GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-06-30 22:53:19 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925031 rev.0001 232,89GB Running: rriiu1pj.exe; Driver: C:\Users\Pamela\AppData\Local\Temp\fwrdipob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8C02BACC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x8C0E831C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8C02C5AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x8C03867A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8C0386C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8C038860] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x8C0385E8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x8C0E86F6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8C038630] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x8C0E8986] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x8C0E8A70] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x8C03881A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8C02D398] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8C02BB32] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwDuplicateObject [0x8C0E8B74] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0x8C0E83F4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwLoadDriver [0x8C0E578E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8C0E87D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8C02BB98] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8C030FE0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8C02DEDC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x8C0386A4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8C0386E8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8C038884] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x8C03860E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x8C0304E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x8C038798] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8C038658] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x8C0308CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x8C03883E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8C0E8574] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x8C02DCF4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8C02DA02] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8C02BBFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8C02BC64] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x8C0E88D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8C02B7B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8C02B98A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8C02B918] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8C02D562] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x8C02D6C4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8C02BA12] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x8C0E8642] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x8C02D1F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0x8C0E57BE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x8C02BCCA] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x8C0E84A6] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwRequestWaitReplyPort + 14B9 82C45A15 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C65C62 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 1393 82C6D0D8 4 Bytes [CC, BA, 02, 8C] .text ntoskrnl.exe!KeRemoveQueueEx + 13BB 82C6D100 4 Bytes [1C, 83, 0E, 8C] .text ntoskrnl.exe!KeRemoveQueueEx + 141B 82C6D160 4 Bytes [AA, C5, 02, 8C] .text ntoskrnl.exe!KeRemoveQueueEx + 146F 82C6D1B4 8 Bytes [7A, 86, 03, 8C, C6, 86, 03, ...] .text ntoskrnl.exe!KeRemoveQueueEx + 147B 82C6D1C0 4 Bytes [60, 88, 03, 8C] .text ... ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtCreateFile + 6 779F55BE 4 Bytes [28, AC, 10, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtCreateFile + B 779F55C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtMapViewOfSection + 6 779F5C1E 4 Bytes [28, AF, 10, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtMapViewOfSection + B 779F5C23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenFile + 6 779F5CCE 4 Bytes [68, AC, 10, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenFile + B 779F5CD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenProcess + 6 779F5D7E 4 Bytes [A8, AD, 10, 00] {TEST AL, 0xad; ADC [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenProcess + B 779F5D83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenProcessToken + B 779F5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenProcessTokenEx + 6 779F5D9E 4 Bytes [A8, AE, 10, 00] {TEST AL, 0xae; ADC [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenProcessTokenEx + B 779F5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenThread + 6 779F5DFE 4 Bytes [68, AD, 10, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenThread + B 779F5E03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenThreadToken + 6 779F5E0E 4 Bytes [68, AE, 10, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenThreadToken + B 779F5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtOpenThreadTokenEx + B 779F5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtQueryAttributesFile + 6 779F5F2E 4 Bytes [A8, AC, 10, 00] {TEST AL, 0xac; ADC [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtQueryAttributesFile + B 779F5F33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtQueryFullAttributesFile + B 779F5FE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtSetInformationFile + 6 779F662E 4 Bytes [28, AD, 10, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtSetInformationFile + B 779F6633 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtSetInformationThread + 6 779F668E 4 Bytes [28, AE, 10, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtSetInformationThread + B 779F6693 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtUnmapViewOfSection + 6 779F69AE 4 Bytes [68, AF, 10, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!NtUnmapViewOfSection + B 779F69B3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!LdrUnloadDll 77A0CAC6 5 Bytes JMP 001603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[552] ntdll.dll!LdrLoadDll 77A1245E 5 Bytes JMP 001601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtCreateFile + 6 779F55BE 4 Bytes [28, B0, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtCreateFile + B 779F55C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtMapViewOfSection + 6 779F5C1E 4 Bytes [28, B3, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtMapViewOfSection + B 779F5C23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtOpenFile + 6 779F5CCE 4 Bytes [68, B0, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtOpenFile + B 779F5CD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtOpenProcess + 6 779F5D7E 4 Bytes [A8, B1, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtOpenProcess + B 779F5D83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtOpenProcessToken + 6 779F5D8E 4 Bytes CALL 76A04C44 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtOpenProcessToken + B 779F5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtOpenProcessTokenEx + 6 779F5D9E 4 Bytes [A8, B2, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtOpenProcessTokenEx + B 779F5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtOpenThread + 6 779F5DFE 4 Bytes [68, B1, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtOpenThread + B 779F5E03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtOpenThreadToken + 6 779F5E0E 4 Bytes [68, B2, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtOpenThreadToken + B 779F5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtOpenThreadTokenEx + 6 779F5E1E 4 Bytes CALL 76A04CD5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtOpenThreadTokenEx + B 779F5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtQueryAttributesFile + 6 779F5F2E 4 Bytes [A8, B0, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtQueryAttributesFile + B 779F5F33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtQueryFullAttributesFile + 6 779F5FDE 4 Bytes CALL 76A04E93 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtQueryFullAttributesFile + B 779F5FE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtSetInformationFile + 6 779F662E 4 Bytes [28, B1, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtSetInformationFile + B 779F6633 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtSetInformationThread + 6 779F668E 4 Bytes [28, B2, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtSetInformationThread + B 779F6693 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtUnmapViewOfSection + 6 779F69AE 4 Bytes [68, B3, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!NtUnmapViewOfSection + B 779F69B3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!LdrUnloadDll 77A0CAC6 5 Bytes JMP 00FB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1116] ntdll.dll!LdrLoadDll 77A1245E 5 Bytes JMP 00FB01F8 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1336] kernel32.dll!SetUnhandledExceptionFilter 75EFF5FB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1516] ntdll.dll!NtMapViewOfSection + 6 779F5C1E 4 Bytes [18, 20, 85, 68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1516] ntdll.dll!NtMapViewOfSection + B 779F5C23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1516] ntdll.dll!LdrUnloadDll 77A0CAC6 5 Bytes JMP 000E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1516] ntdll.dll!LdrLoadDll 77A1245E 5 Bytes JMP 000E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtCreateFile + 6 779F55BE 4 Bytes [28, A4, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtCreateFile + B 779F55C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtMapViewOfSection + 6 779F5C1E 4 Bytes [28, A7, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtMapViewOfSection + B 779F5C23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenFile + 6 779F5CCE 4 Bytes [68, A4, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenFile + B 779F5CD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenProcess + 6 779F5D7E 4 Bytes [A8, A5, 1C, 00] {TEST AL, 0xa5; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenProcess + B 779F5D83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenProcessToken + B 779F5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenProcessTokenEx + 6 779F5D9E 4 Bytes [A8, A6, 1C, 00] {TEST AL, 0xa6; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenProcessTokenEx + B 779F5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenThread + 6 779F5DFE 4 Bytes [68, A5, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenThread + B 779F5E03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenThreadToken + 6 779F5E0E 4 Bytes [68, A6, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenThreadToken + B 