GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-05-10 10:44:11 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000006e WDC_WD32 rev.01.0 298,09GB Running: m57g1hli.exe; Driver: C:\Users\Kaja\AppData\Local\Temp\kxliapow.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8D10EB10] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8D10F5EE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x8D11B5E0] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8D11B62C] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8D11B7C6] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x8D11B54E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSection [0x8D11B670] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8D11B596] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThread [0x8D10FB24] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x8D10FD40] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x8D11B780] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8D1103DC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8D10EB76] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8D113B58] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x8D10E75E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8D10EBDC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8D113F4E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8D110E6C] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x8D11B60A] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8D11B64E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8D11B7EA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x8D11B574] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x8D113452] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSection [0x8D11B6FE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8D11B5BE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenThread [0x8D11383A] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x8D11B7A4] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x92A320CC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueryObject [0x8D110D38] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8D110A46] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8D10EC42] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8D10ECA8] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwSetContextThread [0x92A32316] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8D10E7F8] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8D10E9CE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8D10E95C] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8D1105A6] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x8D110708] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8D10EA56] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwTerminateProcess [0x92A32194] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x8D110236] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwVdmControl [0x8D10ED0E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x8D10F64A] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83088A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830C2212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 830C9460 4 Bytes [10, EB, 10, 8D] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 830C94E8 4 Bytes [EE, F5, 10, 8D] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 830C953C 8 Bytes [E0, B5, 11, 8D, 2C, B6, 11, ...] {LOOPNZ 0xffffffb7; ADC [EBP-0x72ee49d4], ECX} .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 830C9548 4 Bytes [C6, B7, 11, 8D] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 830C9564 4 Bytes [4E, B5, 11, 8D] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 832844DF 4 Bytes CALL 8D11152F \??\C:\Windows\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8329E347 4 Bytes CALL 8D111545 \??\C:\Windows\system32\drivers\aswSnx.sys .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8C8D7774] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93012000, 0x35356D, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[112] kernel32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[376] kernel32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Windows\system32\csrss.exe[476] kernel32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Windows\system32\wininit.exe[560] kernel32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Windows\system32\csrss.exe[568] kernel32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtCreateFile + 6 76F0560E 4 Bytes [28, 44, 38, 00] {SUB [EAX+EDI+0x0], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtCreateFile + B 76F05613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtMapViewOfSection + 6 76F05C6E 4 Bytes [28, 47, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtMapViewOfSection + B 76F05C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenFile + 6 76F05D1E 4 Bytes [68, 44, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenFile + B 76F05D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenProcess + 6 76F05DCE 4 Bytes [A8, 45, 38, 00] {TEST AL, 0x45; CMP [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenProcess + B 76F05DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenProcessToken + 6 76F05DDE 4 Bytes CALL 75F09628 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenProcessToken + B 76F05DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenProcessTokenEx + 6 76F05DEE 4 Bytes [A8, 46, 38, 00] {TEST AL, 0x46; CMP [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenProcessTokenEx + B 76F05DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenThread + 6 76F05E4E 4 Bytes [68, 45, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenThread + B 76F05E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenThreadToken + 6 76F05E5E 4 Bytes [68, 46, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenThreadToken + B 76F05E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenThreadTokenEx + 6 76F05E6E 4 Bytes CALL 75F096B9 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenThreadTokenEx + B 76F05E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtQueryAttributesFile + 6 76F05F7E 4 Bytes [A8, 44, 38, 00] {TEST AL, 0x44; CMP [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtQueryAttributesFile + B 76F05F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtQueryFullAttributesFile + 6 76F0602E 4 Bytes CALL 75F09877 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtQueryFullAttributesFile + B 76F06033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtSetInformationFile + 6 76F0667E 4 Bytes [28, 45, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtSetInformationFile + B 76F06683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtSetInformationThread + 6 76F066DE 4 Bytes [28, 46, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtSetInformationThread + B 76F066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtUnmapViewOfSection + 6 76F069FE 4 Bytes [68, 47, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtUnmapViewOfSection + B 76F06A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!LdrUnloadDll 76F1C8DE 5 Bytes JMP 005503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!LdrLoadDll 76F222AE 5 Bytes JMP 005501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] KERNEL32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Windows\system32\svchost.exe[1244] kernel32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Windows\system32\taskeng.exe[1276] kernel32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1296] kernel32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtCreateFile + 6 76F0560E 4 Bytes [28, BC, DC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtCreateFile + B 76F05613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtMapViewOfSection + 6 76F05C6E 4 Bytes [28, BF, DC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtMapViewOfSection + B 76F05C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenFile + 6 76F05D1E 4 Bytes [68, BC, DC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenFile + B 76F05D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenProcess + 6 76F05DCE 4 Bytes [A8, BD, DC, 00] {TEST AL, 0xbd; FADD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenProcess + B 76F05DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenProcessToken + 6 76F05DDE 4 Bytes CALL 75F13AA0 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenProcessToken + B 76F05DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenProcessTokenEx + 6 76F05DEE 4 Bytes [A8, BE, DC, 00] {TEST AL, 0xbe; FADD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenProcessTokenEx + B 76F05DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenThread + 6 76F05E4E 4 Bytes [68, BD, DC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenThread + B 76F05E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenThreadToken + 6 76F05E5E 4 Bytes [68, BE, DC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenThreadToken + B 76F05E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenThreadTokenEx + 6 76F05E6E 4 Bytes CALL 75F13B31 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenThreadTokenEx + B 76F05E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtQueryAttributesFile + 6 76F05F7E 4 Bytes [A8, BC, DC, 00] {TEST AL, 0xbc; FADD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtQueryAttributesFile + B 76F05F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtQueryFullAttributesFile + 6 76F0602E 4 Bytes CALL 75F13CEF C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtQueryFullAttributesFile + B 76F06033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtSetInformationFile + 6 76F0667E 4 Bytes [28, BD, DC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtSetInformationFile + B 76F06683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtSetInformationThread + 6 76F066DE 4 Bytes [28, BE, DC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtSetInformationThread + B 76F066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtUnmapViewOfSection + 6 76F069FE 4 Bytes [68, BF, DC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtUnmapViewOfSection + B 76F06A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!LdrUnloadDll 76F1C8DE 5 Bytes JMP 00E903FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!LdrLoadDll 76F222AE 5 Bytes JMP 00E901F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] KERNEL32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe[2420] kernel32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[2508] kernel32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2540] kernel32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!LdrUnloadDll 76F1C8DE 5 Bytes JMP 001E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!LdrLoadDll 76F222AE 5 Bytes JMP 001E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] KERNEL32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3356] kernel32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[3376] kernel32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3392] kernel32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Windows\system32\DllHost.exe[3416] kernel32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtCreateFile + 6 76F0560E 4 Bytes [28, 44, FA, 00] {SUB [EDX+EDI*8+0x0], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtCreateFile + B 76F05613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtMapViewOfSection + 6 76F05C6E 4 Bytes [28, 47, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtMapViewOfSection + B 76F05C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenFile + 6 76F05D1E 4 Bytes [68, 44, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenFile + B 76F05D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenProcess + 6 76F05DCE 4 Bytes [A8, 45, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenProcess + B 76F05DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenProcessToken + 6 76F05DDE 4 Bytes CALL 75F15828 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenProcessToken + B 76F05DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenProcessTokenEx + 6 76F05DEE 4 Bytes [A8, 46, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenProcessTokenEx + B 76F05DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenThread + 6 76F05E4E 4 Bytes [68, 45, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenThread + B 76F05E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenThreadToken + 6 76F05E5E 4 Bytes [68, 46, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenThreadToken + B 76F05E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenThreadTokenEx + 6 76F05E6E 4 Bytes CALL 75F158B9 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenThreadTokenEx + B 76F05E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtQueryAttributesFile + 6 76F05F7E 4 Bytes [A8, 44, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtQueryAttributesFile + B 76F05F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtQueryFullAttributesFile + 6 76F0602E 4 Bytes CALL 75F15A77 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtQueryFullAttributesFile + B 76F06033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtSetInformationFile + 6 76F0667E 4 Bytes [28, 45, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtSetInformationFile + B 76F06683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtSetInformationThread + 6 76F066DE 4 Bytes [28, 46, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtSetInformationThread + B 76F066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtUnmapViewOfSection + 6 76F069FE 4 Bytes [68, 47, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtUnmapViewOfSection + B 76F06A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!LdrUnloadDll 76F1C8DE 5 Bytes JMP 010603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!LdrLoadDll 76F222AE 5 Bytes JMP 010601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] KERNEL32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe[3444] kernel32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Windows\system32\AUDIODG.EXE[3524] kernel32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3568] KERNEL32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3580] kernel32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtCreateFile + 6 76F0560E 4 Bytes [28, 50, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtCreateFile + B 76F05613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtMapViewOfSection + 6 76F05C6E 4 Bytes [28, 53, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtMapViewOfSection + B 76F05C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenFile + 6 76F05D1E 4 Bytes [68, 50, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenFile + B 76F05D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenProcess + 6 76F05DCE 4 Bytes [A8, 51, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenProcess + B 76F05DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenProcessToken + 6 76F05DDE 4 Bytes CALL 75F0BB34 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenProcessToken + B 76F05DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenProcessTokenEx + 6 76F05DEE 4 Bytes [A8, 52, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenProcessTokenEx + B 76F05DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenThread + 6 76F05E4E 4 Bytes [68, 51, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenThread + B 76F05E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenThreadToken + 6 76F05E5E 4 Bytes [68, 52, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenThreadToken + B 76F05E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenThreadTokenEx + 6 76F05E6E 4 Bytes CALL 75F0BBC5 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenThreadTokenEx + B 76F05E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtQueryAttributesFile + 6 76F05F7E 4 Bytes [A8, 50, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtQueryAttributesFile + B 76F05F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtQueryFullAttributesFile + 6 76F0602E 4 Bytes CALL 75F0BD83 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtQueryFullAttributesFile + B 76F06033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtSetInformationFile + 6 76F0667E 4 Bytes [28, 51, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtSetInformationFile + B 76F06683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtSetInformationThread + 6 76F066DE 4 Bytes [28, 52, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtSetInformationThread + B 76F066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtUnmapViewOfSection + 6 76F069FE 4 Bytes [68, 53, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtUnmapViewOfSection + B 76F06A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!LdrUnloadDll 76F1C8DE 5 Bytes JMP 006303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!LdrLoadDll 76F222AE 5 Bytes JMP 006301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6164] KERNEL32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtCreateFile + 6 76F0560E 4 Bytes [28, 20, 72, 00] {SUB [EAX], AH; JB 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtCreateFile + B 76F05613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtMapViewOfSection + 6 76F05C6E 4 Bytes [28, 23, 72, 00] {SUB [EBX], AH; JB 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtMapViewOfSection + B 76F05C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtOpenFile + 6 76F05D1E 4 Bytes [68, 20, 72, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtOpenFile + B 76F05D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtOpenProcess + 6 76F05DCE 4 Bytes [A8, 21, 72, 00] {TEST AL, 0x21; JB 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtOpenProcess + B 76F05DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtOpenProcessToken + 6 76F05DDE 4 Bytes CALL 75F0D004 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtOpenProcessToken + B 76F05DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtOpenProcessTokenEx + 6 76F05DEE 4 Bytes [A8, 22, 72, 00] {TEST AL, 0x22; JB 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtOpenProcessTokenEx + B 76F05DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtOpenThread + 6 76F05E4E 4 Bytes [68, 21, 72, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtOpenThread + B 76F05E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtOpenThreadToken + 6 76F05E5E 4 Bytes [68, 22, 72, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtOpenThreadToken + B 76F05E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtOpenThreadTokenEx + 6 76F05E6E 4 Bytes CALL 75F0D095 