GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-29 13:12:15 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB Running: f7pe1ges.exe; Driver: C:\Users\Komp\AppData\Local\Temp\aftcaaoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x9232AACC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x8C79431C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x9232B5AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x9233767A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x923376C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x92337860] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x923375E8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x8C7946F6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x92337630] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x8C794986] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x8C794A70] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x9233781A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x9232C398] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x9232AB32] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwDuplicateObject [0x8C794B74] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0x8C7943F4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwLoadDriver [0x8C79178E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8C7947D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x9232AB98] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x9232FFE0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x9232CEDC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x923376A4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x923376E8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x92337884] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x9233760E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x9232F4E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x92337798] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x92337658] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x9232F8CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x9233783E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8C794574] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x9232CCF4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x9232CA02] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x9232ABFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x9232AC64] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x8C7948D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x9232A7B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x9232A98A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x9232A918] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x9232C562] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x9232C6C4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x9232AA12] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x8C794642] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x9232C1F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0x8C7917BE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x9232ACCA] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x8C7944A6] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 82E75339 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EAED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82EB5DC0 4 Bytes [CC, AA, 32, 92] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82EB5DE8 4 Bytes [1C, 43, 79, 8C] {SBB AL, 0x43; JNS 0xffffff90} .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82EB5E48 4 Bytes [AA, B5, 32, 92] {STOSB ; MOV CH, 0x32; XCHG EDX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82EB5E9C 8 Bytes [7A, 76, 33, 92, C6, 76, 33, ...] {JP 0x78; XOR EDX, [EDX-0x6dcc893a]} .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82EB5EA8 4 Bytes [60, 78, 33, 92] {PUSHA ; JS 0x36; XCHG EDX, EAX} .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8307126D 4 Bytes CALL 9232D5C3 \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8308B02C 4 Bytes CALL 9232D5D9 \SystemRoot\system32\drivers\aswSnx.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1536] kernel32.dll!SetUnhandledExceptionFilter 76CA3D01 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtCreateFile + 6 770555CE 4 Bytes [28, 94, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtCreateFile + B 770555D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtMapViewOfSection + 6 77055C2E 4 Bytes [28, 97, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtMapViewOfSection + B 77055C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenFile + 6 77055CDE 4 Bytes [68, 94, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenFile + B 77055CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenProcess + 6 77055D8E 4 Bytes [A8, 95, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenProcess + B 77055D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenProcessToken + B 77055DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenProcessTokenEx + 6 77055DAE 4 Bytes [A8, 96, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenProcessTokenEx + B 77055DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenThread + 6 77055E0E 4 Bytes [68, 95, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenThread + B 77055E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenThreadToken + 6 77055E1E 4 Bytes [68, 96, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenThreadToken + B 77055E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenThreadTokenEx + B 77055E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtQueryAttributesFile + 6 77055F3E 4 Bytes [A8, 94, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtQueryAttributesFile + B 77055F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtQueryFullAttributesFile + B 77055FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtSetInformationFile + 6 7705663E 4 Bytes [28, 95, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtSetInformationFile + B 77056643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtSetInformationThread + 6 7705669E 4 Bytes [28, 96, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtSetInformationThread + B 770566A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtUnmapViewOfSection + 6 770569BE 4 Bytes [68, 97, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtUnmapViewOfSection + B 