GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-10 22:01:04 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320423AS rev.D005SDM1 298,09GB Running: ykvn86lm.exe; Driver: C:\Users\KARINA\AppData\Local\Temp\pgldapod.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82E51A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E8B212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text sptd.sys 8B099000 8 Bytes [34, 42, 23, 83, A0, A7, 22, ...] {XOR AL, 0x42; AND EAX, [EBX-0x7cdd5860]} .text sptd.sys 8B099009 12 Bytes [A7, 22, 83, 48, CB, 22, 83, ...] .text sptd.sys 8B099016 10 Bytes [24, 83, EE, C6, 22, 83, 44, ...] .text sptd.sys 8B099024 4 Bytes [44, 85, 1C, 8B] {INC ESP; TEST [EBX+ECX*4], EBX} .text sptd.sys 8B09902C 10 Bytes [11, 99, 07, 83, 0B, 5A, FF, ...] .text ... .sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x8B190D38] ? C:\Windows\System32\Drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtCreateFile + 6 77C2560E 4 Bytes [28, AC, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtCreateFile + B 77C25613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtMapViewOfSection + 6 77C25C6E 4 Bytes [28, AF, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtMapViewOfSection + B 77C25C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenFile + 6 77C25D1E 4 Bytes [68, AC, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenFile + B 77C25D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcess + 6 77C25DCE 4 Bytes [A8, AD, 77, 00] {TEST AL, 0xad; JA 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcess + B 77C25DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessToken + 6 77C25DDE 4 Bytes CALL 76C2D590 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessToken + B 77C25DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessTokenEx + 6 77C25DEE 4 Bytes [A8, AE, 77, 00] {TEST AL, 0xae; JA 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessTokenEx + B 77C25DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThread + 6 77C25E4E 4 Bytes [68, AD, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThread + B 77C25E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadToken + 6 77C25E5E 4 Bytes [68, AE, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadToken + B 77C25E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadTokenEx + 6 77C25E6E 4 Bytes CALL 76C2D621 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadTokenEx + B 77C25E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryAttributesFile + 6 77C25F7E 4 Bytes [A8, AC, 77, 00] {TEST AL, 0xac; JA 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryAttributesFile + B 77C25F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryFullAttributesFile + 6 77C2602E 4 Bytes CALL 76C2D7DF C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryFullAttributesFile + B 77C26033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationFile + 6 77C2667E 4 Bytes [28, AD, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationFile + B 77C26683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationThread + 6 77C266DE 4 Bytes [28, AE, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationThread + B 77C266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtUnmapViewOfSection + 6 77C269FE 4 Bytes [68, AF, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtUnmapViewOfSection + B 77C26A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtCreateFile + 6 77C2560E 4 Bytes [28, 64, C9, 00] {SUB [ECX+ECX*8+0x0], AH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtCreateFile + B 77C25613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtMapViewOfSection + 6 77C25C6E 4 Bytes [28, 67, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtMapViewOfSection + B 77C25C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtOpenFile + 6 77C25D1E 4 Bytes [68, 64, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtOpenFile + B 77C25D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtOpenProcess + 6 77C25DCE 4 Bytes [A8, 65, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtOpenProcess + B 77C25DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtOpenProcessToken + B 77C25DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtOpenProcessTokenEx + 6 77C25DEE 4 Bytes [A8, 66, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtOpenProcessTokenEx + B 77C25DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtOpenThread + 6 77C25E4E 4 Bytes [68, 65, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtOpenThread + B 77C25E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtOpenThreadToken + 6 77C25E5E 4 Bytes [68, 66, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtOpenThreadToken + B 77C25E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtOpenThreadTokenEx + B 77C25E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtQueryAttributesFile + 6 77C25F7E 4 Bytes [A8, 64, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtQueryAttributesFile + B 77C25F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtQueryFullAttributesFile + B 77C26033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtSetInformationFile + 6 77C2667E 4 Bytes [28, 65, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtSetInformationFile + B 77C26683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtSetInformationThread + 6 77C266DE 4 Bytes [28, 66, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtSetInformationThread + B 77C266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtUnmapViewOfSection + 6 77C269FE 4 Bytes [68, 67, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[976] ntdll.dll!NtUnmapViewOfSection + B 77C26A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtCreateFile + 6 77C2560E 4 Bytes [28, EC, FF, 00] {SUB AH, CH; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtCreateFile + B 77C25613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtMapViewOfSection + 6 77C25C6E 4 Bytes [28, EF, FF, 00] {SUB BH, CH; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtMapViewOfSection + B 77C25C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtOpenFile + 6 77C25D1E 4 Bytes [68, EC, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtOpenFile + B 77C25D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtOpenProcess + 6 77C25DCE 4 Bytes [A8, ED, FF, 00] {TEST AL, 0xed; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtOpenProcess + B 77C25DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtOpenProcessToken + B 77C25DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtOpenProcessTokenEx + 6 77C25DEE 4 Bytes [A8, EE, FF, 00] {TEST AL, 0xee; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtOpenProcessTokenEx + B 77C25DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtOpenThread + 6 77C25E4E 4 Bytes [68, ED, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtOpenThread + B 77C25E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtOpenThreadToken + 6 77C25E5E 4 Bytes [68, EE, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtOpenThreadToken + B 77C25E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtOpenThreadTokenEx + B 77C25E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtQueryAttributesFile + 6 77C25F7E 4 Bytes [A8, EC, FF, 00] {TEST AL, 0xec; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtQueryAttributesFile + B 77C25F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtQueryFullAttributesFile + B 77C26033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtSetInformationFile + 6 77C2667E 4 Bytes [28, ED, FF, 00] {SUB CH, CH; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtSetInformationFile + B 77C26683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtSetInformationThread + 6 77C266DE 4 Bytes [28, EE, FF, 00] {SUB DH, CH; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtSetInformationThread + B 77C266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtUnmapViewOfSection + 6 77C269FE 4 Bytes [68, EF, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] ntdll.dll!NtUnmapViewOfSection + B 77C26A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1076] CRYPT32.dll!PFXVerifyPassword + 3DEA 75E65A8E 1 Byte [BF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtCreateFile + 6 77C2560E 4 Bytes [28, 58, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtCreateFile + B 77C25613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtMapViewOfSection + 6 77C25C6E 4 Bytes [28, 5B, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtMapViewOfSection + B 77C25C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtOpenFile + 6 77C25D1E 4 Bytes [68, 58, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtOpenFile + B 77C25D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtOpenProcess + 6 77C25DCE 4 Bytes [A8, 59, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtOpenProcess + B 77C25DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtOpenProcessToken + 6 77C25DDE 4 Bytes CALL 76C2F83C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtOpenProcessToken + B 77C25DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtOpenProcessTokenEx + 6 77C25DEE 4 Bytes [A8, 5A, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtOpenProcessTokenEx + B 77C25DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtOpenThread + 6 77C25E4E 4 Bytes [68, 59, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtOpenThread + B 77C25E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtOpenThreadToken + 6 77C25E5E 4 Bytes [68, 5A, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtOpenThreadToken + B 77C25E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtOpenThreadTokenEx + 6 77C25E6E 4 Bytes CALL 76C2F8CD C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtOpenThreadTokenEx + B 77C25E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtQueryAttributesFile + 6 77C25F7E 4 Bytes [A8, 58, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtQueryAttributesFile + B 77C25F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtQueryFullAttributesFile + 6 77C2602E 4 Bytes CALL 76C2FA8B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtQueryFullAttributesFile + B 77C26033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtSetInformationFile + 6 77C2667E 4 Bytes [28, 59, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtSetInformationFile + B 77C26683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtSetInformationThread + 6 77C266DE 4 Bytes [28, 5A, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtSetInformationThread + B 77C266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtUnmapViewOfSection + 6 77C269FE 4 Bytes [68, 5B, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1924] ntdll.dll!NtUnmapViewOfSection + B 77C26A03 1 Byte [E2] .