779F5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenThreadTokenEx + B 779F5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtQueryAttributesFile + 6 779F5F2E 4 Bytes [A8, A4, 1C, 00] {TEST AL, 0xa4; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtQueryAttributesFile + B 779F5F33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtQueryFullAttributesFile + B 779F5FE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtSetInformationFile + 6 779F662E 4 Bytes [28, A5, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtSetInformationFile + B 779F6633 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtSetInformationThread + 6 779F668E 4 Bytes [28, A6, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtSetInformationThread + B 779F6693 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtUnmapViewOfSection + 6 779F69AE 4 Bytes [68, A7, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtUnmapViewOfSection + B 779F69B3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!LdrUnloadDll 77A0CAC6 5 Bytes JMP 002803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!LdrLoadDll 77A1245E 5 Bytes JMP 002801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtCreateFile + 6 779F55BE 4 Bytes [28, 64, DD, 00] {SUB [EBP+EBX*8+0x0], AH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtCreateFile + B 779F55C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtMapViewOfSection + 6 779F5C1E 4 Bytes [28, 67, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtMapViewOfSection + B 779F5C23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenFile + 6 779F5CCE 4 Bytes [68, 64, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenFile + B 779F5CD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcess + 6 779F5D7E 4 Bytes [A8, 65, DD, 00] {TEST AL, 0x65; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcess + B 779F5D83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcessToken + 6 779F5D8E 4 Bytes CALL 76A03AF8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcessToken + B 779F5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcessTokenEx + 6 779F5D9E 4 Bytes [A8, 66, DD, 00] {TEST AL, 0x66; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcessTokenEx + B 779F5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThread + 6 779F5DFE 4 Bytes [68, 65, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThread + B 779F5E03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThreadToken + 6 779F5E0E 4 Bytes [68, 66, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThreadToken + B 779F5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThreadTokenEx + 6 779F5E1E 4 Bytes CALL 76A03B89 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThreadTokenEx + B 779F5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtQueryAttributesFile + 6 779F5F2E 4 Bytes [A8, 64, DD, 00] {TEST AL, 0x64; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtQueryAttributesFile + B 779F5F33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtQueryFullAttributesFile + 6 779F5FDE 4 Bytes CALL 76A03D47 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtQueryFullAttributesFile + B 779F5FE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtSetInformationFile + 6 779F662E 4 Bytes [28, 65, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtSetInformationFile + B 779F6633 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtSetInformationThread + 6 779F668E 4 Bytes [28, 66, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtSetInformationThread + B 779F6693 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtUnmapViewOfSection + 6 779F69AE 4 Bytes [68, 67, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtUnmapViewOfSection + B 779F69B3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!LdrUnloadDll 77A0CAC6 5 Bytes JMP 00E703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!LdrLoadDll 77A1245E 5 Bytes JMP 00E701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtCreateFile + 6 779F55BE 4 Bytes [28, BC, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtCreateFile + B 779F55C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtMapViewOfSection + 6 779F5C1E 4 Bytes [28, BF, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtMapViewOfSection + B 779F5C23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenFile + 6 779F5CCE 4 Bytes [68, BC, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenFile + B 779F5CD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcess + 6 779F5D7E 4 Bytes [A8, BD, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcess + B 779F5D83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessToken + 6 779F5D8E 4 Bytes CALL 76A02450 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessToken + B 779F5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessTokenEx + 6 779F5D9E 4 Bytes [A8, BE, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessTokenEx + B 779F5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThread + 6 779F5DFE 4 Bytes [68, BD, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThread + B 779F5E03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadToken + 6 779F5E0E 4 Bytes [68, BE, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadToken + B 779F5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadTokenEx + 6 779F5E1E 4 Bytes CALL 76A024E1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadTokenEx + B 779F5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryAttributesFile + 6 779F5F2E 4 Bytes [A8, BC, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryAttributesFile + B 779F5F33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryFullAttributesFile + 6 779F5FDE 4 Bytes CALL 76A0269F .