GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-03 11:06:31 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD3200AAKS-00VYA0 rev.12.01B02 298,09GB Running: ur2zp7uq.exe; Driver: C:\DOCUME~1\M\USTAWI~1\Temp\ugdcypow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xB46F2AC4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xB494A0BA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xB46F35A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xB47395A0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xB46FF63C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xB46FF688] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xB46FF822] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xB4738F54] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xB46FF5AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xB46FF6CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xB46FF5F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xB46F3AD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xB46FF7DC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xB46F4390] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xB46F2B2A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xB4739C66] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xB4739F1C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xB46F7B86] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xB4739AD1] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xB473993C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xB46F2716] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xB494A574] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xB46F2B90] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xB46F7F7C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xB46F4E78] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xB46FF666] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xB46FF6AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xB46FF846] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xB47392B0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xB46FF5D0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xB46F747E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xB46FF75A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xB46FF61A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xB46F786A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xB46FF800] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xB494A312] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xB47397B7] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xB46F4CEC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xB4739609] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xB46F4842] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xB4958358] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwReplaceKey [0xB4958CC4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xB4738597] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xB46F2BF6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xB46F2C5C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xB46F420A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xB46F27B0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xB46F2982] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xB4739D6D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xB46F2910] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xB46F455A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xB46F46BC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xB46F2A0A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xB46F4048] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xB46F41EA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xB46F2CC2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xB46F35FE] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [F6, 2B, 6F, B4, 5C, 2C, 6F, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [5A, 45, 6F, B4, BC, 46, 6F, ...] {POP EDX; INC EBP; OUTS DX, DWORD [ESI]; MOV AH, 0xbc; INC ESI; OUTS DX, DWORD [ESI]; MOV AH, 0xa; SUB CH, [EDI-0x4c]} PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL B46F5549 \SystemRoot\system32\drivers\aswSnx.sys .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB72EB3C0, 0x75D00A, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, AC, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, AF, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, AC, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, AD, 39, 00] {TEST AL, 0xad; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B910FC6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, AE, 39, 00] {TEST AL, 0xae; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, AD, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, AE, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B911037 .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, AC, 39, 00] {TEST AL, 0xac; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B911165 .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, AD, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, AE, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, AF, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 006201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[156] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 006203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 50, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 53, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 50, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 51, 79, 00] {TEST AL, 0x51; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B914F6A .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 52, 79, 00] {TEST AL, 0x52; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 51, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 52, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B914FDB .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 50, 79, 00] {TEST AL, 0x50; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B915109 .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 51, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 52, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 53, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00A703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, DC, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, DF, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, DC, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, DD, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9125F6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, DE, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, DD, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, DE, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912667 .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, DC, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912795 .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, DD, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, DE, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, DF, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[664] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 007D03FC .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1012] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 48, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 4B, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 48, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 49, 30, 00] {TEST AL, 0x49; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B910662 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 4A, 30, 00] {TEST AL, 0x4a; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 49, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 4A, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9106D3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 48, 30, 00] {TEST AL, 0x48; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910801 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 49, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 4A, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 4B, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003F03FC .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2528] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 70, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 73, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 70, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 71, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91258A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 72, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 71, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 72, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9125FB .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 70, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912729 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 71, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 72, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 73, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 007D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, D0, 8A, 00] {SUB AL, DL; MOV AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, D3, 8A, 00] {SUB BL, DL; MOV AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, D0, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, D1, 8A, 00] {TEST AL, 0xd1; MOV AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9160EA .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, D2, 8A, 00] {TEST AL, 0xd2; MOV AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, D1, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, D2, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91615B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, D0, 8A, 00] {TEST AL, 0xd0; MOV AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916289 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, D1, 8A, 00] {SUB CL, DL; MOV AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, D2, 8A, 00] {SUB DL, DL; MOV AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, D3, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2724] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00B803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 80, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 83, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 80, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 81, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED9A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 82, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 81, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 82, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EE0B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 80, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EF39 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 81, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 82, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 83, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 6C, C8, 00] {SUB [EAX+ECX*8+0x0], CH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 6F, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 6C, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 6D, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B919E86 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 6E, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 6D, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 6E, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B919EF7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 6C, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A025 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 6D, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 6E, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 6F, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00F601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00F603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, BC, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, BF, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, BC, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, BD, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B919ED6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, BE, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, BD, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, BE, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B919F47 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, BC, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A075 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, BD, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, BE, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, BF, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00F601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00F603FC .text C:\Program Files\CCleaner\CCleaner.exe[3456] USER32.dll!SetScrollInfo 7E369056 5 Bytes JMP 00505F4C C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3456] USER32.dll!GetScrollInfo 7E37DFE2 5 Bytes JMP 00505EA8 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3456] USER32.dll!ShowScrollBar 7E37F2F2 5 Bytes JMP 00505EDB C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3456] USER32.dll!GetScrollPos 7E37F704 5 Bytes JMP 00505E83 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3456] USER32.dll!SetScrollPos 7E37F750 5 Bytes JMP 00505E26 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3456] USER32.dll!GetScrollRange 7E37F787 5 Bytes JMP 00505E4B C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3456] USER32.dll!SetScrollRange 7E37F99B 5 Bytes JMP 00505F15 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3456] USER32.dll!EnableScrollBar 7E3B8005 5 Bytes JMP 00505F80 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 9C, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 9F, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 9C, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 9D, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9104B6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 9E, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 9D, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 9E, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B910527 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 9C, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910655 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 9D, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 9E, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 9F, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 006A01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 006A03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, B8, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, BB, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, B8, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, B9, 22, 00] {TEST AL, 0xb9; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F8D2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, BA, 22, 00] {TEST AL, 0xba; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, B9, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, BA, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F943 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, B8, 22, 00] {TEST AL, 0xb8; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90FA71 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, B9, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, BA, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, BB, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 005E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 005E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 20, C4, 01] {SBB [EAX], AH; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes CALL 5F8FD11B .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, EB, 62, 00] {SUB BL, CH; BOUND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes CALL 5F8FD60B .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes JMP 5F8FD66B .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B913902 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes JMP E2FF0062 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes JMP 5F8FD6CB .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes JMP E2FF0062 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B913973 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes CALL 5F8FD77B .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B913AA1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes JMP 5F8FDCCB .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes JMP E2FF0062 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, EB, 62, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009001F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 009003FC ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[592] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[592] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip {7a11bc7a-fa65-4d5a-ade4-5a0d20eea01d}t.sys AttachedDevice \Driver\Tcpip \Device\Tcp {7a11bc7a-fa65-4d5a-ade4-5a0d20eea01d}t.sys AttachedDevice \Driver\Tcpip \Device\Udp {7a11bc7a-fa65-4d5a-ade4-5a0d20eea01d}t.sys AttachedDevice \Driver\Tcpip \Device\RawIp {7a11bc7a-fa65-4d5a-ade4-5a0d20eea01d}t.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- EOF - GMER 2.1 ----