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1932] kernel32.dll!SetUnhandledExceptionFilter 76EAF4EB 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtCreateFile + 6 77C2560E 4 Bytes [28, 34, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtCreateFile + B 77C25613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtMapViewOfSection + 6 77C25C6E 4 Bytes [28, 37, FF, 00] {SUB [EDI], DH; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtMapViewOfSection + B 77C25C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenFile + 6 77C25D1E 4 Bytes [68, 34, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenFile + B 77C25D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenProcess + 6 77C25DCE 4 Bytes [A8, 35, FF, 00] {TEST AL, 0x35; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenProcess + B 77C25DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenProcessToken + B 77C25DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenProcessTokenEx + 6 77C25DEE 4 Bytes [A8, 36, FF, 00] {TEST AL, 0x36; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenProcessTokenEx + B 77C25DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenThread + 6 77C25E4E 4 Bytes [68, 35, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenThread + B 77C25E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenThreadToken + 6 77C25E5E 4 Bytes [68, 36, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenThreadToken + B 77C25E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenThreadTokenEx + B 77C25E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtQueryAttributesFile + 6 77C25F7E 4 Bytes [A8, 34, FF, 00] {TEST AL, 0x34; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtQueryAttributesFile + B 77C25F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtQueryFullAttributesFile + B 77C26033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtSetInformationFile + 6 77C2667E 4 Bytes [28, 35, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtSetInformationFile + B 77C26683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtSetInformationThread + 6 77C266DE 4 Bytes [28, 36, FF, 00] {SUB [ESI], DH; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtSetInformationThread + B 77C266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtUnmapViewOfSection + 6 77C269FE 4 Bytes [68, 37, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtUnmapViewOfSection + B 77C26A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtCreateFile + 6 77C2560E 4 Bytes [28, EC, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtCreateFile + B 77C25613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtMapViewOfSection + 6 77C25C6E 4 Bytes [28, EF, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtMapViewOfSection + B 77C25C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenFile + 6 77C25D1E 4 Bytes [68, EC, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenFile + B 77C25D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcess + 6 77C25DCE 4 Bytes [A8, ED, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcess + B 77C25DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcessToken + 6 77C25DDE 4 Bytes CALL 76C2E0D0 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcessToken + B 77C25DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcessTokenEx + 6 77C25DEE 4 Bytes [A8, EE, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcessTokenEx + B 77C25DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThread + 6 77C25E4E 4 Bytes [68, ED, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThread + B 77C25E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThreadToken + 6 77C25E5E 4 Bytes [68, EE, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThreadToken + B 77C25E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThreadTokenEx + 6 77C25E6E 4 Bytes CALL 76C2E161 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThreadTokenEx + B 77C25E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtQueryAttributesFile + 6 77C25F7E 4 Bytes [A8, EC, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtQueryAttributesFile + B 77C25F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtQueryFullAttributesFile + 6 77C2602E 4 Bytes CALL 76C2E31F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtQueryFullAttributesFile + B 77C26033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtSetInformationFile + 6 77C2667E 4 Bytes [28, ED, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtSetInformationFile + B 77C26683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtSetInformationThread + 6 77C266DE 4 Bytes [28, EE, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtSetInformationThread + B 77C266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtUnmapViewOfSection + 6 77C269FE 4 Bytes [68, EF, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtUnmapViewOfSection + B 77C26A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtCreateFile + 6 77C2560E 4 Bytes [28, 1C, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtCreateFile + B 77C25613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtMapViewOfSection + 6 77C25C6E 4 Bytes [28, 1F, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtMapViewOfSection + B 77C25C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenFile + 6 77C25D1E 4 Bytes [68, 1C, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenFile + B 