GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-08 11:54:58 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 ST340014A rev.3.54 37,27GB Running: f81b1rj2.exe; Driver: C:\Users\Kacper\AppData\Local\Temp\ugloqpoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0x9050B260] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0x9050B320] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0x9050B2E0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0x9050B2A0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRequestWaitReplyPort + 14A5 82A5AA15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A94372 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 1203 82A9B6F8 4 Bytes [60, B2, 50, 90] {PUSHA ; MOV DL, 0x50; NOP } .text ntkrnlpa.exe!KeRemoveQueueEx + 1313 82A9B808 4 Bytes [20, B3, 50, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 161F 82A9BB14 4 Bytes [E0, B2, 50, 90] {LOOPNZ 0xffffffb4; PUSH EAX; NOP } .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82A9BB5C 4 Bytes [A0, B2, 50, 90] .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8B6D5FEE] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtCreateFile + 6 7760560E 4 Bytes [28, CC, D2, 00] {SUB AH, CL; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtCreateFile + B 77605613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtMapViewOfSection + 6 77605C6E 4 Bytes [28, CF, D2, 00] {SUB BH, CL; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtMapViewOfSection + B 77605C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtOpenFile + 6 77605D1E 4 Bytes [68, CC, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtOpenFile + B 77605D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtOpenProcess + 6 77605DCE 4 Bytes [A8, CD, D2, 00] {TEST AL, 0xcd; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtOpenProcess + B 77605DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtOpenProcessToken + 6 77605DDE 4 Bytes CALL 766130B0 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtOpenProcessToken + B 77605DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtOpenProcessTokenEx + 6 77605DEE 4 Bytes [A8, CE, D2, 00] {TEST AL, 0xce; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtOpenProcessTokenEx + B 77605DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtOpenThread + 6 77605E4E 4 Bytes [68, CD, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtOpenThread + B 77605E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtOpenThreadToken + 6 77605E5E 4 Bytes [68, CE, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtOpenThreadToken + B 77605E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtOpenThreadTokenEx + 6 77605E6E 4 Bytes CALL 76613141 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtOpenThreadTokenEx + B 77605E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtQueryAttributesFile + 6 77605F7E 4 Bytes [A8, CC, D2, 00] {TEST AL, 0xcc; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtQueryAttributesFile + B 77605F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtQueryFullAttributesFile + 6 7760602E 4 Bytes CALL 766132FF C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtQueryFullAttributesFile + B 77606033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtSetInformationFile + 6 7760667E 4 Bytes [28, CD, D2, 00] {SUB CH, CL; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtSetInformationFile + B 77606683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtSetInformationThread + 6 776066DE 4 Bytes [28, CE, D2, 00] {SUB DH, CL; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtSetInformationThread + B 776066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtUnmapViewOfSection + 6 776069FE 4 Bytes [68, CF, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1160] ntdll.dll!NtUnmapViewOfSection + B 77606A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtCreateFile + 6 7760560E 4 Bytes [28, 8C, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtCreateFile + B 77605613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtMapViewOfSection + 6 77605C6E 4 Bytes [28, 8F, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtMapViewOfSection + B 77605C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenFile + 6 77605D1E 4 Bytes [68, 8C, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenFile + B 77605D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenProcess + 6 77605DCE 4 Bytes [A8, 8D, 1B, 00] {TEST AL, 0x8d; SBB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenProcess + B 77605DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenProcessToken + 6 77605DDE 4 Bytes CALL 76607970 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenProcessToken + B 77605DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenProcessTokenEx + 6 77605DEE 4 Bytes [A8, 8E, 1B, 00] {TEST AL, 0x8e; SBB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenProcessTokenEx + B 77605DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenThread + 6 77605E4E 4 Bytes [68, 8D, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenThread + B 77605E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenThreadToken + 6 77605E5E 4 Bytes [68, 8E, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenThreadToken + B 77605E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenThreadTokenEx + 6 77605E6E 4 Bytes CALL 76607A01 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenThreadTokenEx + B 77605E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtQueryAttributesFile + 6 77605F7E 4 Bytes [A8, 8C, 1B, 00] {TEST AL, 0x8c; SBB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtQueryAttributesFile + B 77605F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtQueryFullAttributesFile + 6 7760602E 4 Bytes CALL 76607BBF C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtQueryFullAttributesFile + B 77606033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtSetInformationFile + 6 7760667E 4 Bytes [28, 8D, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtSetInformationFile + B 77606683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtSetInformationThread + 6 776066DE 4 Bytes [28, 8E, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtSetInformationThread + B 776066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtUnmapViewOfSection + 6 776069FE 4 Bytes [68, 8F, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtUnmapViewOfSection + B 77606A03 1 Byte [E2] .