GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-11-02 08:13:20 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB Running: gmer.exe; Driver: C:\Users\Tomek\AppData\Local\Temp\ugloipow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x926798E6] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x9262A1A0] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x9262A3D2] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x92629F9A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x9267C3F4] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSymbolicLinkObject [0x9263D9A0] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x9267B830] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x9267B41C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x9261AAA6] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x92679A28] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x92679554] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x9263D9C0] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x9267AFAA] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x9267C624] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x9267B57C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwPlugPlayControl [0x9263D9B0] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x9267C05E] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x9262A2A6] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x9267BD7A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x9262A09A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x9267BEE0] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x9261AEC0] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x9267988C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x9267B158] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x9267BC1A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x9261AED2] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x9267B2BE] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x9267B726] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x9267C72C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x9267C4B6] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x9267BA70] SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateKey [0x83612FEC] SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [83612FEC] ZwCreateKey [0x83612FEC] SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenKey [0x83612FF1] SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [83612FF1] ZwOpenKey [0x83612FF1] INT 0x03 \SystemRoot\system32\ntkrnlpa.exe[unknown section] 83612FFB ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 119 836BE764 4 Bytes [E6, 98, 67, 92] {OUT 0x98, AL; XCHG EDX, EAX} .text ntkrnlpa.exe!KeSetEvent + 13D 836BE788 4 Bytes [A0, A1, 62, 92] .text ntkrnlpa.exe!KeSetEvent + 181 836BE7CC 4 Bytes [D2, A3, 62, 92] .text ntkrnlpa.exe!KeSetEvent + 1C1 836BE80C 4 Bytes [9A, 9F, 62, 92] .text ntkrnlpa.exe!KeSetEvent + 1E9 836BE834 3 Bytes [EC, 2F, 61] {IN AL, DX; DAS ; POPA } .text ... .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F208340, 0x3FC377, 0xE8000020] .text C:\Windows\system32\drivers\aksfridge.sys section is writeable [0xA400B000, 0x48E1C, 0xE0000020] .init C:\Windows\system32\drivers\aksfridge.sys entry point in ".init" section [0xA4061224] .init C:\Windows\system32\drivers\aksfridge.sys unknown last code section [0xA4061000, 0x4000, 0xE20000E0] .text C:\Windows\system32\drivers\hardlock.sys section is writeable [0xA4065400, 0x6EB98, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xA40EFC20] C:\Windows\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xA40EFC20] .protect˙˙˙˙hardlockunknown last code section [0xA40EFA00, 0x50CA, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0xA40EFA00, 0x50CA, 0xE0000020] ---- User code sections - GMER 2.1 ---- ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[748] C:\Windows\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[748] ntdll.dll!NtProtectVirtualMemory 779D4BC4 5 Bytes JMP 72F21D67 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ushata.dll ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[748] C:\Windows\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[748] USER32.dll!SetScrollInfo + 6A8 77617880 4 Bytes [7D, 24, F2, 72] .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[748] USER32.dll!SetScrollInfo + 7A8 77617980 4 Bytes [8D, 2D, F2, 72] ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[748] C:\Windows\system32\ole32.dll time/date stamp mismatch; unknown module: MPR.dllunknown module: msiltcfg.dllunknown module: CLBCatQ.DLLunknown module: OLEAUT32.dllunknown module: imagehlp.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtCreateFile + 6 779D426A 4 Bytes [28, C0, A8, 00] {SUB AL, AL; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtCreateFile + B 779D426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtMapViewOfSection + 6 779D49BA 4 Bytes [28, C3, A8, 00] {SUB BL, AL; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtMapViewOfSection + B 779D49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenFile + 6 779D4A4A 4 Bytes [68, C0, A8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenFile + B 779D4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcess + 6 779D4ACA 4 Bytes [A8, C1, A8, 00] {TEST AL, 0xc1; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcess + B 779D4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcessToken + B 779D4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcessTokenEx + 6 779D4AEA 4 Bytes [A8, C2, A8, 00] {TEST AL, 0xc2; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcessTokenEx + B 779D4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThread + 6 779D4B3A 4 Bytes [68, C1, A8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThread + B 779D4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThreadToken + 6 779D4B4A 4 Bytes [68, C2, A8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThreadToken + B 779D4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThreadTokenEx + B 779D4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtQueryAttributesFile + 6 779D4BEA 4 Bytes [A8, C0, A8, 00] {TEST AL, 0xc0; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtQueryAttributesFile + B 779D4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtQueryFullAttributesFile + B 779D4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtSetInformationFile + 6 779D517A 4 Bytes [28, C1, A8, 00] {SUB CL, AL; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtSetInformationFile + B 779D517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtSetInformationThread + 6 779D51CA 4 Bytes [28, C2, A8, 00] {SUB DL, AL; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtSetInformationThread + B 779D51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtUnmapViewOfSection + 6 779D546A 4 Bytes [68, C3, A8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtUnmapViewOfSection + B 779D546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtCreateFile + 6 779D426A 4 Bytes [28, D4, DA, 00] {SUB AH, DL; FIADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtCreateFile + B 779D426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtMapViewOfSection + 6 779D49BA 4 Bytes [28, D7, DA, 00] {SUB BH, DL; FIADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtMapViewOfSection + B 779D49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenFile + 6 779D4A4A 4 Bytes [68, D4, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenFile + B 779D4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcess + 6 779D4ACA 4 Bytes [A8, D5, DA, 00] {TEST AL, 0xd5; FIADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcess + B 779D4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcessToken + B 779D4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcessTokenEx + 6 779D4AEA 4 Bytes [A8, D6, DA, 00] {TEST AL, 0xd6; FIADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcessTokenEx + B 779D4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenThread + 6 779D4B3A 4 Bytes [68, D5, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenThread + B 779D4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenThreadToken + 6 779D4B4A 4 Bytes [68, D6, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenThreadToken + B 779D4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenThreadTokenEx + B 779D4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtQueryAttributesFile + 6 779D4BEA 4 Bytes [A8, D4, DA, 00] {TEST AL, 0xd4; FIADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtQueryAttributesFile + B 779D4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtQueryFullAttributesFile + B 779D4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtSetInformationFile + 6 779D517A 4 Bytes [28, D5, DA, 00] {SUB CH, DL; FIADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtSetInformationFile + B 779D517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtSetInformationThread + 6 779D51CA 4 Bytes [28, D6, DA, 00] {SUB DH, DL; FIADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtSetInformationThread + B 779D51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtUnmapViewOfSection + 6 779D546A 4 Bytes [68, D7, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtUnmapViewOfSection + B 779D546F 1 Byte [E2] ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe[2600] C:\Windows\system32\kernel32.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe[2600] C:\Windows\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe[2600] USER32.dll!SetScrollInfo + 6A8 77617880 4 Bytes [7D, 24, F2, 72] .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe[2600] USER32.dll!SetScrollInfo + 7A8 77617980 4 Bytes [8D, 2D, F2, 72] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtCreateFile + 6 779D426A 4 Bytes [28, 4C, 1C, 00] {SUB [ESP+EBX+0x0], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtCreateFile + B 779D426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtMapViewOfSection + 6 779D49BA 4 Bytes [28, 4F, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtMapViewOfSection + B 779D49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenFile + 6 779D4A4A 4 Bytes [68, 4C, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenFile + B 779D4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenProcess + 6 779D4ACA 4 Bytes [A8, 4D, 1C, 00] {TEST AL, 0x4d; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenProcess + B 779D4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenProcessToken + B 779D4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenProcessTokenEx + 6 779D4AEA 4 Bytes [A8, 4E, 1C, 00] {TEST AL, 0x4e; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenProcessTokenEx + B 779D4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenThread + 6 779D4B3A 4 Bytes [68, 4D, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenThread + B 779D4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenThreadToken + 6 779D4B4A 4 Bytes [68, 4E, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenThreadToken + B 779D4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenThreadTokenEx + B 779D4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtQueryAttributesFile + 6 779D4BEA 4 Bytes [A8, 4C, 1C, 00] {TEST AL, 0x4c; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtQueryAttributesFile + B 779D4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtQueryFullAttributesFile + B 779D4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtSetInformationFile + 6 779D517A 4 Bytes [28, 4D, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtSetInformationFile + B 779D517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtSetInformationThread + 6 779D51CA 4 Bytes [28, 4E, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtSetInformationThread + B 779D51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtUnmapViewOfSection + 6 779D546A 4 Bytes [68, 4F, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtUnmapViewOfSection + B 779D546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtCreateFile + 6 779D426A 4 Bytes [28, 24, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtCreateFile + B 779D426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtMapViewOfSection + 6 779D49BA 4 Bytes [28, 27, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtMapViewOfSection + B 779D49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenFile + 6 779D4A4A 4 Bytes [68, 24, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenFile + B 779D4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcess + 6 779D4ACA 4 Bytes [A8, 25, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcess + B 779D4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcessToken + B 779D4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcessTokenEx + 6 779D4AEA 4 Bytes [A8, 26, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcessTokenEx + B 779D4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThread + 6 779D4B3A 4 Bytes [68, 25, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThread + B 779D4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThreadToken + 6 779D4B4A 4 Bytes [68, 26, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThreadToken + B 779D4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThreadTokenEx + B 779D4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtQueryAttributesFile + 6 779D4BEA 4 Bytes [A8, 24, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtQueryAttributesFile + B 779D4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtQueryFullAttributesFile + B 779D4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationFile + 6 779D517A 4 Bytes [28, 25, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationFile + B 779D517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationThread + 6 779D51CA 4 Bytes [28, 26, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationThread + B 779D51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtUnmapViewOfSection + 6 779D546A 4 Bytes [68, 27, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtUnmapViewOfSection + B 779D546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtCreateFile + 6 779D426A 4 Bytes [28, 4C, 0F, 00] {SUB [EDI+ECX+0x0], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtCreateFile + B 779D426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtMapViewOfSection + 6 779D49BA 4 Bytes [28, 4F, 0F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtMapViewOfSection + B 779D49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenFile + 6 779D4A4A 4 Bytes [68, 4C, 0F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenFile + B 779D4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenProcess + 6 779D4ACA 4 Bytes [A8, 4D, 0F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenProcess + B 779D4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenProcessToken + B 779D4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenProcessTokenEx + 6 779D4AEA 4 Bytes [A8, 4E, 0F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenProcessTokenEx + B 779D4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenThread + 6 779D4B3A 4 Bytes [68, 4D, 0F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenThread + B 779D4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenThreadToken + 6 779D4B4A 4 Bytes [68, 4E, 0F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenThreadToken + B 779D4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenThreadTokenEx + B 779D4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtQueryAttributesFile + 6 779D4BEA 4 Bytes [A8, 4C, 0F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtQueryAttributesFile + B 779D4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtQueryFullAttributesFile + B 779D4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtSetInformationFile + 6 779D517A 4 Bytes [28, 4D, 0F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtSetInformationFile + B 779D517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtSetInformationThread + 6 779D51CA 4 Bytes [28, 4E, 0F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtSetInformationThread + B 779D51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtUnmapViewOfSection + 6 779D546A 4 Bytes [68, 4F, 0F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtUnmapViewOfSection + B 779D546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtCreateFile + 6 779D426A 4 Bytes [28, D0, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtCreateFile + B 779D426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtMapViewOfSection + 6 779D49BA 4 Bytes [28, D3, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtMapViewOfSection + B 779D49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenFile + 6 779D4A4A 4 Bytes [68, D0, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenFile + B 779D4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenProcess + 6 779D4ACA 4 Bytes [A8, D1, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenProcess + B 779D4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenProcessToken + B 779D4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenProcessTokenEx + 6 779D4AEA 4 Bytes [A8, D2, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenProcessTokenEx + B 779D4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenThread + 6 779D4B3A 4 Bytes [68, D1, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenThread + B 779D4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenThreadToken + 6 779D4B4A 4 Bytes [68, D2, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenThreadToken + B 779D4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenThreadTokenEx + B 779D4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtQueryAttributesFile + 6 779D4BEA 4 Bytes [A8, D0, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtQueryAttributesFile + B 779D4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtQueryFullAttributesFile + B 779D4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtSetInformationFile + 6 779D517A 4 Bytes [28, D1, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtSetInformationFile + B 779D517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtSetInformationThread + 6 779D51CA 4 Bytes [28, D2, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtSetInformationThread + B 779D51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtUnmapViewOfSection + 6 779D546A 4 Bytes [68, D3, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtUnmapViewOfSection + B 779D546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtCreateFile + 6 779D426A 4 Bytes [28, A4, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtCreateFile + B 779D426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtMapViewOfSection + 6 779D49BA 4 Bytes [28, A7, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtMapViewOfSection + B 779D49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtOpenFile + 6 779D4A4A 4 Bytes [68, A4, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtOpenFile + B 779D4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtOpenProcess + 6 779D4ACA 4 Bytes [A8, A5, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtOpenProcess + B 779D4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtOpenProcessToken + B 779D4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtOpenProcessTokenEx + 6 779D4AEA 4 Bytes [A8, A6, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtOpenProcessTokenEx + B 779D4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtOpenThread + 6 779D4B3A 4 Bytes [68, A5, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtOpenThread + B 779D4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtOpenThreadToken + 6 779D4B4A 4 Bytes [68, A6, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtOpenThreadToken + B 779D4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtOpenThreadTokenEx + B 779D4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtQueryAttributesFile + 6 779D4BEA 4 Bytes [A8, A4, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtQueryAttributesFile + B 779D4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtQueryFullAttributesFile + B 779D4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtSetInformationFile + 6 779D517A 4 Bytes [28, A5, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtSetInformationFile + B 779D517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtSetInformationThread + 6 779D51CA 4 Bytes [28, A6, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtSetInformationThread + B 779D51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtUnmapViewOfSection + 6 779D546A 4 Bytes [68, A7, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4696] ntdll.dll!NtUnmapViewOfSection + B 779D546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtCreateFile + 6 779D426A 4 Bytes [28, A0, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtCreateFile + B 779D426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtMapViewOfSection + 6 779D49BA 4 Bytes [28, A3, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtMapViewOfSection + B 779D49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenFile + 6 779D4A4A 4 Bytes [68, A0, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenFile + B 779D4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenProcess + 6 779D4ACA 4 Bytes [A8, A1, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenProcess + B 779D4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenProcessToken + B 779D4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenProcessTokenEx + 6 779D4AEA 4 Bytes [A8, A2, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenProcessTokenEx + B 779D4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenThread + 6 779D4B3A 4 Bytes [68, A1, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenThread + B 779D4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenThreadToken + 6 779D4B4A 4 Bytes [68, A2, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenThreadToken + B 779D4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenThreadTokenEx + B 779D4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtQueryAttributesFile + 6 779D4BEA 4 Bytes [A8, A0, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtQueryAttributesFile + B 779D4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtQueryFullAttributesFile + B 779D4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtSetInformationFile + 6 779D517A 4 Bytes [28, A1, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtSetInformationFile + B 779D517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtSetInformationThread + 6 779D51CA 4 Bytes [28, A2, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtSetInformationThread + B 779D51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtUnmapViewOfSection + 6 779D546A 4 Bytes [68, A3, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtUnmapViewOfSection + B 779D546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtCreateFile + 6 779D426A 4 Bytes [28, 40, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtCreateFile + B 779D426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtMapViewOfSection + 6 779D49BA 4 Bytes [28, 43, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtMapViewOfSection + B 779D49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenFile + 6 779D4A4A 4 Bytes [68, 40, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenFile + B 779D4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcess + 6 779D4ACA 4 Bytes [A8, 41, B3, 00] {TEST AL, 0x41; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcess + B 779D4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcessToken + B 779D4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcessTokenEx + 6 779D4AEA 4 Bytes [A8, 42, B3, 00] {TEST AL, 0x42; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcessTokenEx + B 779D4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThread + 6 779D4B3A 4 Bytes [68, 41, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThread + B 779D4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThreadToken + 6 779D4B4A 4 Bytes [68, 42, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThreadToken + B 779D4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThreadTokenEx + B 779D4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtQueryAttributesFile + 6 779D4BEA 4 Bytes [A8, 40, B3, 00] {TEST AL, 0x40; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtQueryAttributesFile + B 779D4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtQueryFullAttributesFile + B 779D4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtSetInformationFile + 6 779D517A 4 Bytes [28, 41, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtSetInformationFile + B 779D517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtSetInformationThread + 6 779D51CA 4 Bytes [28, 42, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtSetInformationThread + B 779D51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtUnmapViewOfSection + 6 779D546A 4 Bytes [68, 43, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtUnmapViewOfSection + B 779D546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtCreateFile + 6 779D426A 4 Bytes [28, 78, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtCreateFile + B 779D426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtMapViewOfSection + 6 779D49BA 4 Bytes [28, 7B, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtMapViewOfSection + B 779D49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenFile + 6 779D4A4A 4 Bytes [68, 78, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenFile + B 779D4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcess + 6 779D4ACA 4 Bytes [A8, 79, E7, 00] {TEST AL, 0x79; OUT 0x0, EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcess + B 779D4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcessToken + B 779D4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcessTokenEx + 6 779D4AEA 4 Bytes [A8, 7A, E7, 00] {TEST AL, 0x7a; OUT 0x0, EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcessTokenEx + B 779D4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThread + 6 779D4B3A 4 Bytes [68, 79, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThread + B 779D4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThreadToken + 6 779D4B4A 4 Bytes [68, 7A, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThreadToken + B 779D4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThreadTokenEx + B 779D4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtQueryAttributesFile + 6 779D4BEA 4 Bytes [A8, 78, E7, 00] {TEST AL, 0x78; OUT 0x0, EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtQueryAttributesFile + B 779D4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtQueryFullAttributesFile + B 779D4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationFile + 6 779D517A 4 Bytes [28, 79, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationFile + B 779D517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationThread + 6 779D51CA 4 Bytes [28, 7A, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationThread + B 779D51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtUnmapViewOfSection + 6 779D546A 4 Bytes [68, 7B, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtUnmapViewOfSection + B 779D546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtCreateFile + 6 779D426A 4 Bytes [28, 00, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtCreateFile + B 779D426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtMapViewOfSection + 6 779D49BA 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtMapViewOfSection + 6 779D49BA 4 Bytes [28, 03, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtMapViewOfSection + B 779D49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenFile + 6 779D4A4A 4 Bytes [68, 00, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenFile + B 779D4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenProcess + 6 779D4ACA 4 Bytes [A8, 01, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenProcess + B 779D4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenProcessToken + B 779D4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenProcessTokenEx + 6 779D4AEA 4 Bytes [A8, 02, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenProcessTokenEx + B 779D4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenThread + 6 779D4B3A 4 Bytes [68, 01, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenThread + B 779D4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenThreadToken + 6 779D4B4A 4 Bytes [68, 02, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenThreadToken + B 779D4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenThreadTokenEx + B 779D4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtQueryAttributesFile + 6 779D4BEA 4 Bytes [A8, 00, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtQueryAttributesFile + B 779D4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtQueryFullAttributesFile + B 779D4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtSetInformationFile + 6 779D517A 4 Bytes [28, 01, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtSetInformationFile + B 779D517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtSetInformationThread + 6 779D51CA 4 Bytes [28, 02, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtSetInformationThread + B 779D51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtUnmapViewOfSection + 6 779D546A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtUnmapViewOfSection + 6 779D546A 4 Bytes [68, 03, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtUnmapViewOfSection + B 779D546F 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74747817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7478B4F1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7474BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7473F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7473E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [747773F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7474DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7473FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7473FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [747CCB00] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7476C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7473D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74736853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7473687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74742AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys Device \Driver\partmgr \Device\PartmgrControl aksfridge.sys AttachedDevice \Driver\tdx \Device\Udp kltdi.sys AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat tvtumon.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00242ccd5ea6 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@0017d5087c09 0x20 0x00 0x36 0x47 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@00188d3d47ad 0x38 0xBF 0xDF 0x67 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@001d98638ff3 0x46 0x28 0x85 0x69 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@d0176ad47ee6 0x05 0x23 0xE3 0x86 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@b4629329b9ad 0xDD 0x49 0x93 0x13 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\KLIF\Parameters@LastProcessedRevision 10081945 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x00 0x4F 0x53 0x37 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00242ccd5ea6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@0017d5087c09 0x20 0x00 0x36 0x47 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@00188d3d47ad 0x38 0xBF 0xDF 0x67 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@001d98638ff3 0x46 0x28 0x85 0x69 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@d0176ad47ee6 0x05 0x23 0xE3 0x86 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@b4629329b9ad 0xDD 0x49 0x93 0x13 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x00 0x4F 0x53 0x37 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4F 0x4D 0x61 0x57 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0xA8 0x59 0x19 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00242ccd5ea6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@0017d5087c09 0x20 0x00 0x36 0x47 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@00188d3d47ad 0x38 0xBF 0xDF 0x67 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@001d98638ff3 0x46 0x28 0x85 0x69 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@d0176ad47ee6 0x05 0x23 0xE3 0x86 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@b4629329b9ad 0xDD 0x49 0x93 0x13 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x00 0x4F 0x53 0x37 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4F 0x4D 0x61 0x57 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0xA8 0x59 0x19 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00242ccd5ea6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@0017d5087c09 0x20 0x00 0x36 0x47 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@00188d3d47ad 0x38 0xBF 0xDF 0x67 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@001d98638ff3 0x46 0x28 0x85 0x69 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@d0176ad47ee6 0x05 0x23 0xE3 0x86 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@b4629329b9ad 0xDD 0x49 0x93 0x13 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x00 0x4F 0x53 0x37 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4F 0x4D 0x61 0x57 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0xA8 0x59 0x19 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00242ccd5ea6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@0017d5087c09 0x20 0x00 0x36 0x47 ... Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@00188d3d47ad 0x38 0xBF 0xDF 0x67 ... Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@001d98638ff3 0x46 0x28 0x85 0x69 ... Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@d0176ad47ee6 0x05 0x23 0xE3 0x86 ... Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00242ccd5ea6@b4629329b9ad 0xDD 0x49 0x93 0x13 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x00 0x4F 0x53 0x37 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) ---- EOF - GMER 2.1 ----