77C25D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenProcess + 6 77C25DCE 4 Bytes [A8, 1D, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenProcess + B 77C25DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenProcessToken + 6 77C25DDE 4 Bytes CALL 76C2B600 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenProcessToken + B 77C25DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenProcessTokenEx + 6 77C25DEE 4 Bytes [A8, 1E, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenProcessTokenEx + B 77C25DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenThread + 6 77C25E4E 4 Bytes [68, 1D, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenThread + B 77C25E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenThreadToken + 6 77C25E5E 4 Bytes [68, 1E, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenThreadToken + B 77C25E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenThreadTokenEx + 6 77C25E6E 4 Bytes CALL 76C2B691 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenThreadTokenEx + B 77C25E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtQueryAttributesFile + 6 77C25F7E 4 Bytes [A8, 1C, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtQueryAttributesFile + B 77C25F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtQueryFullAttributesFile + 6 77C2602E 4 Bytes CALL 76C2B84F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtQueryFullAttributesFile + B 77C26033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtSetInformationFile + 6 77C2667E 4 Bytes [28, 1D, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtSetInformationFile + B 77C26683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtSetInformationThread + 6 77C266DE 4 Bytes [28, 1E, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtSetInformationThread + B 77C266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtUnmapViewOfSection + 6 77C269FE 4 Bytes [68, 1F, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtUnmapViewOfSection + B 77C26A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtCreateFile + 6 77C2560E 4 Bytes [28, 38, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtCreateFile + B 77C25613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtMapViewOfSection + 6 77C25C6E 4 Bytes [28, 3B, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtMapViewOfSection + B 77C25C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenFile + 6 77C25D1E 4 Bytes [68, 38, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenFile + B 77C25D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenProcess + 6 77C25DCE 4 Bytes [A8, 39, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenProcess + B 77C25DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenProcessToken + B 77C25DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenProcessTokenEx + 6 77C25DEE 4 Bytes [A8, 3A, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenProcessTokenEx + B 77C25DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenThread + 6 77C25E4E 4 Bytes [68, 39, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenThread + B 77C25E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenThreadToken + 6 77C25E5E 4 Bytes [68, 3A, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenThreadToken + B 77C25E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenThreadTokenEx + B 77C25E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtQueryAttributesFile + 6 77C25F7E 4 Bytes [A8, 38, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtQueryAttributesFile + B 77C25F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtQueryFullAttributesFile + B 77C26033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtSetInformationFile + 6 77C2667E 4 Bytes [28, 39, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtSetInformationFile + B 77C26683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtSetInformationThread + 6 77C266DE 4 Bytes [28, 3A, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtSetInformationThread + B 77C266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtUnmapViewOfSection + 6 77C269FE 4 Bytes [68, 3B, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtUnmapViewOfSection + B 77C26A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtCreateFile + 6 77C2560E 4 Bytes [28, A0, 0C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtCreateFile + B 77C25613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtMapViewOfSection + 6 77C25C6E 4 Bytes [28, A3, 0C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtMapViewOfSection + B 77C25C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenFile + 6 77C25D1E 4 Bytes [68, A0, 0C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenFile + B 77C25D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenProcess + 6 77C25DCE 4 Bytes [A8, A1, 0C, 00] {TEST AL, 0xa1; OR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenProcess + B 77C25DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenProcessToken + 6 77C25DDE 4 Bytes CALL 76C26A84 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenProcessToken + B 77C25DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenProcessTokenEx + 6 77C25DEE 4 Bytes [A8, A2, 0C, 00] {TEST AL, 0xa2; OR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenProcessTokenEx + B 77C25DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenThread + 6 77C25E4E 4 Bytes [68, A1, 0C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenThread + B 77C25E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenThreadToken + 6 77C25E5E 4 Bytes [68, A2, 0C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenThreadToken + B 77C25E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenThreadTokenEx + 6 77C25E6E 4 Bytes CALL 76C26B15 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenThreadTokenEx + B 77C25E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtQueryAttributesFile + 6 77C25F7E 4 Bytes [A8, A0, 0C, 00] {TEST AL, 0xa0; OR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtQueryAttributesFile + B 77C25F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtQueryFullAttributesFile + 6 77C2602E 4 Bytes CALL 76C26CD3 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtQueryFullAttributesFile + B 77C26033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtSetInformationFile + 6 77C2667E 4 Bytes [28, A1, 0C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtSetInformationFile + B 77C26683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtSetInformationThread + 6 77C266DE 4 Bytes [28, A2, 0C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtSetInformationThread + B 77C266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtUnmapViewOfSection + 6 77C269FE 4 Bytes [68, A3, 0C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtUnmapViewOfSection + B 77C26A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtCreateFile + 6 77C2560E 4 Bytes [28, C4, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtCreateFile + B 77C25613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtMapViewOfSection + 6 77C25C6E 4 Bytes [28, C7, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtMapViewOfSection + B 77C25C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenFile + 6 77C25D1E 4 Bytes [68, C4, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenFile + B 77C25D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcess + 6 77C25DCE 4 Bytes [A8, C5, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcess + B 77C25DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcessToken + 6 77C25DDE 4 Bytes CALL 76C2BCA8 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcessToken + B 77C25DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcessTokenEx + 6 77C25DEE 4 Bytes [A8, C6, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcessTokenEx + B 77C25DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThread + 6 77C25E4E 4 Bytes [68, C5, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThread + B 77C25E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThreadToken + 6 77C25E5E 4 Bytes [68, C6, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThreadToken + B 77C25E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThreadTokenEx + 6 77C25E6E 4 Bytes CALL 76C2BD39 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThreadTokenEx + B 77C25E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtQueryAttributesFile + 6 77C25F7E 4 Bytes [A8, C4, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtQueryAttributesFile + B 77C25F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtQueryFullAttributesFile + 6 77C2602E 4 Bytes CALL 76C2BEF7 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtQueryFullAttributesFile + B 77C26033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtSetInformationFile + 6 77C2667E 4 Bytes [28, C5, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtSetInformationFile + B 77C26683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtSetInformationThread + 6 77C266DE 4 Bytes [28, C6, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtSetInformationThread + B 77C266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtUnmapViewOfSection + 6 77C269FE 4 Bytes [68, C7, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtUnmapViewOfSection + B 77C26A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtCreateFile + 6 77C2560E 4 Bytes [28, C8, 30, 00] {SUB AL, CL; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtCreateFile + B 77C25613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtMapViewOfSection + 6 77C25C6E 4 Bytes [28, CB, 30, 00] {SUB BL, CL; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtMapViewOfSection + B 77C25C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenFile + 6 77C25D1E 4 Bytes [68, C8, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenFile + B 77C25D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcess + 6 77C25DCE 4 Bytes [A8, C9, 30, 00] {TEST AL, 0xc9; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcess + B 77C25DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessToken + 6 77C25DDE 4 Bytes CALL 76C28EAC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessToken + B 77C25DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessTokenEx + 6 77C25DEE 4 Bytes [A8, CA, 30, 00] {TEST AL, 0xca; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessTokenEx + B 77C25DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThread + 6 77C25E4E 4 Bytes [68, C9, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThread + B 77C25E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadToken + 6 77C25E5E 4 Bytes [68, CA, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadToken + B 77C25E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadTokenEx + 6 