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtOpenThreadTokenEx + B 76F05E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtQueryAttributesFile + 6 76F05F7E 4 Bytes [A8, 20, 72, 00] {TEST AL, 0x20; JB 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtQueryAttributesFile + B 76F05F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtQueryFullAttributesFile + 6 76F0602E 4 Bytes CALL 75F0D253 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtQueryFullAttributesFile + B 76F06033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtSetInformationFile + 6 76F0667E 4 Bytes [28, 21, 72, 00] {SUB [ECX], AH; JB 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtSetInformationFile + B 76F06683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtSetInformationThread + 6 76F066DE 4 Bytes [28, 22, 72, 00] {SUB [EDX], AH; JB 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtSetInformationThread + B 76F066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtUnmapViewOfSection + 6 76F069FE 4 Bytes [68, 23, 72, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!NtUnmapViewOfSection + B 76F06A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!LdrUnloadDll 76F1C8DE 5 Bytes JMP 007F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] ntdll.dll!LdrLoadDll 76F222AE 5 Bytes JMP 007F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6184] KERNEL32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtCreateFile + 6 76F0560E 4 Bytes [28, 64, D7, 00] {SUB [EDI+EDX*8+0x0], AH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtCreateFile + B 76F05613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtMapViewOfSection + 6 76F05C6E 4 Bytes [28, 67, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtMapViewOfSection + B 76F05C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtOpenFile + 6 76F05D1E 4 Bytes [68, 64, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtOpenFile + B 76F05D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtOpenProcess + 6 76F05DCE 4 Bytes [A8, 65, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtOpenProcess + B 76F05DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtOpenProcessToken + 6 76F05DDE 4 Bytes CALL 75F13548 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtOpenProcessToken + B 76F05DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtOpenProcessTokenEx + 6 76F05DEE 4 Bytes [A8, 66, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtOpenProcessTokenEx + B 76F05DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtOpenThread + 6 76F05E4E 4 Bytes [68, 65, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtOpenThread + B 76F05E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtOpenThreadToken + 6 76F05E5E 4 Bytes [68, 66, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtOpenThreadToken + B 76F05E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtOpenThreadTokenEx + 6 76F05E6E 4 Bytes CALL 75F135D9 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtOpenThreadTokenEx + B 76F05E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtQueryAttributesFile + 6 76F05F7E 4 Bytes [A8, 64, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtQueryAttributesFile + B 76F05F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtQueryFullAttributesFile + 6 76F0602E 4 Bytes CALL 75F13797 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtQueryFullAttributesFile + B 76F06033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtSetInformationFile + 6 76F0667E 4 Bytes [28, 65, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtSetInformationFile + B 76F06683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtSetInformationThread + 6 76F066DE 4 Bytes [28, 66, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtSetInformationThread + B 76F066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtUnmapViewOfSection + 6 76F069FE 4 Bytes [68, 67, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!NtUnmapViewOfSection + B 76F06A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!LdrUnloadDll 76F1C8DE 5 Bytes JMP 00E403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] ntdll.dll!LdrLoadDll 76F222AE 5 Bytes JMP 00E401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6596] KERNEL32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Users\Kaja\Desktop\gm\m57g1hli.exe[6804] kernel32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtCreateFile + 6 76F0560E 4 Bytes [28, 48, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtCreateFile + B 76F05613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtMapViewOfSection + 6 76F05C6E 4 Bytes [28, 4B, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtMapViewOfSection + B 76F05C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtOpenFile + 6 76F05D1E 4 Bytes [68, 48, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtOpenFile + B 76F05D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtOpenProcess + 6 76F05DCE 4 Bytes [A8, 49, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtOpenProcess + B 76F05DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtOpenProcessToken + 6 76F05DDE 4 Bytes CALL 75F1352C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtOpenProcessToken + B 76F05DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtOpenProcessTokenEx + 6 76F05DEE 4 Bytes [A8, 4A, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtOpenProcessTokenEx + B 76F05DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtOpenThread + 6 76F05E4E 4 Bytes [68, 49, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtOpenThread + B 76F05E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtOpenThreadToken + 6 76F05E5E 4 Bytes [68, 4A, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtOpenThreadToken + B 76F05E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtOpenThreadTokenEx + 6 76F05E6E 4 Bytes CALL 75F135BD C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtOpenThreadTokenEx + B 76F05E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtQueryAttributesFile + 6 76F05F7E 4 Bytes [A8, 48, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtQueryAttributesFile + B 76F05F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtQueryFullAttributesFile + 6 76F0602E 4 Bytes CALL 