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryFullAttributesFile + B 779F5FE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationFile + 6 779F662E 4 Bytes [28, BD, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationFile + B 779F6633 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationThread + 6 779F668E 4 Bytes [28, BE, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationThread + B 779F6693 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtUnmapViewOfSection + 6 779F69AE 4 Bytes [68, BF, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtUnmapViewOfSection + B 779F69B3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!LdrUnloadDll 77A0CAC6 5 Bytes JMP 00D303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!LdrLoadDll 77A1245E 5 Bytes JMP 00D301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtCreateFile + 6 779F55BE 4 Bytes [28, 10, 3C, 00] {SUB [EAX], DL; CMP AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtCreateFile + B 779F55C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtMapViewOfSection + 6 779F5C1E 4 Bytes [28, 13, 3C, 00] {SUB [EBX], DL; CMP AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtMapViewOfSection + B 779F5C23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenFile + 6 779F5CCE 4 Bytes [68, 10, 3C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenFile + B 779F5CD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcess + 6 779F5D7E 4 Bytes [A8, 11, 3C, 00] {TEST AL, 0x11; CMP AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcess + B 779F5D83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcessToken + B 779F5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcessTokenEx + 6 779F5D9E 4 Bytes [A8, 12, 3C, 00] {TEST AL, 0x12; CMP AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcessTokenEx + B 779F5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThread + 6 779F5DFE 4 Bytes [68, 11, 3C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThread + B 779F5E03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThreadToken + 6 779F5E0E 4 Bytes [68, 12, 3C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThreadToken + B 779F5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThreadTokenEx + B 779F5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtQueryAttributesFile + 6 779F5F2E 4 Bytes [A8, 10, 3C, 00] {TEST AL, 0x10; CMP AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtQueryAttributesFile + B 779F5F33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtQueryFullAttributesFile + B 779F5FE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtSetInformationFile + 6 779F662E 4 Bytes [28, 11, 3C, 00] {SUB [ECX], DL; CMP AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtSetInformationFile + B 779F6633 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtSetInformationThread + 6 779F668E 4 Bytes [28, 12, 3C, 00] {SUB [EDX], DL; CMP AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtSetInformationThread + B 779F6693 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtUnmapViewOfSection + 6 779F69AE 4 Bytes [68, 13, 3C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtUnmapViewOfSection + B 779F69B3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!LdrUnloadDll 77A0CAC6 5 Bytes JMP 004203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!LdrLoadDll 77A1245E 5 Bytes JMP 004201F8 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3380] kernel32.dll!SetUnhandledExceptionFilter 75EFF5FB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Users\Pamela\AppData\Local\GG\Application\ggapp.exe[3852] ntdll.dll!NtCreateFile 779F55B8 5 Bytes JMP 64936E2C C:\Users\Pamela\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\Pamela\AppData\Local\GG\Application\ggapp.exe[3852] ntdll.dll!NtFlushBuffersFile 779F5948 5 Bytes JMP 64936CC7 C:\Users\Pamela\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\Pamela\AppData\Local\GG\Application\ggapp.exe[3852] ntdll.dll!NtQueryFullAttributesFile 779F5FD8 5 Bytes JMP 64936EAD C:\Users\Pamela\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\Pamela\AppData\Local\GG\Application\ggapp.exe[3852] ntdll.dll!NtReadFile 779F62A8 5 Bytes JMP 64936BA3 C:\Users\Pamela\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\Pamela\AppData\Local\GG\Application\ggapp.exe[3852] ntdll.dll!NtReadFileScatter 779F62B8 5 Bytes JMP 64936BEC C:\Users\Pamela\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\Pamela\AppData\Local\GG\Application\ggapp.exe[3852] ntdll.dll!NtWriteFile 779F6A58 2 Bytes JMP 64936C35 C:\Users\Pamela\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\Pamela\AppData\Local\GG\Application\ggapp.exe[3852] ntdll.dll!NtWriteFile + 3 779F6A5B 2 Bytes [F4, EC] {HLT ; IN AL, DX} .text C:\Users\Pamela\AppData\Local\GG\Application\ggapp.exe[3852] ntdll.dll!NtWriteFileGather 779F6A68 5 Bytes JMP 64936C7E C:\Users\Pamela\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\Pamela\AppData\Local\GG\Application\ggapp.exe[3852] ntdll.dll!LdrLoadDll 77A1245E 5 Bytes JMP 711D1F42 C:\Users\Pamela\AppData\Local\GG\Application\xulrunner\mozglue.dll .text C:\Users\Pamela\AppData\Local\GG\Application\ggapp.exe[3852] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 75EF952E 1 Byte [E9] .text