALL 76F13E24 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenProcessToken + B 77F05DA3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenProcessTokenEx + 6 77F05DAE 4 Bytes [A8, 82, E0, 00] {TEST AL, 0x82; LOOPNZ 0x4} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenProcessTokenEx + B 77F05DB3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenThread + 6 77F05E0E 4 Bytes [68, 81, E0, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenThread + B 77F05E13 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenThreadToken + 6 77F05E1E 4 Bytes [68, 82, E0, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenThreadToken + B 77F05E23 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenThreadTokenEx + 6 77F05E2E 4 Bytes CALL 76F13EB5 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenThreadTokenEx + B 77F05E33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtQueryAttributesFile + 6 77F05F3E 4 Bytes [A8, 80, E0, 00] {TEST AL, 0x80; LOOPNZ 0x4} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtQueryAttributesFile + B 77F05F43 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtQueryFullAttributesFile + 6 77F05FEE 4 Bytes CALL 76F14073 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtQueryFullAttributesFile + B 77F05FF3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtSetInformationFile + 6 77F0663E 4 Bytes [28, 81, E0, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtSetInformationFile + B 77F06643 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtSetInformationThread + 6 77F0669E 4 Bytes [28, 82, E0, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtSetInformationThread + B 77F066A3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtUnmapViewOfSection + 6 77F069BE 4 Bytes [68, 83, E0, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtUnmapViewOfSection + B 77F069C3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtCreateFile + 6 77F055CE 4 Bytes [28, 24, 8E, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtCreateFile + B 77F055D3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtMapViewOfSection + 6 77F05C2E 4 Bytes [28, 27, 8E, 00] {SUB [EDI], AH; MOV ES, [EAX]} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtMapViewOfSection + B 77F05C33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtOpenFile + 6 77F05CDE 4 Bytes [68, 24, 8E, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtOpenFile + B 77F05CE3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtOpenProcess + 6 77F05D8E 4 Bytes [A8, 25, 8E, 00] {TEST AL, 0x25; MOV ES, [EAX]} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtOpenProcess + B 77F05D93 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtOpenProcessToken + 6 77F05D9E 4 Bytes CALL 76F0EBC8 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtOpenProcessToken + B 77F05DA3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtOpenProcessTokenEx + 6 77F05DAE 4 Bytes [A8, 26, 8E, 00] {TEST AL, 0x26; MOV ES, [EAX]} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtOpenProcessTokenEx + B 77F05DB3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtOpenThread + 6 77F05E0E 4 Bytes [68, 25, 8E, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtOpenThread + B 77F05E13 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtOpenThreadToken + 6 77F05E1E 4 Bytes [68, 26, 8E, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtOpenThreadToken + B 77F05E23 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtOpenThreadTokenEx + 6 77F05E2E 4 Bytes CALL 76F0EC59 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtOpenThreadTokenEx + B 77F05E33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtQueryAttributesFile + 6 77F05F3E 4 Bytes [A8, 24, 8E, 00] {TEST AL, 0x24; MOV ES, [EAX]} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtQueryAttributesFile + B 77F05F43 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtQueryFullAttributesFile + 6 77F05FEE 4 Bytes CALL 76F0EE17 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtQueryFullAttributesFile + B 77F05FF3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtSetInformationFile + 6 77F0663E 4 Bytes [28, 25, 8E, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtSetInformationFile + B 77F06643 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtSetInformationThread + 6 77F0669E 4 Bytes [28, 26, 8E, 00] {SUB [ESI], AH; MOV ES, [EAX]} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtSetInformationThread + B 77F066A3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtUnmapViewOfSection + 6 77F069BE 4 Bytes [68, 27, 8E, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3180] ntdll.dll!NtUnmapViewOfSection + B 77F069C3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtCreateFile + 6 77F055CE 4 Bytes [28, 3C, A7, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtCreateFile + B 77F055D3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtMapViewOfSection + 6 77F05C2E 4 Bytes [28, 3F, A7, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtMapViewOfSection + B 77F05C33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenFile + 6 77F05CDE 4 Bytes [68, 3C, A7, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenFile + B 77F05CE3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenProcess + 6 77F05D8E 4 Bytes [A8, 3D, A7, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenProcess + B 77F05D93 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenProcessToken + 6 77F05D9E 4 Bytes CALL 76F104E0 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenProcessToken + B 77F05DA3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenProcessTokenEx + 6 77F05DAE 4 Bytes [A8, 3E, A7, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenProcessTokenEx + B 77F05DB3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenThread + 6 77F05E0E 4 Bytes [68, 3D, A7, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenThread + B 77F05E13 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenThreadToken + 6 77F05E1E 4 Bytes [68, 3E, A7, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenThreadToken + B 77F05E23 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenThreadTokenEx + 6 77F05E2E 4 Bytes CALL 76F10571 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenThreadTokenEx + B 77F05E33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtQueryAttributesFile + 6 77F05F3E 4 Bytes [A8, 3C, A7, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtQueryAttributesFile + B 77F05F43 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtQueryFullAttributesFile + 6 77F05FEE 4 Bytes CALL 76F1072F C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtQueryFullAttributesFile + B 77F05FF3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtSetInformationFile + 6 77F0663E 4 Bytes [28, 3D, A7, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtSetInformationFile + B 77F06643 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtSetInformationThread + 6 77F0669E 4 Bytes [28, 3E, A7, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtSetInformationThread + B 77F066A3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtUnmapViewOfSection + 6 77F069BE 4 Bytes [68, 3F, A7, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtUnmapViewOfSection + B 77F069C3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtCreateFile + 6 77F055CE 4 Bytes [28, 8C, D5, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtCreateFile + B 77F055D3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtMapViewOfSection + 6 77F05C2E 4 Bytes [28, 8F, D5, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtMapViewOfSection + B 77F05C33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenFile + 6 77F05CDE 4 Bytes [68, 8C, D5, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenFile + B 77F05CE3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcess + 6 77F05D8E 4 Bytes [A8, 8D, D5, 00] {TEST AL, 0x8d; AAD 0x0} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcess + B 77F05D93 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcessToken + 6 77F05D9E 4 Bytes CALL 76F13330 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcessToken + B 77F05DA3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcessTokenEx + 6 77F05DAE 4 Bytes [A8, 8E, D5, 00] {TEST AL, 0x8e; AAD 0x0} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcessTokenEx + B 77F05DB3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThread + 6 77F05E0E 4 Bytes [68, 8D, D5, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThread + B 77F05E13 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThreadToken + 6 77F05E1E 4 Bytes [68, 8E, D5, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThreadToken + B 77F05E23 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThreadTokenEx + 6 77F05E2E 4 Bytes CALL 76F133C1 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThreadTokenEx + B 77F05E33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtQueryAttributesFile + 6 77F05F3E 4 Bytes [A8, 8C, D5, 00] {TEST AL, 0x8c; AAD 0x0} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtQueryAttributesFile + B 77F05F43 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtQueryFullAttributesFile + 6 77F05FEE 4 Bytes CALL 76F1357F C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtQueryFullAttributesFile + B 77F05FF3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtSetInformationFile + 6 77F0663E 4 Bytes [28, 8D, D5, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtSetInformationFile + B 77F06643 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtSetInformationThread + 6 77F0669E 4 Bytes [28, 8E, D5, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtSetInformationThread + B 77F066A3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtUnmapViewOfSection + 6 77F069BE 4 Bytes [68, 8F, D5, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtUnmapViewOfSection + B 77F069C3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtCreateFile + 6 77F055CE 4 Bytes [28, F4, E2, 00] {SUB AH, DH; LOOP 0x4} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtCreateFile + B 77F055D3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtMapViewOfSection + 6 77F05C2E 4 Bytes [28, F7, E2, 00] {SUB BH, DH; LOOP 0x4} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtMapViewOfSection + B 77F05C33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenFile + 6 77F05CDE 4 Bytes [68, F4, E2, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenFile + B 77F05CE3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcess + 6 77F05D8E 4 Bytes [A8, F5, E2, 00] {TEST AL, 0xf5; LOOP 0x4} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcess + B 77F05D93 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcessToken + 6 77F05D9E 4 Bytes CALL 76F14098 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcessToken + B 77F05DA3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcessTokenEx + 6 77F05DAE 4 Bytes [A8, F6, E2, 00] {TEST AL, 0xf6; LOOP 0x4} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcessTokenEx + B 77F05DB3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThread + 6 77F05E0E 4 Bytes [68, F5, E2, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThread + B 77F05E13 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThreadToken + 6 77F05E1E 4 Bytes [68, F6, E2, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThreadToken + B 77F05E23 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThreadTokenEx + 6 77F05E2E 4 Bytes CALL 76F14129 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThreadTokenEx + B 77F05E33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtQueryAttributesFile + 6 77F05F3E 4 Bytes [A8, F4, E2, 00] {TEST AL, 0xf4; LOOP 0x4} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtQueryAttributesFile + B 77F05F43 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtQueryFullAttributesFile + 6 77F05FEE 4 Bytes CALL 76F142E7 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtQueryFullAttributesFile + B 77F05FF3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationFile + 6 77F0663E 4 Bytes [28, F5, E2, 00] {SUB CH, DH; LOOP 0x4} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationFile + B 77F06643 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationThread + 6 77F0669E 4 Bytes [28, F6, E2, 00] {SUB DH, DH; LOOP 0x4} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationThread + B 77F066A3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtUnmapViewOfSection + 6 77F069BE 4 Bytes [68, F7, E2, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtUnmapViewOfSection + B 77F069C3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtCreateFile + 6 77F055CE 4 Bytes [28, 28, 18, 00] {SUB [EAX], CH; SBB [EAX], AL} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtCreateFile + B 77F055D3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtMapViewOfSection + 6 77F05C2E 4 Bytes [28, 2B, 18, 00] {SUB [EBX], CH; SBB [EAX], AL} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtMapViewOfSection + B 77F05C33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenFile + 6 77F05CDE 4 Bytes [68, 28, 18, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenFile + B 77F05CE3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenProcess + 6 77F05D8E 4 Bytes [A8, 29, 18, 00] {TEST AL, 0x29; SBB [EAX], AL} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenProcess + B 77F05D93 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenProcessToken + 6 77F05D9E 4 Bytes CALL 76F075CC C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenProcessToken + B 77F05DA3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenProcessTokenEx + 6 77F05DAE 4 Bytes [A8, 2A, 18, 00] {TEST AL, 0x2a; SBB [EAX], AL} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenProcessTokenEx + B 77F05DB3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenThread + 6 77F05E0E 4 Bytes [68, 29, 18, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenThread + B 77F05E13 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenThreadToken + 6 77F05E1E 4 Bytes [68, 2A, 18, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenThreadToken + B 77F05E23 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenThreadTokenEx + 6 77F05E2E 4 Bytes CALL 76F0765D C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtOpenThreadTokenEx + B 77F05E33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtQueryAttributesFile + 6 77F05F3E 4 Bytes [A8, 28, 18, 00] {TEST AL, 0x28; SBB [EAX], AL} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtQueryAttributesFile + B 77F05F43 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtQueryFullAttributesFile + 6 77F05FEE 4 Bytes CALL 76F0781B C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtQueryFullAttributesFile + B 77F05FF3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtSetInformationFile + 6 77F0663E 4 Bytes [28, 29, 18, 00] {SUB [ECX], CH; SBB [EAX], AL} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtSetInformationFile + B 77F06643 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtSetInformationThread + 6 77F0669E 4 Bytes [28, 2A, 18, 00] {SUB [EDX], CH; SBB [EAX], AL} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtSetInformationThread + B 77F066A3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtUnmapViewOfSection + 6 77F069BE 4 Bytes [68, 2B, 18, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4000] ntdll.dll!NtUnmapViewOfSection + B 77F069C3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtCreateFile + 6 77F055CE 4 Bytes [28, F0, 38, 00] {SUB AL, DH; CMP [EAX], AL} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtCreateFile + B 77F055D3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtMapViewOfSection + 6 77F05C2E 4 Bytes [28, F3, 38, 00] {SUB BL, DH; CMP [EAX], AL} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtMapViewOfSection + B 77F05C33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenFile + 6 77F05CDE 4 Bytes [68, F0, 38, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenFile + B 77F05CE3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenProcess + 6 77F05D8E 4 Bytes [A8, F1, 38, 00] {TEST AL, 0xf1; CMP [EAX], AL} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenProcess + B 77F05D93 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenProcessToken + 6 77F05D9E 4 Bytes CALL 76F09694 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenProcessToken + B 77F05DA3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenProcessTokenEx + 6 77F05DAE 4 Bytes [A8, F2, 38, 00] {TEST AL, 0xf2; CMP [EAX], AL} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenProcessTokenEx + B 77F05DB3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenThread + 6 77F05E0E 4 Bytes [68, F1, 38, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenThread + B 77F05E13 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenThreadToken + 6 77F05E1E 4 Bytes [68, F2, 38, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenThreadToken + B 77F05E23 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenThreadTokenEx + 6 77F05E2E 4 Bytes CALL 76F09725 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenThreadTokenEx + B 77F05E33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtQueryAttributesFile + 6 77F05F3E 4 Bytes [A8, F0, 38, 00] {TEST AL, 0xf0; CMP [EAX], AL} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtQueryAttributesFile + B 77F05F43 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtQueryFullAttributesFile + 6 77F05FEE 4 Bytes CALL 76F098E3 C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtQueryFullAttributesFile + B 77F05FF3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtSetInformationFile + 6 77F0663E 4 Bytes [28, F1, 38, 00] {SUB CL, DH; CMP [EAX], AL} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtSetInformationFile + B 77F06643 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtSetInformationThread + 6 77F0669E 4 Bytes [28, F2, 38, 00] {SUB DL, DH; CMP [EAX], AL} .