GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-25 10:53:24 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-7 ST500DM002-1BD142 rev.KC43 465,76GB Running: 7ypgyhep.exe; Driver: C:\Users\Herbar\AppData\Local\Temp\awrdypoc.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C45579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C69F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtCreateFile + 6 77114A16 4 Bytes [28, 5C, C6, 00] {SUB [ESI+EAX*8+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtCreateFile + B 77114A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtMapViewOfSection + 6 77115076 4 Bytes [28, 5F, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtMapViewOfSection + B 7711507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtOpenFile + 6 77115126 4 Bytes [68, 5C, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtOpenFile + B 7711512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtOpenProcess + 6 771151D6 4 Bytes [A8, 5D, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtOpenProcess + B 771151DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtOpenProcessToken + 6 771151E6 4 Bytes CALL 76121848 .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtOpenProcessToken + B 771151EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtOpenProcessTokenEx + 6 771151F6 4 Bytes [A8, 5E, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtOpenProcessTokenEx + B 771151FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtOpenThread + 6 77115256 4 Bytes [68, 5D, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtOpenThread + B 7711525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtOpenThreadToken + 6 77115266 4 Bytes [68, 5E, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtOpenThreadToken + B 7711526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtOpenThreadTokenEx + 6 77115276 4 Bytes CALL 761218D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtOpenThreadTokenEx + B 7711527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtQueryAttributesFile + 6 77115386 4 Bytes [A8, 5C, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtQueryAttributesFile + B 7711538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtQueryFullAttributesFile + 6 77115436 4 Bytes CALL 76121A97 .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtQueryFullAttributesFile + B 7711543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtSetInformationFile + 6 77115A86 4 Bytes [28, 5D, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtSetInformationFile + B 77115A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtSetInformationThread + 6 77115AE6 4 Bytes [28, 5E, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtSetInformationThread + B 77115AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtUnmapViewOfSection + 6 77115E06 4 Bytes [68, 5F, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[256] ntdll.dll!NtUnmapViewOfSection + B 77115E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtCreateFile + 6 77114A16 4 Bytes [28, 3C, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtCreateFile + B 77114A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtMapViewOfSection + 6 77115076 4 Bytes [28, 3F, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtMapViewOfSection + B 7711507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtOpenFile + 6 77115126 4 Bytes [68, 3C, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtOpenFile + B 7711512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtOpenProcess + 6 771151D6 4 Bytes [A8, 3D, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtOpenProcess + B 771151DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtOpenProcessToken + 6 771151E6 4 Bytes CALL 76116028 .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtOpenProcessToken + B 771151EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtOpenProcessTokenEx + 6 771151F6 4 Bytes [A8, 3E, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtOpenProcessTokenEx + B 771151FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtOpenThread + 6 77115256 4 Bytes [68, 3D, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtOpenThread + B 7711525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtOpenThreadToken + 6 77115266 4 Bytes [68, 3E, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtOpenThreadToken + B 7711526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtOpenThreadTokenEx + 6 77115276 4 Bytes CALL 761160B9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtOpenThreadTokenEx + B 7711527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtQueryAttributesFile + 6 77115386 4 Bytes [A8, 3C, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtQueryAttributesFile + B 7711538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtQueryFullAttributesFile + 6 77115436 4 Bytes CALL 76116277 .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtQueryFullAttributesFile + B 7711543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtSetInformationFile + 6 77115A86 4 Bytes [28, 3D, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtSetInformationFile + B 77115A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtSetInformationThread + 6 77115AE6 4 Bytes [28, 3E, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtSetInformationThread + B 77115AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtUnmapViewOfSection + 6 77115E06 4 Bytes [68, 3F, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtUnmapViewOfSection + B 77115E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtCreateFile + 6 77114A16 4 Bytes [28, A0, B1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtCreateFile + B 77114A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtMapViewOfSection + 6 77115076 4 Bytes [28, A3, B1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtMapViewOfSection + B 7711507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenFile + 6 77115126 4 Bytes [68, A0, B1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenFile + B 7711512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenProcess + 6 771151D6 4 Bytes [A8, A1, B1, 00] {TEST AL, 0xa1; MOV CL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenProcess + B 771151DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenProcessToken + 6 771151E6 4 Bytes CALL 7612038C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenProcessToken + B 771151EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenProcessTokenEx + 6 771151F6 4 Bytes [A8, A2, B1, 00] {TEST AL, 0xa2; MOV CL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenProcessTokenEx + B 771151FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenThread + 6 77115256 4 Bytes [68, A1, B1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenThread + B 7711525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenThreadToken + 6 77115266 4 Bytes [68, A2, B1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenThreadToken + B 7711526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenThreadTokenEx + 6 77115276 4 Bytes CALL 7612041D .