C:\Users\Pamela\AppData\Local\GG\Application\ggapp.exe[3852] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 75EF952E 7 Bytes JMP 648FEEC3 C:\Users\Pamela\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\Pamela\AppData\Local\GG\Application\ggapp.exe[3852] kernel32.dll!QueryPerformanceCounter + 13 75EFC535 7 Bytes JMP 648FEE7B C:\Users\Pamela\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\Pamela\AppData\Local\GG\Application\ggapp.exe[3852] kernel32.dll!LoadAppInitDlls + 355 75EFF5F6 7 Bytes JMP 658DE562 C:\Users\Pamela\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\Pamela\AppData\Local\GG\Application\ggapp.exe[3852] USER32.dll!GetWindowInfo 76514B5E 5 Bytes JMP 652B662C C:\Users\Pamela\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\Pamela\AppData\Local\GG\Application\ggapp.exe[3852] GDI32.dll!GetViewportOrgEx + 26C 764B884B 7 Bytes JMP 648FEEEA C:\Users\Pamela\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtCreateFile + 6 779F55BE 4 Bytes [28, BC, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtCreateFile + B 779F55C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtMapViewOfSection + 6 779F5C1E 4 Bytes [28, BF, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtMapViewOfSection + B 779F5C23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenFile + 6 779F5CCE 4 Bytes [68, BC, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenFile + B 779F5CD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenProcess + 6 779F5D7E 4 Bytes [A8, BD, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenProcess + B 779F5D83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenProcessToken + B 779F5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenProcessTokenEx + 6 779F5D9E 4 Bytes [A8, BE, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenProcessTokenEx + B 779F5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenThread + 6 779F5DFE 4 Bytes [68, BD, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenThread + B 779F5E03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenThreadToken + 6 779F5E0E 4 Bytes [68, BE, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenThreadToken + B 779F5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenThreadTokenEx + B 779F5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtQueryAttributesFile + 6 779F5F2E 4 Bytes [A8, BC, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtQueryAttributesFile + B 779F5F33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtQueryFullAttributesFile + B 779F5FE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtSetInformationFile + 6 779F662E 4 Bytes [28, BD, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtSetInformationFile + B 779F6633 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtSetInformationThread + 6 779F668E 4 Bytes [28, BE, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtSetInformationThread + B 779F6693 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtUnmapViewOfSection + 6 779F69AE 4 Bytes [68, BF, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtUnmapViewOfSection + B 779F69B3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!LdrUnloadDll 77A0CAC6 5 Bytes JMP 008F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!LdrLoadDll 77A1245E 5 Bytes JMP 008F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtCreateFile + 6 779F55BE 4 Bytes [28, 28, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtCreateFile + B 779F55C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtMapViewOfSection + 6 779F5C1E 4 Bytes [28, 2B, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtMapViewOfSection + B 779F5C23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenFile + 6 779F5CCE 4 Bytes [68, 28, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenFile + B 779F5CD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcess + 6 779F5D7E 4 Bytes [A8, 29, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcess + B 779F5D83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcessToken + B 779F5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcessTokenEx + 6 779F5D9E 4 Bytes [A8, 2A, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcessTokenEx + B 779F5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThread + 6 779F5DFE 4 Bytes [68, 29, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThread + B 779F5E03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThreadToken + 6 779F5E0E 4 Bytes [68, 2A, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThreadToken + B 779F5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThreadTokenEx + B 779F5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtQueryAttributesFile + 6 779F5F2E 4 Bytes [A8, 28, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtQueryAttributesFile + B 779F5F33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtQueryFullAttributesFile + B 779F5FE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtSetInformationFile + 6 779F662E 4 Bytes [28, 29, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtSetInformationFile + B 779F6633 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtSetInformationThread + 6 779F668E 4 Bytes [28, 2A, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtSetInformationThread + B 779F6693 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtUnmapViewOfSection + 6 779F69AE 4 Bytes [68, 2B, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtUnmapViewOfSection + B 