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtSetInformationThread + B 77F066A3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtUnmapViewOfSection + 6 77F069BE 4 Bytes [68, F3, 38, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtUnmapViewOfSection + B 77F069C3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtCreateFile + 6 77F055CE 4 Bytes [28, 18, 0F, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtCreateFile + B 77F055D3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtMapViewOfSection + 6 77F05C2E 4 Bytes [28, 1B, 0F, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtMapViewOfSection + B 77F05C33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenFile + 6 77F05CDE 4 Bytes [68, 18, 0F, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenFile + B 77F05CE3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcess + 6 77F05D8E 4 Bytes [A8, 19, 0F, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcess + B 77F05D93 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessToken + 6 77F05D9E 4 Bytes CALL 76F06CBC C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessToken + B 77F05DA3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessTokenEx + 6 77F05DAE 4 Bytes [A8, 1A, 0F, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessTokenEx + B 77F05DB3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThread + 6 77F05E0E 4 Bytes [68, 19, 0F, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThread + B 77F05E13 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadToken + 6 77F05E1E 4 Bytes [68, 1A, 0F, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadToken + B 77F05E23 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadTokenEx + 6 77F05E2E 4 Bytes CALL 76F06D4D C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadTokenEx + B 77F05E33 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryAttributesFile + 6 77F05F3E 4 Bytes [A8, 18, 0F, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryAttributesFile + B 77F05F43 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryFullAttributesFile + 6 77F05FEE 4 Bytes CALL 76F06F0B C:\Windows\system32\SHELL32.dll .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryFullAttributesFile + B 77F05FF3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationFile + 6 77F0663E 4 Bytes [28, 19, 0F, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationFile + B 77F06643 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationThread + 6 77F0669E 4 Bytes [28, 1A, 0F, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationThread + B 77F066A3 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtUnmapViewOfSection + 6 77F069BE 4 Bytes [68, 1B, 0F, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtUnmapViewOfSection + B 77F069C3 1 Byte [E2] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 850BB1F8 Device \FileSystem\fastfat \FatCdrom 8646E500 Device \Driver\volmgr \Device\VolMgrControl 850B51F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{93ECBD7A-A717-43E3-AA16-B72B45745D86} 8618C500 Device \Driver\usbohci \Device\USBPDO-0 863FA1F8 Device \Driver\usbehci \Device\USBPDO-1 863FC1F8 Device \Driver\usbohci \Device\USBPDO-2 863FA1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{ECFDFB65-005D-4DEE-B424-A948C7D65B18} 8618C500 Device \Driver\volmgr \Device\HarddiskVolume1 850B51F8 Device \Driver\volmgr \Device\HarddiskVolume2 850B51F8 Device \Driver\volmgr \Device\HarddiskVolume3 850B51F8 Device \Driver\volmgr \Device\HarddiskVolume4 850B51F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8618C500 Device \Driver\nvstor32 \Device\00000079 850B91F8 Device \Driver\BTHUSB \Device\00000085 bthport.sys Device \Driver\BTHUSB \Device\00000087 bthport.sys Device \Driver\nvstor32 \Device\RaidPort0 850B91F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{FABB0E05-9EE7-4D00-A723-95BAB5DED6EF} 8618C500 Device \Driver\usbohci \Device\USBFDO-0 863FA1F8 Device \Driver\usbehci \Device\USBFDO-1 863FC1F8 Device \Driver\usbohci \Device\USBFDO-2 863FA1F8 Device \Driver\usbehci \Device\USBFDO-3 863FC1F8 Device \FileSystem\fastfat \Fat 8646E500 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll NNSHttp.sys NNSStrm.sys >>UNKNOWN [0x850b91f8]<< 850b91f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86058030] 86058030 Trace 3 CLASSPNP.SYS[88d7559e] -> nt!IofCallDriver -> [0x85f6e700] 85f6e700 Trace 5 ACPI.sys[837bd3d4] -> nt!IofCallDriver -> \Device\00000079[0x85f6e030] 85f6e030 Trace \Driver\nvstor32[0x85de8a40] -> IRP_MJ_CREATE -> 0x850b91f8 850b91f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00271373aa4a Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x13 0xE8 0xB8 0xB9 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00271373aa4a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x13 0xE8 0xB8 0xB9 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----