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenThreadTokenEx + B 7711527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtQueryAttributesFile + 6 77115386 4 Bytes [A8, A0, B1, 00] {TEST AL, 0xa0; MOV CL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtQueryAttributesFile + B 7711538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtQueryFullAttributesFile + 6 77115436 4 Bytes CALL 761205DB .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtQueryFullAttributesFile + B 7711543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtSetInformationFile + 6 77115A86 4 Bytes [28, A1, B1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtSetInformationFile + B 77115A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtSetInformationThread + 6 77115AE6 4 Bytes [28, A2, B1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtSetInformationThread + B 77115AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtUnmapViewOfSection + 6 77115E06 4 Bytes [68, A3, B1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtUnmapViewOfSection + B 77115E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtCreateFile + 6 77114A16 4 Bytes [28, DC, CD, 00] {SUB AH, BL; INT 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtCreateFile + B 77114A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtMapViewOfSection + 6 77115076 4 Bytes [28, DF, CD, 00] {SUB BH, BL; INT 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtMapViewOfSection + B 7711507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtOpenFile + 6 77115126 4 Bytes [68, DC, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtOpenFile + B 7711512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtOpenProcess + 6 771151D6 4 Bytes [A8, DD, CD, 00] {TEST AL, 0xdd; INT 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtOpenProcess + B 771151DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtOpenProcessToken + 6 771151E6 4 Bytes CALL 76121FC8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtOpenProcessToken + B 771151EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtOpenProcessTokenEx + 6 771151F6 4 Bytes [A8, DE, CD, 00] {TEST AL, 0xde; INT 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtOpenProcessTokenEx + B 771151FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtOpenThread + 6 77115256 4 Bytes [68, DD, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtOpenThread + B 7711525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtOpenThreadToken + 6 77115266 4 Bytes [68, DE, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtOpenThreadToken + B 7711526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtOpenThreadTokenEx + 6 77115276 4 Bytes CALL 76122059 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtOpenThreadTokenEx + B 7711527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtQueryAttributesFile + 6 77115386 4 Bytes [A8, DC, CD, 00] {TEST AL, 0xdc; INT 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtQueryAttributesFile + B 7711538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtQueryFullAttributesFile + 6 77115436 4 Bytes CALL 76122217 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtQueryFullAttributesFile + B 7711543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtSetInformationFile + 6 77115A86 4 Bytes [28, DD, CD, 00] {SUB CH, BL; INT 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtSetInformationFile + B 77115A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtSetInformationThread + 6 77115AE6 4 Bytes [28, DE, CD, 00] {SUB DH, BL; INT 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtSetInformationThread + B 77115AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtUnmapViewOfSection + 6 77115E06 4 Bytes [68, DF, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1992] ntdll.dll!NtUnmapViewOfSection + B 77115E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtCreateFile + 6 77114A16 4 Bytes [28, 8C, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtCreateFile + B 77114A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtMapViewOfSection + 6 77115076 4 Bytes [28, 8F, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtMapViewOfSection + B 7711507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenFile + 6 77115126 4 Bytes [68, 8C, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenFile + B 7711512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcess + 6 771151D6 4 Bytes [A8, 8D, D8, 00] {TEST AL, 0x8d; FADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcess + B 771151DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcessToken + 6 771151E6 4 Bytes CALL 76122A78 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcessToken + B 771151EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcessTokenEx + 6 771151F6 4 Bytes [A8, 8E, D8, 00] {TEST AL, 0x8e; FADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcessTokenEx + B 771151FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenThread + 6 77115256 4 Bytes [68, 8D, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenThread + B 7711525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenThreadToken + 6 77115266 4 Bytes [68, 8E, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenThreadToken + B 7711526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenThreadTokenEx + 6 77115276 4 Bytes CALL 76122B09 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenThreadTokenEx + B 7711527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtQueryAttributesFile + 6 77115386 4 Bytes [A8, 8C, D8, 00] {TEST AL, 0x8c; FADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtQueryAttributesFile + B 7711538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtQueryFullAttributesFile + 6 77115436 4 Bytes CALL 76122CC7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtQueryFullAttributesFile + B 7711543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtSetInformationFile + 6 77115A86 4 Bytes [28, 8D, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtSetInformationFile + B 77115A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtSetInformationThread + 6 77115AE6 4 Bytes [28, 8E, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtSetInformationThread + B 77115AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtUnmapViewOfSection + 6 77115E06 4 Bytes [68, 8F, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtUnmapViewOfSection + B 77115E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtCreateFile + 6 77114A16 4 Bytes [28, BC, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtCreateFile + B 77114A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtMapViewOfSection + 6 77115076 4 Bytes [28, BF, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtMapViewOfSection + B 7711507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtOpenFile + 6 77115126 4 Bytes [68, BC, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtOpenFile + B 7711512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtOpenProcess + 6 771151D6 4 Bytes [A8, BD, 01, 01] {TEST AL, 0xbd; ADD [ECX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtOpenProcess + B 771151DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtOpenProcessToken + 6 771151E6 4 Bytes CALL 761253A8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtOpenProcessToken + B 771151EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtOpenProcessTokenEx + 6 771151F6 4 Bytes [A8, BE, 01, 01] {TEST AL, 0xbe; ADD [ECX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtOpenProcessTokenEx + B 771151FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtOpenThread + 6 77115256 4 Bytes [68, BD, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtOpenThread + B 7711525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtOpenThreadToken + 6 77115266 4 Bytes [68, BE, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtOpenThreadToken + B 7711526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtOpenThreadTokenEx + 6 77115276 4 Bytes CALL 76125439 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtOpenThreadTokenEx + B 7711527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtQueryAttributesFile + 6 77115386 4 Bytes [A8, BC, 01, 01] {TEST AL, 0xbc; ADD [ECX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtQueryAttributesFile + B 7711538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtQueryFullAttributesFile + 6 77115436 4 Bytes CALL 761255F7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtQueryFullAttributesFile + B 7711543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtSetInformationFile + 6 77115A86 4 Bytes [28, BD, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtSetInformationFile + B 77115A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtSetInformationThread + 6 77115AE6 4 Bytes [28, BE, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtSetInformationThread + B 77115AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtUnmapViewOfSection + 6 77115E06 4 Bytes [68, BF, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2072] ntdll.dll!NtUnmapViewOfSection + B 77115E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtCreateFile + 6 77114A16 4 Bytes [28, 24, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtCreateFile + B 77114A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtMapViewOfSection + 6 77115076 4 Bytes [28, 27, DE, 00] {SUB [EDI], AH; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtMapViewOfSection + B 7711507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenFile + 6 77115126 4 Bytes [68, 24, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenFile + B 7711512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcess + 6 771151D6 4 Bytes [A8, 25, DE, 00] {TEST AL, 0x25; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcess + B 771151DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcessToken + 6 771151E6 4 Bytes CALL 76123010 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcessToken + B 771151EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcessTokenEx + 6 771151F6 4 Bytes [A8, 26, DE, 00] {TEST AL, 0x26; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcessTokenEx + B 771151FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThread + 6 77115256 4 Bytes [68, 25, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThread + B 7711525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThreadToken + 6 77115266 4 Bytes [68, 26, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThreadToken + B 7711526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThreadTokenEx + 6 77115276 4 Bytes CALL 761230A1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThreadTokenEx + B 7711527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtQueryAttributesFile + 6 77115386 4 Bytes [A8, 24, DE, 00] {TEST AL, 0x24; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtQueryAttributesFile + B 7711538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtQueryFullAttributesFile + 6 77115436 4 Bytes CALL 7612325F .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtQueryFullAttributesFile + B 7711543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtSetInformationFile + 6 77115A86 4 Bytes [28, 25, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtSetInformationFile + B 77115A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtSetInformationThread + 6 77115AE6 4 Bytes [28, 26, DE, 00] {SUB [ESI], AH; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtSetInformationThread + B 77115AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtUnmapViewOfSection + 6 77115E06 4 Bytes [68, 27, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtUnmapViewOfSection + B 77115E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtCreateFile + 6 77114A16 4 Bytes [28, 98, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtCreateFile + B 77114A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtMapViewOfSection + 6 77115076 4 Bytes [28, 9B, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtMapViewOfSection + B 7711507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenFile + 6 77115126 4 Bytes [68, 98, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenFile + B 7711512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenProcess + 6 771151D6 4 Bytes [A8, 99, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenProcess + B 771151DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenProcessToken + 6 771151E6 4 Bytes CALL 76118084 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenProcessToken + B 771151EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenProcessTokenEx + 6 771151F6 4 Bytes [A8, 9A, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenProcessTokenEx + B 771151FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenThread + 6 77115256 4 Bytes [68, 99, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenThread + B 7711525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenThreadToken + 6 77115266 4 Bytes [68, 9A, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenThreadToken + B 7711526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenThreadTokenEx + 6 77115276 4 Bytes CALL 76118115 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenThreadTokenEx + B 7711527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtQueryAttributesFile + 6 77115386 4 Bytes [A8, 98, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtQueryAttributesFile + B 7711538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtQueryFullAttributesFile + 6 77115436 4 Bytes CALL 761182D3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtQueryFullAttributesFile + B 7711543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtSetInformationFile + 6 77115A86 4 Bytes [28, 99, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtSetInformationFile + B 77115A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtSetInformationThread + 6 77115AE6 4 Bytes [28, 9A, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtSetInformationThread + B 77115AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtUnmapViewOfSection + 6 77115E06 4 Bytes [68, 9B, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtUnmapViewOfSection + B 77115E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtCreateFile + 6 77114A16 4 Bytes [28, 8C, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtCreateFile + B 77114A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtMapViewOfSection + 6 77115076 4 Bytes [28, 8F, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtMapViewOfSection + B 7711507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtOpenFile + 6 77115126 4 Bytes [68, 8C, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtOpenFile + B 7711512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtOpenProcess + 6 771151D6 4 Bytes [A8, 8D, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtOpenProcess + B 771151DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtOpenProcessToken + 6 771151E6 4 Bytes CALL 76124878 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtOpenProcessToken + B 771151EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtOpenProcessTokenEx + 6 771151F6 4 Bytes [A8, 8E, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtOpenProcessTokenEx + B 771151FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtOpenThread + 6 77115256 4 Bytes [68, 8D, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtOpenThread + B 7711525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtOpenThreadToken + 6 77115266 4 Bytes [68, 8E, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtOpenThreadToken + B 7711526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtOpenThreadTokenEx + 6 77115276 4 Bytes CALL 76124909 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtOpenThreadTokenEx + B 7711527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtQueryAttributesFile + 6 77115386 4 Bytes [A8, 8C, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtQueryAttributesFile + B 7711538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtQueryFullAttributesFile + 6 77115436 4 Bytes CALL 76124AC7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtQueryFullAttributesFile + B 7711543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtSetInformationFile + 6 77115A86 4 Bytes [28, 8D, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtSetInformationFile + B 77115A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtSetInformationThread + 6 77115AE6 4 Bytes [28, 8E, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtSetInformationThread + B 77115AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtUnmapViewOfSection + 6 77115E06 4 Bytes [68, 8F, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2448] ntdll.dll!NtUnmapViewOfSection + B 77115E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtCreateFile + 6 77114A16 4 Bytes [28, C8, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtCreateFile + B 77114A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtMapViewOfSection + 6 77115076 4 Bytes [28, CB, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtMapViewOfSection + B 7711507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenFile + 6 77115126 4 Bytes [68, C8, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenFile + B 7711512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenProcess + 6 771151D6 4 Bytes [A8, C9, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenProcess + B 771151DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenProcessToken + 6 771151E6 4 Bytes CALL 7611B9B4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenProcessToken + B 771151EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenProcessTokenEx + 6 771151F6 4 Bytes [A8, CA, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenProcessTokenEx + B 771151FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenThread + 6 77115256 4 Bytes [68, C9, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenThread + B 7711525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenThreadToken + 6 77115266 4 Bytes [68, CA, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenThreadToken + B 7711526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenThreadTokenEx + 6 77115276 4 Bytes CALL 7611BA45 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenThreadTokenEx + B 7711527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtQueryAttributesFile + 6 77115386 4 Bytes [A8, C8, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtQueryAttributesFile + B 7711538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtQueryFullAttributesFile + 6 77115436 4 Bytes CALL 7611BC03 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtQueryFullAttributesFile + B 7711543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtSetInformationFile + 6 77115A86 4 Bytes [28, C9, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtSetInformationFile + B 77115A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtSetInformationThread + 6 77115AE6 4 Bytes [28, CA, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtSetInformationThread + B 77115AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtUnmapViewOfSection + 6 77115E06 4 Bytes [68, CB, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtUnmapViewOfSection + B 77115E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtCreateFile + 6 77114A16 4 Bytes [28, 48, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtCreateFile + B 77114A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtMapViewOfSection + 6 77115076 4 Bytes [28, 4B, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtMapViewOfSection + B 7711507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenFile + 6 77115126 4 Bytes [68, 48, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenFile + B 7711512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcess + 6 771151D6 4 Bytes [A8, 49, E7, 00] {TEST AL, 0x49; OUT 0x0, EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcess + B 771151DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcessToken + 6 771151E6 4 Bytes CALL 76123934 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcessToken + B 