77C25E6E 4 Bytes CALL 76C28F3D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadTokenEx + B 77C25E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryAttributesFile + 6 77C25F7E 4 Bytes [A8, C8, 30, 00] {TEST AL, 0xc8; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryAttributesFile + B 77C25F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryFullAttributesFile + 6 77C2602E 4 Bytes CALL 76C290FB C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryFullAttributesFile + B 77C26033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationFile + 6 77C2667E 4 Bytes [28, C9, 30, 00] {SUB CL, CL; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationFile + B 77C26683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationThread + 6 77C266DE 4 Bytes [28, CA, 30, 00] {SUB DL, CL; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationThread + B 77C266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtUnmapViewOfSection + 6 77C269FE 4 Bytes [68, CB, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtUnmapViewOfSection + B 77C26A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtCreateFile + 6 77C2560E 4 Bytes [28, 98, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtCreateFile + B 77C25613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtMapViewOfSection + 6 77C25C6E 4 Bytes [28, 9B, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtMapViewOfSection + B 77C25C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtOpenFile + 6 77C25D1E 4 Bytes [68, 98, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtOpenFile + B 77C25D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtOpenProcess + 6 77C25DCE 4 Bytes [A8, 99, 2B, 00] {TEST AL, 0x99; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtOpenProcess + B 77C25DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtOpenProcessToken + 6 77C25DDE 4 Bytes CALL 76C2897C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtOpenProcessToken + B 77C25DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtOpenProcessTokenEx + 6 77C25DEE 4 Bytes [A8, 9A, 2B, 00] {TEST AL, 0x9a; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtOpenProcessTokenEx + B 77C25DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtOpenThread + 6 77C25E4E 4 Bytes [68, 99, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtOpenThread + B 77C25E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtOpenThreadToken + 6 77C25E5E 4 Bytes [68, 9A, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtOpenThreadToken + B 77C25E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtOpenThreadTokenEx + 6 77C25E6E 4 Bytes CALL 76C28A0D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtOpenThreadTokenEx + B 77C25E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtQueryAttributesFile + 6 77C25F7E 4 Bytes [A8, 98, 2B, 00] {TEST AL, 0x98; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtQueryAttributesFile + B 77C25F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtQueryFullAttributesFile + 6 77C2602E 4 Bytes CALL 76C28BCB C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtQueryFullAttributesFile + B 77C26033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtSetInformationFile + 6 77C2667E 4 Bytes [28, 99, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtSetInformationFile + B 77C26683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtSetInformationThread + 6 77C266DE 4 Bytes [28, 9A, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtSetInformationThread + B 77C266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtUnmapViewOfSection + 6 77C269FE 4 Bytes [68, 9B, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3716] ntdll.dll!NtUnmapViewOfSection + B 77C26A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtCreateFile + 6 77C2560E 4 Bytes [28, 1C, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtCreateFile + B 77C25613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtMapViewOfSection + 6 77C25C6E 4 Bytes [28, 1F, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtMapViewOfSection + B 77C25C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenFile + 6 77C25D1E 4 Bytes [68, 1C, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenFile + B 77C25D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenProcess + 6 77C25DCE 4 Bytes [A8, 1D, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenProcess + B 77C25DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenProcessToken + 6 77C25DDE 4 Bytes CALL 76C2AE00 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenProcessToken + B 77C25DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenProcessTokenEx + 6 77C25DEE 4 Bytes [A8, 1E, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenProcessTokenEx + B 77C25DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenThread + 6 77C25E4E 4 Bytes [68, 1D, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenThread + B 77C25E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenThreadToken + 6 77C25E5E 4 Bytes [68, 1E, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenThreadToken + B 77C25E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenThreadTokenEx + 6 77C25E6E 4 Bytes CALL 76C2AE91 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenThreadTokenEx + B 77C25E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtQueryAttributesFile + 6 77C25F7E 4 Bytes [A8, 1C, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtQueryAttributesFile + B 77C25F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtQueryFullAttributesFile + 6 77C2602E 4 Bytes CALL 76C2B04F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtQueryFullAttributesFile + B 77C26033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtSetInformationFile + 6 77C2667E 4 Bytes [28, 1D, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtSetInformationFile + B 77C26683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtSetInformationThread + 6 77C266DE 4 Bytes [28, 1E, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtSetInformationThread + B 77C266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtUnmapViewOfSection + 6 77C269FE 4 Bytes [68, 1F, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtUnmapViewOfSection + B 77C26A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtCreateFile + 6 77C2560E 4 Bytes [28, D8, FF, 00] {SUB AL, BL; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtCreateFile + B 77C25613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtMapViewOfSection + 6 77C25C6E 4 Bytes [28, DB, FF, 00] {SUB BL, BL; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtMapViewOfSection + B 77C25C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenFile + 6 77C25D1E 4 Bytes [68, D8, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenFile + B 77C25D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenProcess + 6 77C25DCE 4 Bytes [A8, D9, FF, 00] {TEST AL, 0xd9; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenProcess + B 77C25DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenProcessToken + B 77C25DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenProcessTokenEx + 6 77C25DEE 4 Bytes [A8, DA, FF, 00] {TEST AL, 0xda; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenProcessTokenEx + B 77C25DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenThread + 6 77C25E4E 4 Bytes [68, D9, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenThread + B 77C25E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenThreadToken + 6 77C25E5E 4 Bytes [68, DA, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenThreadToken + B 77C25E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenThreadTokenEx + B 77C25E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtQueryAttributesFile + 6 77C25F7E 4 Bytes [A8, D8, FF, 00] {TEST AL, 0xd8; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtQueryAttributesFile + B 77C25F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtQueryFullAttributesFile + B 77C26033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtSetInformationFile + 6 77C2667E 4 Bytes [28, D9, FF, 00] {SUB CL, BL; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtSetInformationFile + B 77C26683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtSetInformationThread + 6 77C266DE 4 Bytes [28, DA, FF, 00] {SUB DL, BL; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtSetInformationThread + B 77C266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtUnmapViewOfSection + 6 77C269FE 4 Bytes [68, DB, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtUnmapViewOfSection + B 77C26A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtCreateFile + 6 77C2560E 4 Bytes CALL 5AC1562A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtCreateFile + B 77C25613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtMapViewOfSection + 6 77C25C6E 4 Bytes [28, EB, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtMapViewOfSection + B 77C25C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenFile + 6 77C25D1E 4 Bytes CALL 5AC15D3A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenFile + B 77C25D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenProcess + 6 77C25DCE 4 Bytes JMP 5AC15DEA .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenProcess + B 77C25DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenProcessToken + 6 77C25DDE 4 Bytes CALL 76C275CC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenProcessToken + B 77C25DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenProcessTokenEx + 6 77C25DEE 4 Bytes JMP E2FF0017 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenProcessTokenEx + B 77C25DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenThread + 6 77C25E4E 4 Bytes JMP 5AC15E6A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenThread + B 77C25E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenThreadToken + 6 77C25E5E 4 Bytes JMP E2FF0017 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenThreadToken + B 77C25E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenThreadTokenEx + 6 77C25E6E 4 Bytes CALL 76C2765D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenThreadTokenEx + B 77C25E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtQueryAttributesFile + 6 77C25F7E 4 Bytes CALL 5AC15F9A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtQueryAttributesFile + B 77C25F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtQueryFullAttributesFile + 6 77C2602E 4 Bytes CALL 76C2781B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtQueryFullAttributesFile + B 77C26033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtSetInformationFile + 6 77C2667E 4 Bytes JMP 5AC1669A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtSetInformationFile + B 