779F69B3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!LdrUnloadDll 77A0CAC6 5 Bytes JMP 005603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!LdrLoadDll 77A1245E 5 Bytes JMP 005601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtCreateFile + 6 779F55BE 4 Bytes [28, 34, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtCreateFile + B 779F55C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtMapViewOfSection + 6 779F5C1E 4 Bytes [28, 37, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtMapViewOfSection + B 779F5C23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtOpenFile + 6 779F5CCE 4 Bytes [68, 34, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtOpenFile + B 779F5CD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtOpenProcess + 6 779F5D7E 4 Bytes [A8, 35, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtOpenProcess + B 779F5D83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtOpenProcessToken + B 779F5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtOpenProcessTokenEx + 6 779F5D9E 4 Bytes [A8, 36, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtOpenProcessTokenEx + B 779F5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtOpenThread + 6 779F5DFE 4 Bytes [68, 35, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtOpenThread + B 779F5E03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtOpenThreadToken + 6 779F5E0E 4 Bytes [68, 36, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtOpenThreadToken + B 779F5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtOpenThreadTokenEx + B 779F5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtQueryAttributesFile + 6 779F5F2E 4 Bytes [A8, 34, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtQueryAttributesFile + B 779F5F33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtQueryFullAttributesFile + B 779F5FE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtSetInformationFile + 6 779F662E 4 Bytes [28, 35, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtSetInformationFile + B 779F6633 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtSetInformationThread + 6 779F668E 4 Bytes [28, 36, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtSetInformationThread + B 779F6693 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtUnmapViewOfSection + 6 779F69AE 4 Bytes [68, 37, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!NtUnmapViewOfSection + B 779F69B3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!LdrUnloadDll 77A0CAC6 5 Bytes JMP 009B03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!LdrLoadDll 77A1245E 5 Bytes JMP 009B01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtCreateFile + 6 779F55BE 4 Bytes [28, 78, EB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtCreateFile + B 779F55C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtMapViewOfSection + 6 779F5C1E 4 Bytes [28, 7B, EB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtMapViewOfSection + B 779F5C23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenFile + 6 779F5CCE 4 Bytes [68, 78, EB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenFile + B 779F5CD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenProcess + 6 779F5D7E 4 Bytes [A8, 79, EB, 00] {TEST AL, 0x79; JMP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenProcess + B 779F5D83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenProcessToken + 6 779F5D8E 4 Bytes CALL 76A0490C .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenProcessToken + B 779F5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenProcessTokenEx + 6 779F5D9E 4 Bytes [A8, 7A, EB, 00] {TEST AL, 0x7a; JMP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenProcessTokenEx + B 779F5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenThread + 6 779F5DFE 4 Bytes [68, 79, EB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenThread + B 779F5E03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenThreadToken + 6 779F5E0E 4 Bytes [68, 7A, EB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenThreadToken + B 779F5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenThreadTokenEx + 6 779F5E1E 4 Bytes CALL 76A0499D .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenThreadTokenEx + B 779F5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtQueryAttributesFile + 6 779F5F2E 4 Bytes [A8, 78, EB, 00] {TEST AL, 0x78; JMP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtQueryAttributesFile + B 779F5F33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtQueryFullAttributesFile + 6 779F5FDE 4 Bytes CALL 76A04B5B .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtQueryFullAttributesFile + B 779F5FE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtSetInformationFile + 6 779F662E 4 Bytes [28, 79, EB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtSetInformationFile + B 779F6633 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtSetInformationThread + 6 779F668E 4 Bytes [28, 7A, EB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtSetInformationThread + B 779F6693 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtUnmapViewOfSection + 6 779F69AE 4 Bytes [68, 7B, EB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtUnmapViewOfSection + B 779F69B3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!LdrUnloadDll 77A0CAC6 5 Bytes JMP 010803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!LdrLoadDll 77A1245E 5 Bytes JMP 010801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtCreateFile + 6 779F55BE 4 Bytes [28, A8, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtCreateFile + B 779F55C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtMapViewOfSection + 6 779F5C1E 4 Bytes [28, AB, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtMapViewOfSection + B 779F5C23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtOpenFile + 6 779F5CCE 4 Bytes [68, A8, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtOpenFile + B 779F5CD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtOpenProcess + 6 779F5D7E 4 Bytes [A8, A9, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtOpenProcess + B 779F5D83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtOpenProcessToken + 6 779F5D8E 4 Bytes CALL 76A0293C .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtOpenProcessToken + B 779F5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtOpenProcessTokenEx + 6 779F5D9E 4 Bytes [A8, AA, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtOpenProcessTokenEx + B 779F5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtOpenThread + 6 779F5DFE 4 Bytes [68, A9, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtOpenThread + B 779F5E03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtOpenThreadToken + 6 779F5E0E 4 Bytes [68, AA, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtOpenThreadToken + B 779F5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtOpenThreadTokenEx + 6 779F5E1E 4 Bytes CALL 76A029CD .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtOpenThreadTokenEx + B 779F5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtQueryAttributesFile + 6 779F5F2E 4 Bytes [A8, A8, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtQueryAttributesFile + B 779F5F33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtQueryFullAttributesFile + 6 779F5FDE 4 Bytes CALL 76A02B8B .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtQueryFullAttributesFile + B 779F5FE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtSetInformationFile + 6 779F662E 4 Bytes [28, A9, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtSetInformationFile + B 779F6633 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtSetInformationThread + 6 779F668E 4 Bytes [28, AA, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtSetInformationThread + B 779F6693 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtUnmapViewOfSection + 6 779F69AE 4 Bytes [68, AB, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtUnmapViewOfSection + B 779F69B3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!LdrUnloadDll 77A0CAC6 5 Bytes JMP 00D803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!LdrLoadDll 77A1245E 5 Bytes JMP 00D801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtCreateFile + 6 779F55BE 4 Bytes [28, 5C, 8F, 00] {SUB [EDI+ECX*4+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtCreateFile + B 779F55C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtMapViewOfSection + 6 779F5C1E 4 Bytes [28, 5F, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtMapViewOfSection + B 779F5C23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenFile + 6 779F5CCE 4 Bytes [68, 5C, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenFile + B 779F5CD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenProcess + 6 779F5D7E 4 Bytes [A8, 5D, 8F, 00] {TEST AL, 0x5d; POP DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenProcess + B 779F5D83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenProcessToken + B 779F5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenProcessTokenEx + 6 779F5D9E 4 Bytes [A8, 5E, 8F, 00] {TEST AL, 0x5e; POP DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenProcessTokenEx + B 779F5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenThread + 6 779F5DFE 4 Bytes [68, 5D, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenThread + B 779F5E03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenThreadToken + 6 779F5E0E 4 Bytes [68, 5E, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenThreadToken + B 779F5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenThreadTokenEx + B 779F5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtQueryAttributesFile + 6 779F5F2E 4 Bytes [A8, 5C, 8F, 00] {TEST AL, 0x5c; POP DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtQueryAttributesFile + B 779F5F33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtQueryFullAttributesFile + B 779F5FE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtSetInformationFile + 6 779F662E 4 Bytes [28, 5D, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtSetInformationFile + B 779F6633 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtSetInformationThread + 6 779F668E 4 Bytes [28, 5E, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtSetInformationThread + B 779F6693 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtUnmapViewOfSection + 6 779F69AE 4 Bytes [68, 5F, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtUnmapViewOfSection + B 779F69B3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!LdrUnloadDll 77A0CAC6 5 Bytes JMP 009503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!LdrLoadDll 77A1245E 5 Bytes JMP 009501F8 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys ---- Threads - GMER 2.1 ---- Thread System [4:920] 9824EF2E ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{8C9B1447-CDAC-11E4-A84A-806E6F6E6963} 1619087360 ---- EOF - GMER 2.1 ----