771151EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcessTokenEx + 6 771151F6 4 Bytes [A8, 4A, E7, 00] {TEST AL, 0x4a; OUT 0x0, EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcessTokenEx + B 771151FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThread + 6 77115256 4 Bytes [68, 49, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThread + B 7711525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThreadToken + 6 77115266 4 Bytes [68, 4A, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThreadToken + B 7711526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThreadTokenEx + 6 77115276 4 Bytes CALL 761239C5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThreadTokenEx + B 7711527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtQueryAttributesFile + 6 77115386 4 Bytes [A8, 48, E7, 00] {TEST AL, 0x48; OUT 0x0, EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtQueryAttributesFile + B 7711538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtQueryFullAttributesFile + 6 77115436 4 Bytes CALL 76123B83 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtQueryFullAttributesFile + B 7711543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtSetInformationFile + 6 77115A86 4 Bytes [28, 49, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtSetInformationFile + B 77115A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtSetInformationThread + 6 77115AE6 4 Bytes [28, 4A, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtSetInformationThread + B 77115AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtUnmapViewOfSection + 6 77115E06 4 Bytes [68, 4B, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtUnmapViewOfSection + B 77115E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtCreateFile + 6 77114A16 4 Bytes [28, 64, 2B, 00] {SUB [EBX+EBP+0x0], AH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtCreateFile + B 77114A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtMapViewOfSection + 6 77115076 4 Bytes [28, 67, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtMapViewOfSection + B 7711507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenFile + 6 77115126 4 Bytes [68, 64, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenFile + B 7711512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcess + 6 771151D6 4 Bytes [A8, 65, 2B, 00] {TEST AL, 0x65; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcess + B 771151DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcessToken + 6 771151E6 4 Bytes CALL 76117D50 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcessToken + B 771151EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcessTokenEx + 6 771151F6 4 Bytes [A8, 66, 2B, 00] {TEST AL, 0x66; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcessTokenEx + B 771151FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThread + 6 77115256 4 Bytes [68, 65, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThread + B 7711525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThreadToken + 6 77115266 4 Bytes [68, 66, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThreadToken + B 7711526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThreadTokenEx + 6 77115276 4 Bytes CALL 76117DE1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThreadTokenEx + B 7711527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryAttributesFile + 6 77115386 4 Bytes [A8, 64, 2B, 00] {TEST AL, 0x64; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryAttributesFile + B 7711538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryFullAttributesFile + 6 77115436 4 Bytes CALL 76117F9F .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryFullAttributesFile + B 7711543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationFile + 6 77115A86 4 Bytes [28, 65, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationFile + B 77115A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationThread + 6 77115AE6 4 Bytes [28, 66, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationThread + B 77115AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtUnmapViewOfSection + 6 77115E06 4 Bytes [68, 67, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtUnmapViewOfSection + B 77115E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtCreateFile + 6 77114A16 4 Bytes [28, C0, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtCreateFile + B 77114A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtMapViewOfSection + 6 77115076 4 Bytes [28, C3, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtMapViewOfSection + B 7711507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenFile + 6 77115126 4 Bytes [68, C0, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenFile + B 7711512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenProcess + 6 771151D6 4 Bytes [A8, C1, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenProcess + B 771151DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenProcessToken + 6 771151E6 4 Bytes CALL 761160AC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenProcessToken + B 771151EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenProcessTokenEx + 6 771151F6 4 Bytes [A8, C2, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenProcessTokenEx + B 771151FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenThread + 6 77115256 4 Bytes [68, C1, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenThread + B 7711525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenThreadToken + 6 77115266 4 Bytes [68, C2, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenThreadToken + B 7711526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenThreadTokenEx + 6 77115276 4 Bytes CALL 7611613D .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenThreadTokenEx + B 7711527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtQueryAttributesFile + 6 77115386 4 Bytes [A8, C0, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtQueryAttributesFile + B 7711538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtQueryFullAttributesFile + 6 77115436 4 Bytes CALL 761162FB .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtQueryFullAttributesFile + B 7711543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtSetInformationFile + 6 77115A86 4 Bytes [28, C1, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtSetInformationFile + B 77115A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtSetInformationThread + 6 77115AE6 4 Bytes [28, C2, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtSetInformationThread + B 77115AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtUnmapViewOfSection + 6 77115E06 4 Bytes [68, C3, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtUnmapViewOfSection + B 77115E0B 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ----