GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-16 20:09:59 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0001 232,89GB Running: xe9brcp1.exe; Driver: C:\Users\Paulina\AppData\Local\Temp\pxloyfow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8CC37AC4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x8CCF3012] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8CC385A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x8CC4463C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8CC44688] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8CC44822] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x8CC445AA] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x8CCF33EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8CC445F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x8CCF367C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x8CCF3766] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x8CC447DC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8CC39390] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8CC37B2A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8CC3CB86] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x8CC37716] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8CCF34CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8CC37B90] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8CC3CF7C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8CC39E78] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x8CC44666] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8CC446AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8CC44846] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x8CC445D0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x8CC3C47E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x8CC4475A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8CC4461A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x8CC3C86A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x8CC44800] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8CCF326A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x8CC39CEC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8CC399FA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8CC37BF6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8CC37C5C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x8CCF35C8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8CC377B0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8CC37982] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8CC37910] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8CC3955A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x8CC396BC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8CC37A0A] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x8CCF3338] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x8CC391EA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x8CC37CC2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x8CCF319C] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 81A5CA15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81A96212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 81A9D460 4 Bytes [C4, 7A, C3, 8C] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 81A9D488 4 Bytes [12, 30, CF, 8C] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 81A9D4E8 4 Bytes [A2, 85, C3, 8C] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 81A9D53C 8 Bytes [3C, 46, C4, 8C, 88, 46, C4, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 81A9D548 4 Bytes [22, 48, C4, 8C] .text ... ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtCreateFile + 6 77C6560E 4 Bytes [28, EC, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtCreateFile + B 77C65613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtMapViewOfSection + 6 77C65C6E 4 Bytes [28, EF, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtMapViewOfSection + B 77C65C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenFile + 6 77C65D1E 4 Bytes [68, EC, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenFile + B 77C65D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenProcess + 6 77C65DCE 4 Bytes [A8, ED, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenProcess + B 77C65DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenProcessToken + B 77C65DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenProcessTokenEx + 6 77C65DEE 4 Bytes [A8, EE, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenProcessTokenEx + B 77C65DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenThread + 6 77C65E4E 4 Bytes [68, ED, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenThread + B 77C65E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenThreadToken + 6 77C65E5E 4 Bytes [68, EE, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenThreadToken + B 77C65E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenThreadTokenEx + B 77C65E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtQueryAttributesFile + 6 77C65F7E 4 Bytes [A8, EC, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtQueryAttributesFile + B 77C65F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtQueryFullAttributesFile + B 77C66033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtSetInformationFile + 6 77C6667E 4 Bytes [28, ED, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtSetInformationFile + B 77C66683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtSetInformationThread + 6 77C666DE 4 Bytes [28, EE, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtSetInformationThread + B 77C666E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtUnmapViewOfSection + 6 77C669FE 4 Bytes [68, EF, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtUnmapViewOfSection + B 77C66A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!LdrUnloadDll 77C7C8DE 5 Bytes JMP 00AE03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!LdrLoadDll 77C822AE 5 Bytes JMP 00AE01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtCreateFile + 6 77C6560E 4 Bytes [28, E4, 22, 00] {SUB AH, AH; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtCreateFile + B 77C65613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtMapViewOfSection + 6 77C65C6E 4 Bytes [28, E7, 22, 00] {SUB BH, AH; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtMapViewOfSection + B 77C65C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtOpenFile + 6 77C65D1E 4 Bytes [68, E4, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtOpenFile + B 77C65D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtOpenProcess + 6 77C65DCE 4 Bytes [A8, E5, 22, 00] {TEST AL, 0xe5; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtOpenProcess + B 77C65DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtOpenProcessToken + B 77C65DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtOpenProcessTokenEx + 6 77C65DEE 4 Bytes [A8, E6, 22, 00] {TEST AL, 0xe6; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtOpenProcessTokenEx + B 77C65DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtOpenThread + 6 77C65E4E 4 Bytes [68, E5, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtOpenThread + B 77C65E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtOpenThreadToken + 6 77C65E5E 4 Bytes [68, E6, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtOpenThreadToken + B 77C65E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtOpenThreadTokenEx + B 77C65E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtQueryAttributesFile + 6 77C65F7E 4 Bytes [A8, E4, 22, 00] {TEST AL, 0xe4; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtQueryAttributesFile + B 77C65F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtQueryFullAttributesFile + B 77C66033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtSetInformationFile + 6 77C6667E 4 Bytes [28, E5, 22, 00] {SUB CH, AH; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtSetInformationFile + B 77C66683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtSetInformationThread + 6 77C666DE 4 Bytes [28, E6, 22, 00] {SUB DH, AH; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtSetInformationThread + B 77C666E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtUnmapViewOfSection + 6 77C669FE 4 Bytes [68, E7, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!NtUnmapViewOfSection + B 77C66A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!LdrUnloadDll 77C7C8DE 5 Bytes JMP 002F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[896] ntdll.dll!LdrLoadDll 77C822AE 5 Bytes JMP 002F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtCreateFile + 6 77C6560E 2 Bytes [28, 7C] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtCreateFile + 9 77C65611 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtCreateFile + 9 77C65611 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtMapViewOfSection + 6 77C65C6E 2 Bytes [28, 7F] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtMapViewOfSection + 9 77C65C71 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtMapViewOfSection + 9 77C65C71 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenFile + 6 77C65D1E 2 Bytes [68, 7C] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenFile + 9 77C65D21 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenFile + 9 77C65D21 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcess + 6 77C65DCE 2 Bytes [A8, 7D] {TEST AL, 0x7d} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcess + 9 77C65DD1 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcess + 9 77C65DD1 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcessToken + 9 77C65DE1 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcessToken + 9 77C65DE1 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcessTokenEx + 6 77C65DEE 2 Bytes [A8, 7E] {TEST AL, 0x7e} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcessTokenEx + 9 77C65DF1 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcessTokenEx + 9 77C65DF1 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThread + 6 77C65E4E 2 Bytes [68, 7D] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThread + 9 77C65E51 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThread + 9 77C65E51 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThreadToken + 6 77C65E5E 2 Bytes [68, 7E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThreadToken + 9 77C65E61 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThreadToken + 9 77C65E61 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThreadTokenEx + 9 77C65E71 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThreadTokenEx + 9 77C65E71 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtQueryAttributesFile + 6 77C65F7E 2 Bytes [A8, 7C] {TEST AL, 0x7c} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtQueryAttributesFile + 9 77C65F81 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtQueryAttributesFile + 9 77C65F81 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtQueryFullAttributesFile + 9 77C66031 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtQueryFullAttributesFile + 9 77C66031 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtSetInformationFile + 6 77C6667E 2 Bytes [28, 7D] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtSetInformationFile + 9 77C66681 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtSetInformationFile + 9 77C66681 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtSetInformationThread + 6 77C666DE 2 Bytes [28, 7E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtSetInformationThread + 9 77C666E1 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtSetInformationThread + 9 77C666E1 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtUnmapViewOfSection + 6 77C669FE 2 Bytes [68, 7F] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtUnmapViewOfSection + 9 77C66A01 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtUnmapViewOfSection + 9 77C66A01 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!LdrUnloadDll 77C7C8DE 5 Bytes JMP 010403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!LdrLoadDll 77C822AE 5 Bytes JMP 010401F8 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1464] kernel32.dll!SetUnhandledExceptionFilter 76D3F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\avastui.exe[2360] kernel32.dll!SetUnhandledExceptionFilter 76D3F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtCreateFile + 6 77C6560E 4 Bytes [28, 28, 2C, 00] {SUB [EAX], CH; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtCreateFile + B 77C65613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtMapViewOfSection + 6 77C65C6E 4 Bytes [28, 2B, 2C, 00] {SUB [EBX], CH; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtMapViewOfSection + B 77C65C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenFile + 6 77C65D1E 4 Bytes [68, 28, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenFile + B 77C65D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcess + 6 77C65DCE 4 Bytes [A8, 29, 2C, 00] {TEST AL, 0x29; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcess + B 77C65DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessToken + B 77C65DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessTokenEx + 6 77C65DEE 4 Bytes [A8, 2A, 2C, 00] {TEST AL, 0x2a; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessTokenEx + B 77C65DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThread + 6 77C65E4E 4 Bytes [68, 29, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThread + B 77C65E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadToken + 6 77C65E5E 4 Bytes [68, 2A, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadToken + B 77C65E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadTokenEx + B 77C65E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryAttributesFile + 6 77C65F7E 4 Bytes [A8, 28, 2C, 00] {TEST AL, 0x28; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryAttributesFile + B 77C65F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryFullAttributesFile + B 77C66033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationFile + 6 77C6667E 4 Bytes [28, 29, 2C, 00] {SUB [ECX], CH; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationFile + B 77C66683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationThread + 6 77C666DE 4 Bytes [28, 2A, 2C, 00] {SUB [EDX], CH; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationThread + B 77C666E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtUnmapViewOfSection + 6 77C669FE 4 Bytes [68, 2B, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtUnmapViewOfSection + B 77C66A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!LdrUnloadDll 77C7C8DE 5 Bytes JMP 003903FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!LdrLoadDll 77C822AE 5 Bytes JMP 003901F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtMapViewOfSection + 6 77C65C6E 4 Bytes [18, 20, 75, 61] {SBB [EAX], AH; JNZ 0x65} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtMapViewOfSection + B 77C65C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!LdrUnloadDll 77C7C8DE 5 Bytes JMP 000E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!LdrLoadDll 77C822AE 5 Bytes JMP 000E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtCreateFile + 6 77C6560E 4 Bytes [28, 20, 71, 00] {SUB [EAX], AH; JNO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtCreateFile + B 77C65613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtMapViewOfSection + 6 77C65C6E 4 Bytes [28, 23, 71, 00] {SUB [EBX], AH; JNO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtMapViewOfSection + B 77C65C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenFile + 6 77C65D1E 4 Bytes [68, 20, 71, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenFile + B 77C65D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcess + 6 77C65DCE 4 Bytes [A8, 21, 71, 00] {TEST AL, 0x21; JNO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcess + B 77C65DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcessToken + B 77C65DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcessTokenEx + 6 77C65DEE 4 Bytes [A8, 22, 71, 00] {TEST AL, 0x22; JNO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcessTokenEx + B 77C65DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThread + 6 77C65E4E 4 Bytes [68, 21, 71, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThread + B 77C65E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThreadToken + 6 77C65E5E 4 Bytes [68, 22, 71, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThreadToken + B 77C65E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThreadTokenEx + B 77C65E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtQueryAttributesFile + 6 77C65F7E 4 Bytes [A8, 20, 71, 00] {TEST AL, 0x20; JNO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtQueryAttributesFile + B 77C65F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtQueryFullAttributesFile + B 77C66033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtSetInformationFile + 6 77C6667E 4 Bytes [28, 21, 71, 00] {SUB [ECX], AH; JNO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtSetInformationFile + B 77C66683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtSetInformationThread + 6 77C666DE 4 Bytes [28, 22, 71, 00] {SUB [EDX], AH; JNO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtSetInformationThread + B 77C666E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtUnmapViewOfSection + 6 77C669FE 4 Bytes [68, 23, 71, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtUnmapViewOfSection + B 77C66A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!LdrUnloadDll 77C7C8DE 5 Bytes JMP 008E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!LdrLoadDll 77C822AE 5 Bytes JMP 008E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtCreateFile + 6 77C6560E 4 Bytes [28, C4, 57, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtCreateFile + B 77C65613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtMapViewOfSection + 6 77C65C6E 4 Bytes [28, C7, 57, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtMapViewOfSection + B 77C65C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenFile + 6 77C65D1E 4 Bytes [68, C4, 57, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenFile + B 77C65D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcess + 6 77C65DCE 4 Bytes [A8, C5, 57, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcess + B 77C65DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcessToken + B 77C65DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcessTokenEx + 6 77C65DEE 4 Bytes [A8, C6, 57, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcessTokenEx + B 77C65DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThread + 6 77C65E4E 4 Bytes [68, C5, 57, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThread + B 77C65E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThreadToken + 6 77C65E5E 4 Bytes [68, C6, 57, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThreadToken + B 77C65E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThreadTokenEx + B 77C65E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtQueryAttributesFile + 6 77C65F7E 4 Bytes [A8, C4, 57, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtQueryAttributesFile + B 77C65F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtQueryFullAttributesFile + B 77C66033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtSetInformationFile + 6 77C6667E 4 Bytes [28, C5, 57, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtSetInformationFile + B 77C66683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtSetInformationThread + 6 77C666DE 4 Bytes [28, C6, 57, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtSetInformationThread + B 77C666E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtUnmapViewOfSection + 6 77C669FE 4 Bytes [68, C7, 57, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtUnmapViewOfSection + B 77C66A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!LdrUnloadDll 77C7C8DE 5 Bytes JMP 007803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!LdrLoadDll 77C822AE 5 Bytes JMP 007801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtCreateFile + 6 77C6560E 4 Bytes [28, 34, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtCreateFile + B 77C65613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtMapViewOfSection + 6 77C65C6E 4 Bytes [28, 37, 38, 00] {SUB [EDI], DH; CMP [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtMapViewOfSection + B 77C65C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenFile + 6 77C65D1E 4 Bytes [68, 34, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenFile + B 77C65D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcess + 6 77C65DCE 4 Bytes [A8, 35, 38, 00] {TEST AL, 0x35; CMP [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcess + B 77C65DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessToken + B 77C65DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessTokenEx + 6 