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1764] kernel32.dll!SetUnhandledExceptionFilter 75F2F5AB 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtCreateFile + 6 7760560E 4 Bytes [28, 20, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtCreateFile + B 77605613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtMapViewOfSection + 6 77605C6E 4 Bytes [28, 23, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtMapViewOfSection + B 77605C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtOpenFile + 6 77605D1E 4 Bytes [68, 20, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtOpenFile + B 77605D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtOpenProcess + 6 77605DCE 4 Bytes [A8, 21, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtOpenProcess + B 77605DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtOpenProcessToken + 6 77605DDE 4 Bytes CALL 7660FF04 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtOpenProcessToken + B 77605DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtOpenProcessTokenEx + 6 77605DEE 4 Bytes [A8, 22, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtOpenProcessTokenEx + B 77605DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtOpenThread + 6 77605E4E 4 Bytes [68, 21, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtOpenThread + B 77605E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtOpenThreadToken + 6 77605E5E 4 Bytes [68, 22, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtOpenThreadToken + B 77605E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtOpenThreadTokenEx + 6 77605E6E 4 Bytes CALL 7660FF95 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtOpenThreadTokenEx + B 77605E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtQueryAttributesFile + 6 77605F7E 4 Bytes [A8, 20, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtQueryAttributesFile + B 77605F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtQueryFullAttributesFile + 6 7760602E 4 Bytes CALL 76610153 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtQueryFullAttributesFile + B 77606033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtSetInformationFile + 6 7760667E 4 Bytes [28, 21, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtSetInformationFile + B 77606683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtSetInformationThread + 6 776066DE 4 Bytes [28, 22, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtSetInformationThread + B 776066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtUnmapViewOfSection + 6 776069FE 4 Bytes [68, 23, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtUnmapViewOfSection + B 77606A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtCreateFile + 6 7760560E 4 Bytes [28, C8, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtCreateFile + B 77605613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtMapViewOfSection + 6 77605C6E 4 Bytes [28, CB, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtMapViewOfSection + B 77605C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenFile + 6 77605D1E 4 Bytes [68, C8, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenFile + B 77605D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenProcess + 6 77605DCE 4 Bytes [A8, C9, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenProcess + B 77605DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenProcessToken + 6 77605DDE 4 Bytes CALL 76608BAC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenProcessToken + B 77605DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenProcessTokenEx + 6 77605DEE 4 Bytes [A8, CA, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenProcessTokenEx + B 77605DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenThread + 6 77605E4E 4 Bytes [68, C9, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenThread + B 77605E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenThreadToken + 6 77605E5E 4 Bytes [68, CA, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenThreadToken + B 77605E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenThreadTokenEx + 6 77605E6E 4 Bytes CALL 76608C3D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenThreadTokenEx + B 77605E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtQueryAttributesFile + 6 77605F7E 4 Bytes [A8, C8, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtQueryAttributesFile + B 77605F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtQueryFullAttributesFile + 6 7760602E 4 Bytes CALL 76608DFB C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtQueryFullAttributesFile + B 77606033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtSetInformationFile + 6 7760667E 4 Bytes [28, C9, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtSetInformationFile + B 77606683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtSetInformationThread + 6 776066DE 4 Bytes [28, CA, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtSetInformationThread + B 776066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtUnmapViewOfSection + 6 776069FE 4 Bytes [68, CB, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtUnmapViewOfSection + B 77606A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtMapViewOfSection + 6 77605C6E 4 Bytes [18, 20, 83, 5B] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtMapViewOfSection + B 77605C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtCreateFile + 6 7760560E 4 Bytes [28, 0C, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtCreateFile + B 77605613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtMapViewOfSection + 6 77605C6E 4 Bytes [28, 0F, 84, 00] {SUB [EDI], CL; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtMapViewOfSection + B 77605C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenFile + 6 77605D1E 4 Bytes [68, 0C, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenFile + B 77605D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenProcess + 6 77605DCE 4 Bytes [A8, 0D, 84, 00] {TEST AL, 0xd; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenProcess + B 77605DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenProcessToken + 6 77605DDE 4 Bytes CALL 7660E1F0 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenProcessToken + B 77605DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenProcessTokenEx + 6 77605DEE 4 Bytes [A8, 0E, 84, 00] {TEST AL, 0xe; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenProcessTokenEx + B 77605DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenThread + 6 77605E4E 4 Bytes [68, 0D, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenThread + B 77605E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenThreadToken + 6 77605E5E 4 Bytes [68, 0E, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenThreadToken + B 77605E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenThreadTokenEx + 6 77605E6E 4 Bytes CALL 7660E281 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenThreadTokenEx + B 77605E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtQueryAttributesFile + 6 77605F7E 4 Bytes [A8, 0C, 84, 00] {TEST AL, 0xc; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtQueryAttributesFile + B 77605F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtQueryFullAttributesFile + 6 7760602E 4 Bytes CALL 7660E43F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtQueryFullAttributesFile + B 77606033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtSetInformationFile + 6 7760667E 4 Bytes [28, 0D, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtSetInformationFile + B 77606683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtSetInformationThread + 6 776066DE 4 Bytes [28, 0E, 84, 00] {SUB [ESI], CL; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtSetInformationThread + B 776066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtUnmapViewOfSection + 6 776069FE 4 Bytes [68, 0F, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtUnmapViewOfSection + B 77606A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtCreateFile + 6 7760560E 4 Bytes [28, 18, 04, 01] {SUB [EAX], BL; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtCreateFile + B 77605613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtMapViewOfSection + 6 77605C6E 4 Bytes [28, 1B, 04, 01] {SUB [EBX], BL; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtMapViewOfSection + B 77605C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenFile + 6 77605D1E 4 Bytes [68, 18, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenFile + B 77605D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenProcess + 6 77605DCE 4 Bytes [A8, 19, 04, 01] {TEST AL, 0x19; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenProcess + B 77605DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenProcessToken + 6 77605DDE 4 Bytes CALL 766161FC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenProcessToken + B 77605DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenProcessTokenEx + 6 77605DEE 4 Bytes [A8, 1A, 04, 01] {TEST AL, 0x1a; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenProcessTokenEx + B 77605DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenThread + 6 77605E4E 4 Bytes [68, 19, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenThread + B 77605E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenThreadToken + 6 77605E5E 4 Bytes [68, 1A, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenThreadToken + B 77605E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenThreadTokenEx + 6 77605E6E 4 Bytes CALL 7661628D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenThreadTokenEx + B 77605E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtQueryAttributesFile + 6 77605F7E 4 Bytes [A8, 18, 04, 01] {TEST AL, 0x18; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtQueryAttributesFile + B 77605F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtQueryFullAttributesFile + 6 7760602E 4 Bytes CALL 7661644B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtQueryFullAttributesFile + B 77606033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtSetInformationFile + 6 7760667E 4 Bytes [28, 19, 04, 01] {SUB [ECX], BL; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtSetInformationFile + B 77606683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtSetInformationThread + 6 776066DE 4 Bytes [28, 1A, 04, 01] {SUB [EDX], BL; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtSetInformationThread + B 776066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtUnmapViewOfSection + 6 776069FE 4 Bytes [68, 1B, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtUnmapViewOfSection + B 77606A03 1 Byte [E2] .text C:\Program Files\Microsoft Office\Office15\MsoSync.exe[4076] USER32.dll!RegisterClipboardFormatA 7745C091 5 Bytes JMP 616FE26C C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll .text C:\Program Files\Microsoft Office\Office15\MsoSync.exe[4076] USER32.dll!RegisterClipboardFormatW 7745DF8D 5 Bytes JMP 616F99FF C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll .text C:\Program Files\Microsoft Office\Office15\MsoSync.exe[4076] USER32.dll!BeginPaint 77465D14 5 Bytes JMP 6170C8B4 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll .text C:\Program Files\Microsoft Office\Office15\MsoSync.exe[4076] USER32.dll!ValidateRect 7747F089 5 Bytes JMP 61881F12 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll .text C:\Program Files\Microsoft Office\Office15\MsoSync.exe[4076] ole32.dll!OleLoadFromStream 75FC6143 5 Bytes JMP 61E7DEBE C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll .text C:\Program Files\Microsoft Office\Office15\MsoSync.exe[4076] SHELL32.dll!SHParseDisplayName 76427EDB 5 Bytes JMP 617D54DC C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8512D1F8 Device \FileSystem\fastfat \FatCdrom 85482440 Device \Driver\usbohci \Device\USBPDO-0 863BB440 Device \Driver\usbohci \Device\USBPDO-1 863BB440 Device \Driver\usbehci \Device\USBPDO-2 86476440 Device \Driver\usbohci \Device\USBPDO-3 863BB440 Device \Driver\usbohci \Device\USBPDO-4 863BB440 Device \Driver\usbehci \Device\USBPDO-5 86476440 Device \Driver\usbohci \Device\USBPDO-6 863BB440 Device \Driver\cdrom \Device\CdRom0 860851F8 Device \Driver\atapi \Device\Ide\IdePort0 8512B1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-4 8512B1F8 Device \Driver\atapi \Device\Ide\IdePort1 8512B1F8 Device \Driver\atapi \Device\Ide\IdePort2 8512B1F8 Device \Driver\atapi \Device\Ide\IdePort3 8512B1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 8512B1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-6 8512B1F8 Device \FileSystem\fastfat \Fat 85482440 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8512b1f8]<< 8512b1f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85eeeac8] 85eeeac8 Trace 3 CLASSPNP.SYS[8b80459e] -> nt!IofCallDriver -> [0x85a64918] 85a64918 Trace 5 ACPI.sys[8b7033d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x85ef5340] 85ef5340 Trace \Driver\atapi[0x850fa6f0] -> IRP_MJ_CREATE -> 0x8512b1f8 8512b1f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@D5D0379A 135 ---- Files - GMER 2.1 ---- File C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0020ae 4206592 bytes File C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0020af 241664 bytes ---- EOF - GMER 2.1 ----