77C26683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtSetInformationThread + 6 77C266DE 4 Bytes JMP E2FF0017 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtSetInformationThread + B 77C266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtUnmapViewOfSection + 6 77C269FE 4 Bytes [68, EB, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtUnmapViewOfSection + B 77C26A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtCreateFile + 6 77C2560E 4 Bytes [28, 7C, CE, 00] {SUB [ESI+ECX*8+0x0], BH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtCreateFile + B 77C25613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtMapViewOfSection + 6 77C25C6E 4 Bytes [28, 7F, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtMapViewOfSection + B 77C25C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenFile + 6 77C25D1E 4 Bytes [68, 7C, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenFile + B 77C25D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenProcess + 6 77C25DCE 4 Bytes [A8, 7D, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenProcess + B 77C25DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenProcessToken + B 77C25DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenProcessTokenEx + 6 77C25DEE 4 Bytes [A8, 7E, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenProcessTokenEx + B 77C25DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenThread + 6 77C25E4E 4 Bytes [68, 7D, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenThread + B 77C25E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenThreadToken + 6 77C25E5E 4 Bytes [68, 7E, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenThreadToken + B 77C25E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenThreadTokenEx + B 77C25E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtQueryAttributesFile + 6 77C25F7E 4 Bytes [A8, 7C, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtQueryAttributesFile + B 77C25F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtQueryFullAttributesFile + B 77C26033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtSetInformationFile + 6 77C2667E 4 Bytes [28, 7D, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtSetInformationFile + B 77C26683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtSetInformationThread + 6 77C266DE 4 Bytes [28, 7E, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtSetInformationThread + B 77C266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtUnmapViewOfSection + 6 77C269FE 4 Bytes [68, 7F, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtUnmapViewOfSection + B 77C26A03 1 Byte [E2] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 854F11F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{81EE1AC3-E529-42C7-AC00-404D3B9FE377} 864361F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys Device \Driver\usbehci \Device\USBPDO-0 867E91F8 Device \Driver\usbehci \Device\USBPDO-1 867E91F8 Device \Driver\cdrom \Device\CdRom0 8740D430 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 854ED1F8 Device \Driver\atapi \Device\Ide\IdePort0 854ED1F8 Device \Driver\atapi \Device\Ide\IdePort1 854ED1F8 Device \Driver\atapi \Device\Ide\IdePort2 854ED1F8 Device \Driver\atapi \Device\Ide\IdePort3 854ED1F8 Device \Driver\atapi \Device\Ide\IdePort4 854ED1F8 Device \Driver\atapi \Device\Ide\IdePort5 854ED1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel0 854EE1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel1 854EE1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel2 854EE1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel3 854EE1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel4 854EE1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel5 854EE1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 864361F8 Device \Driver\PCI_PNP6615 \Device\0000005a sptd.sys Device \Driver\PCI_PNP6615 \Device\0000005a sptd.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{F5A4B17A-89CB-45BF-87AC-E7EEED2B76D9} 864361F8 Device \Driver\usbehci \Device\USBFDO-0 867E91F8 Device \Driver\usbehci \Device\USBFDO-1 867E91F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{395B7DA1-7DE9-47AF-BB17-EACAFCF7C3CA} 864361F8 Device \Driver\adc16h5j \Device\Scsi\adc16h5j1 869971F8 Device \Driver\adc16h5j \Device\Scsi\adc16h5j1Port6Path0Target0Lun0 869971F8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x854ed1f8]<< 854ed1f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8638c260] 8638c260 Trace 3 CLASSPNP.SYS[8b7bc59e] -> nt!IofCallDriver -> [0x8638c7b8] 8638c7b8 Trace 5 stdcfltn.sys[8b9ee896] -> nt!IofCallDriver -> [0x86264368] 86264368 Trace 7 ACPI.sys[8afab3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8623b030] 8623b030 Trace \Driver\atapi[0x86237710] -> IRP_MJ_CREATE -> 0x854ed1f8 854ed1f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCD 0x0F 0xBE 0xD7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xCB 0xB3 0x96 0x1F ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x96 0xAE 0xC5 0xE1 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCD 0x0F 0xBE 0xD7 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xCB 0xB3 0x96 0x1F ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x96 0xAE 0xC5 0xE1 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Package_1_for_KB2732486~31bf3856ad364e35~x86~~0.0.0.0@Package_1_for_KB2732487~31bf3856ad364e35~x86~~6.1.1.0 0 ---- EOF - GMER 2.1 ----