75F1377B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtQueryFullAttributesFile + B 76F06033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtSetInformationFile + 6 76F0667E 4 Bytes [28, 49, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtSetInformationFile + B 76F06683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtSetInformationThread + 6 76F066DE 4 Bytes [28, 4A, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtSetInformationThread + B 76F066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtUnmapViewOfSection + 6 76F069FE 4 Bytes [68, 4B, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!NtUnmapViewOfSection + B 76F06A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!LdrUnloadDll 76F1C8DE 5 Bytes JMP 00DC03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] ntdll.dll!LdrLoadDll 76F222AE 5 Bytes JMP 00DC01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7072] KERNEL32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtCreateFile + 6 76F0560E 4 Bytes [28, 30, 03, 01] {SUB [EAX], DH; ADD EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtCreateFile + B 76F05613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtMapViewOfSection + 6 76F05C6E 4 Bytes [28, 33, 03, 01] {SUB [EBX], DH; ADD EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtMapViewOfSection + B 76F05C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenFile + 6 76F05D1E 4 Bytes [68, 30, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenFile + B 76F05D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenProcess + 6 76F05DCE 4 Bytes [A8, 31, 03, 01] {TEST AL, 0x31; ADD EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenProcess + B 76F05DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenProcessToken + 6 76F05DDE 4 Bytes CALL 75F16114 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenProcessToken + B 76F05DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenProcessTokenEx + 6 76F05DEE 4 Bytes [A8, 32, 03, 01] {TEST AL, 0x32; ADD EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenProcessTokenEx + B 76F05DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenThread + 6 76F05E4E 4 Bytes [68, 31, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenThread + B 76F05E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenThreadToken + 6 76F05E5E 4 Bytes [68, 32, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenThreadToken + B 76F05E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenThreadTokenEx + 6 76F05E6E 4 Bytes CALL 75F161A5 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenThreadTokenEx + B 76F05E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtQueryAttributesFile + 6 76F05F7E 4 Bytes [A8, 30, 03, 01] {TEST AL, 0x30; ADD EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtQueryAttributesFile + B 76F05F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtQueryFullAttributesFile + 6 76F0602E 4 Bytes CALL 75F16363 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtQueryFullAttributesFile + B 76F06033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtSetInformationFile + 6 76F0667E 4 Bytes [28, 31, 03, 01] {SUB [ECX], DH; ADD EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtSetInformationFile + B 76F06683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtSetInformationThread + 6 76F066DE 4 Bytes [28, 32, 03, 01] {SUB [EDX], DH; ADD EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtSetInformationThread + B 76F066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtUnmapViewOfSection + 6 76F069FE 4 Bytes [68, 33, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtUnmapViewOfSection + B 76F06A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!LdrUnloadDll 76F1C8DE 5 Bytes JMP 011003FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!LdrLoadDll 76F222AE 5 Bytes JMP 011001F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7240] KERNEL32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtCreateFile + 6 76F0560E 4 Bytes [28, C8, BF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtCreateFile + B 76F05613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtMapViewOfSection + 6 76F05C6E 4 Bytes [28, CB, BF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtMapViewOfSection + B 76F05C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtOpenFile + 6 76F05D1E 4 Bytes [68, C8, BF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtOpenFile + B 76F05D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtOpenProcess + 6 76F05DCE 4 Bytes [A8, C9, BF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtOpenProcess + B 76F05DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtOpenProcessToken + 6 76F05DDE 4 Bytes CALL 75F11DAC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtOpenProcessToken + B 76F05DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtOpenProcessTokenEx + 6 76F05DEE 4 Bytes [A8, CA, BF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtOpenProcessTokenEx + B 76F05DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtOpenThread + 6 76F05E4E 4 Bytes [68, C9, BF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtOpenThread + B 76F05E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtOpenThreadToken + 6 76F05E5E 4 Bytes [68, CA, BF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtOpenThreadToken + B 76F05E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtOpenThreadTokenEx + 6 76F05E6E 4 Bytes CALL 75F11E3D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtOpenThreadTokenEx + B 76F05E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtQueryAttributesFile + 6 76F05F7E 4 Bytes [A8, C8, BF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtQueryAttributesFile + B 76F05F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtQueryFullAttributesFile + 6 76F0602E 4 Bytes CALL 75F11FFB C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtQueryFullAttributesFile + B 76F06033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtSetInformationFile + 6 76F0667E 4 Bytes [28, C9, BF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtSetInformationFile + B 76F06683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtSetInformationThread + 6 76F066DE 4 Bytes [28, CA, BF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtSetInformationThread + B 76F066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtUnmapViewOfSection + 6 76F069FE 4 Bytes [68, CB, BF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!NtUnmapViewOfSection + B 76F06A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!LdrUnloadDll 76F1C8DE 5 Bytes JMP 00E003FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] ntdll.dll!LdrLoadDll 76F222AE 5 Bytes JMP 00E001F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7328] KERNEL32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtCreateFile + 6 76F0560E 4 Bytes [28, 54, F6, 00] {SUB [ESI+ESI*8+0x0], DL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtCreateFile + B 76F05613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtMapViewOfSection + 6 76F05C6E 4 Bytes [28, 57, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtMapViewOfSection + B 76F05C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtOpenFile + 6 76F05D1E 4 Bytes [68, 54, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtOpenFile + B 76F05D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtOpenProcess + 6 76F05DCE 4 Bytes [A8, 55, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtOpenProcess + B 76F05DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtOpenProcessToken + 6 76F05DDE 4 Bytes CALL 75F15438 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtOpenProcessToken + B 76F05DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtOpenProcessTokenEx + 6 76F05DEE 4 Bytes [A8, 56, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtOpenProcessTokenEx + B 76F05DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtOpenThread + 6 76F05E4E 4 Bytes [68, 55, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtOpenThread + B 76F05E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtOpenThreadToken + 6 76F05E5E 4 Bytes [68, 56, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtOpenThreadToken + B 76F05E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtOpenThreadTokenEx + 6 76F05E6E 4 Bytes CALL 75F154C9 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtOpenThreadTokenEx + B 76F05E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtQueryAttributesFile + 6 76F05F7E 4 Bytes [A8, 54, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtQueryAttributesFile + B 76F05F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtQueryFullAttributesFile + 6 76F0602E 4 Bytes CALL 75F15687 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtQueryFullAttributesFile + B 76F06033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtSetInformationFile + 6 76F0667E 4 Bytes [28, 55, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtSetInformationFile + B 76F06683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtSetInformationThread + 6 76F066DE 4 Bytes [28, 56, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtSetInformationThread + B 76F066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtUnmapViewOfSection + 6 76F069FE 4 Bytes [68, 57, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!NtUnmapViewOfSection + B 76F06A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!LdrUnloadDll 76F1C8DE 5 Bytes JMP 00FC03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] ntdll.dll!LdrLoadDll 76F222AE 5 Bytes JMP 00FC01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7460] KERNEL32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtCreateFile + 6 76F0560E 4 Bytes [28, 9C, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtCreateFile + B 76F05613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtMapViewOfSection + 6 76F05C6E 4 Bytes [28, 9F, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtMapViewOfSection + B 76F05C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtOpenFile + 6 76F05D1E 4 Bytes [68, 9C, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtOpenFile + B 76F05D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtOpenProcess + 6 76F05DCE 4 Bytes [A8, 9D, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtOpenProcess + B 76F05DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtOpenProcessToken + 6 76F05DDE 4 Bytes CALL 75F0A980 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtOpenProcessToken + B 76F05DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtOpenProcessTokenEx + 6 76F05DEE 4 Bytes [A8, 9E, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtOpenProcessTokenEx + B 76F05DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtOpenThread + 6 76F05E4E 4 Bytes [68, 9D, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtOpenThread + B 76F05E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtOpenThreadToken + 6 76F05E5E 4 Bytes [68, 9E, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtOpenThreadToken + B 76F05E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtOpenThreadTokenEx + 6 76F05E6E 4 Bytes CALL 75F0AA11 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtOpenThreadTokenEx + B 76F05E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtQueryAttributesFile + 6 76F05F7E 4 Bytes [A8, 9C, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtQueryAttributesFile + B 76F05F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtQueryFullAttributesFile + 6 76F0602E 4 Bytes CALL 75F0ABCF C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtQueryFullAttributesFile + B 76F06033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtSetInformationFile + 6 76F0667E 4 Bytes [28, 9D, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtSetInformationFile + B 76F06683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtSetInformationThread + 6 76F066DE 4 Bytes [28, 9E, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtSetInformationThread + B 76F066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtUnmapViewOfSection + 6 76F069FE 4 Bytes [68, 9F, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!NtUnmapViewOfSection + B 76F06A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!LdrUnloadDll 76F1C8DE 5 Bytes JMP 005C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] ntdll.dll!LdrLoadDll 76F222AE 5 Bytes JMP 005C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7640] KERNEL32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtCreateFile + 6 76F0560E 4 Bytes [28, F8, 23, 00] {SUB AL, BH; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtCreateFile + B 76F05613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtMapViewOfSection + 6 76F05C6E 4 Bytes [28, FB, 23, 00] {SUB BL, BH; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtMapViewOfSection + B 76F05C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtOpenFile + 6 76F05D1E 4 Bytes [68, F8, 23, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtOpenFile + B 76F05D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtOpenProcess + 6 76F05DCE 4 Bytes [A8, F9, 23, 00] {TEST AL, 0xf9; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtOpenProcess + B 76F05DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtOpenProcessToken + 6 76F05DDE 4 Bytes CALL 75F081DC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtOpenProcessToken + B 76F05DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtOpenProcessTokenEx + 6 76F05DEE 4 Bytes [A8, FA, 23, 00] {TEST AL, 0xfa; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtOpenProcessTokenEx + B 76F05DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtOpenThread + 6 76F05E4E 4 Bytes [68, F9, 23, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtOpenThread + B 76F05E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtOpenThreadToken + 6 76F05E5E 4 Bytes [68, FA, 23, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtOpenThreadToken + B 76F05E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtOpenThreadTokenEx + 6 76F05E6E 4 Bytes CALL 75F0826D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtOpenThreadTokenEx + B 76F05E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtQueryAttributesFile + 6 76F05F7E 4 Bytes [A8, F8, 23, 00] {TEST AL, 0xf8; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtQueryAttributesFile + B 76F05F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtQueryFullAttributesFile + 6 76F0602E 4 Bytes CALL 75F0842B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtQueryFullAttributesFile + B 76F06033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtSetInformationFile + 6 76F0667E 4 Bytes [28, F9, 23, 00] {SUB CL, BH; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtSetInformationFile + B 76F06683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtSetInformationThread + 6 76F066DE 4 Bytes [28, FA, 23, 00] {SUB DL, BH; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtSetInformationThread + B 76F066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtUnmapViewOfSection + 6 76F069FE 4 Bytes [68, FB, 23, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!NtUnmapViewOfSection + B 76F06A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!LdrUnloadDll 76F1C8DE 5 Bytes JMP 002803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] ntdll.dll!LdrLoadDll 76F222AE 5 Bytes JMP 002801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7912] KERNEL32.dll!GetBinaryTypeW + 70 76AC6AAC 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B124CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73AF562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73AF56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B12546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73B085AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73B04D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73B05105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73B051DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73B06707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73B08301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73B08850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73B090B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73B0E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73B04C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 85CEF1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{F14F96D2-28F9-40EF-8CED-11D26A8484FE} 870381F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{CAC7646D-CF87-422A-A69D-24F55A945A71} 870381F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys Device \Driver\usbohci \Device\USBPDO-0 871891F8 Device \Driver\usbehci \Device\USBPDO-1 8719A1F8 Device \Driver\usbohci \Device\USBPDO-2 871891F8 Device \Driver\usbehci \Device\USBPDO-3 8719A1F8 AttachedDevice \Driver\tdx \Device\Tcp aswTdi.sys Device \Driver\BTHUSB \Device\00000080 bthport.sys Device \Driver\NetBT \Device\NetBt_Wins_Export 870381F8 Device \Driver\amd_sata \Device\RaidPort0 85CEB1F8 AttachedDevice \Driver\tdx \Device\Udp aswTdi.sys Device \Driver\usbohci \Device\USBFDO-0 871891F8 Device \Driver\usbehci \Device\USBFDO-1 8719A1F8 Device \Driver\amd_sata \Device\0000006e 85CEB1F8 Device \Driver\usbohci \Device\USBFDO-2 871891F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{8884EDF8-4F63-487A-A899-BAA9B49F2BEC} 870381F8 Device \Driver\usbehci \Device\USBFDO-3 8719A1F8 Device \Driver\BTHUSB \Device\0000007e bthport.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{A1D234DE-904F-4137-A053-D317A21E505C} 870381F8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85cec1f8]<< 85cec1f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c44460] 86c44460 Trace 3 CLASSPNP.SYS[8d04859e] -> nt!IofCallDriver -> [0x86a55b00] 86a55b00 Trace \Driver\amd_xata[0x86a419c0] -> IRP_MJ_CREATE -> 0x85cec1f8 85cec1f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9cf24a8 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9cf24a8@5cb524a6bcac 0xD6 0xDE 0x44 0x75 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x06 0x3F 0x7E 0x99 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9cf24a8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9cf24a8@5cb524a6bcac 0xD6 0xDE 0x44 0x75 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x06 0x3F 0x7E 0x99 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Vbox\Licenses\CorelDRAW\xae Graphics Suite_11_D639.lic 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Vbox\Licenses\CorelDRAW\xae Graphics Suite_11_D639.prf 2 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{CAAD805E-8387-11E2-A991-806E6F6E6963} 6446140800 ---- Files - GMER 2.1 ---- File C:\Windows\Temp\_avast_\unp150833219.tmp 0 bytes ---- EOF - GMER 2.1 ----