77C65DEE 4 Bytes [A8, 36, 38, 00] {TEST AL, 0x36; CMP [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessTokenEx + B 77C65DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThread + 6 77C65E4E 4 Bytes [68, 35, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThread + B 77C65E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadToken + 6 77C65E5E 4 Bytes [68, 36, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadToken + B 77C65E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadTokenEx + B 77C65E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryAttributesFile + 6 77C65F7E 4 Bytes [A8, 34, 38, 00] {TEST AL, 0x34; CMP [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryAttributesFile + B 77C65F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryFullAttributesFile + B 77C66033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationFile + 6 77C6667E 4 Bytes [28, 35, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationFile + B 77C66683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationThread + 6 77C666DE 4 Bytes [28, 36, 38, 00] {SUB [ESI], DH; CMP [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationThread + B 77C666E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtUnmapViewOfSection + 6 77C669FE 4 Bytes [68, 37, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtUnmapViewOfSection + B 77C66A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!LdrUnloadDll 77C7C8DE 5 Bytes JMP 003E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!LdrLoadDll 77C822AE 5 Bytes JMP 003E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtCreateFile + 6 77C6560E 4 Bytes [28, 38, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtCreateFile + B 77C65613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtMapViewOfSection + 6 77C65C6E 4 Bytes [28, 3B, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtMapViewOfSection + B 77C65C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenFile + 6 77C65D1E 4 Bytes [68, 38, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenFile + B 77C65D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenProcess + 6 77C65DCE 4 Bytes [A8, 39, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenProcess + B 77C65DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenProcessToken + B 77C65DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenProcessTokenEx + 6 77C65DEE 4 Bytes [A8, 3A, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenProcessTokenEx + B 77C65DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenThread + 6 77C65E4E 4 Bytes [68, 39, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenThread + B 77C65E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenThreadToken + 6 77C65E5E 4 Bytes [68, 3A, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenThreadToken + B 77C65E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtOpenThreadTokenEx + B 77C65E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtQueryAttributesFile + 6 77C65F7E 4 Bytes [A8, 38, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtQueryAttributesFile + B 77C65F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtQueryFullAttributesFile + B 77C66033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtSetInformationFile + 6 77C6667E 4 Bytes [28, 39, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtSetInformationFile + B 77C66683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtSetInformationThread + 6 77C666DE 4 Bytes [28, 3A, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtSetInformationThread + B 77C666E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtUnmapViewOfSection + 6 77C669FE 4 Bytes [68, 3B, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!NtUnmapViewOfSection + B 77C66A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!LdrUnloadDll 77C7C8DE 5 Bytes JMP 004C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!LdrLoadDll 77C822AE 5 Bytes JMP 004C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtCreateFile + 6 77C6560E 4 Bytes [28, 6C, AD, 00] {SUB [EBP+EBP*4+0x0], CH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtCreateFile + B 77C65613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtMapViewOfSection + 6 77C65C6E 4 Bytes [28, 6F, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtMapViewOfSection + B 77C65C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenFile + 6 77C65D1E 4 Bytes [68, 6C, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenFile + B 77C65D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenProcess + 6 77C65DCE 4 Bytes [A8, 6D, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenProcess + B 77C65DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenProcessToken + B 77C65DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenProcessTokenEx + 6 77C65DEE 4 Bytes [A8, 6E, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenProcessTokenEx + B 77C65DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenThread + 6 77C65E4E 4 Bytes [68, 6D, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenThread + B 77C65E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenThreadToken + 6 77C65E5E 4 Bytes [68, 6E, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenThreadToken + B 77C65E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenThreadTokenEx + B 77C65E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtQueryAttributesFile + 6 77C65F7E 4 Bytes [A8, 6C, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtQueryAttributesFile + B 77C65F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtQueryFullAttributesFile + B 77C66033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtSetInformationFile + 6 77C6667E 4 Bytes [28, 6D, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtSetInformationFile + B 77C66683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtSetInformationThread + 6 77C666DE 4 Bytes [28, 6E, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtSetInformationThread + B 77C666E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtUnmapViewOfSection + 6 77C669FE 4 Bytes [68, 6F, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtUnmapViewOfSection + B 77C66A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!LdrUnloadDll 77C7C8DE 5 Bytes JMP 00BA03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!LdrLoadDll 77C822AE 5 Bytes JMP 00BA01F8 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Usage@WORDFiles 1164968046 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Usage@ProductFiles 1164967995 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Usage@EXCELFiles 1164968052 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10051400000000000F01FEC\Usage@SpellingAndGrammarFilesExp1_1045 1164967975 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10070400000000000F01FEC\Usage@SpellingAndGrammarFiles_1031 1164967982 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10090400000000000F01FEC\Usage@SpellingAndGrammarFiles_1033 1164967985 ---- EOF - GMER 2.1 ----