770569C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!LdrUnloadDll 7706C8DE 5 Bytes JMP 00CF03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!LdrLoadDll 770722B8 5 Bytes JMP 00CF01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtCreateFile + 6 770555CE 4 Bytes [28, E0, A8, 00] {SUB AL, AH; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtCreateFile + B 770555D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtMapViewOfSection + 6 77055C2E 4 Bytes [28, E3, A8, 00] {SUB BL, AH; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtMapViewOfSection + B 77055C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenFile + 6 77055CDE 4 Bytes [68, E0, A8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenFile + B 77055CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenProcess + 6 77055D8E 4 Bytes [A8, E1, A8, 00] {TEST AL, 0xe1; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenProcess + B 77055D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenProcessToken + B 77055DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenProcessTokenEx + 6 77055DAE 4 Bytes [A8, E2, A8, 00] {TEST AL, 0xe2; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenProcessTokenEx + B 77055DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenThread + 6 77055E0E 4 Bytes [68, E1, A8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenThread + B 77055E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenThreadToken + 6 77055E1E 4 Bytes [68, E2, A8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenThreadToken + B 77055E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenThreadTokenEx + B 77055E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtQueryAttributesFile + 6 77055F3E 4 Bytes [A8, E0, A8, 00] {TEST AL, 0xe0; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtQueryAttributesFile + B 77055F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtQueryFullAttributesFile + B 77055FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtSetInformationFile + 6 7705663E 4 Bytes [28, E1, A8, 00] {SUB CL, AH; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtSetInformationFile + B 77056643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtSetInformationThread + 6 7705669E 4 Bytes [28, E2, A8, 00] {SUB DL, AH; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtSetInformationThread + B 770566A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtUnmapViewOfSection + 6 770569BE 4 Bytes [68, E3, A8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtUnmapViewOfSection + B 770569C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!LdrUnloadDll 7706C8DE 5 Bytes JMP 00B503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!LdrLoadDll 770722B8 5 Bytes JMP 00B501F8 .text C:\Program Files\AVAST Software\Avast\avastui.exe[1956] kernel32.dll!SetUnhandledExceptionFilter 76CA3D01 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtCreateFile + 6 770555CE 4 Bytes CALL 5A0456C4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtCreateFile + B 770555D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtMapViewOfSection + 6 77055C2E 4 Bytes [28, EB, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtMapViewOfSection + B 77055C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenFile + 6 77055CDE 4 Bytes CALL 5A045DD4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenFile + B 77055CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenProcess + 6 77055D8E 4 Bytes JMP 5A045E84 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenProcess + B 77055D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenProcessToken + B 77055DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenProcessTokenEx + 6 77055DAE 4 Bytes JMP E2FF00F1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenProcessTokenEx + B 77055DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenThread + 6 77055E0E 4 Bytes JMP 5A045F04 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenThread + B 77055E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenThreadToken + 6 77055E1E 4 Bytes JMP E2FF00F1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenThreadToken + B 77055E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtOpenThreadTokenEx + B 77055E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtQueryAttributesFile + 6 77055F3E 4 Bytes CALL 5A046034 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtQueryAttributesFile + B 77055F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtQueryFullAttributesFile + B 77055FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtSetInformationFile + 6 7705663E 4 Bytes JMP 5A046734 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtSetInformationFile + B 77056643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtSetInformationThread + 6 7705669E 4 Bytes JMP E2FF00F1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtSetInformationThread + B 770566A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtUnmapViewOfSection + 6 770569BE 4 Bytes [68, EB, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!NtUnmapViewOfSection + B 770569C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!LdrUnloadDll 7706C8DE 5 Bytes JMP 00F703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2604] ntdll.dll!LdrLoadDll 770722B8 5 Bytes JMP 00F701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtCreateFile + 6 770555CE 4 Bytes [28, 48, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtCreateFile + B 770555D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtMapViewOfSection + 6 77055C2E 4 Bytes [28, 4B, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtMapViewOfSection + B 77055C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenFile + 6 77055CDE 4 Bytes [68, 48, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenFile + B 77055CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenProcess + 6 77055D8E 4 Bytes [A8, 49, 88, 00] {TEST AL, 0x49; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenProcess + B 77055D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenProcessToken + B 77055DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenProcessTokenEx + 6 77055DAE 4 Bytes [A8, 4A, 88, 00] {TEST AL, 0x4a; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenProcessTokenEx + B 77055DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenThread + 6 77055E0E 4 Bytes [68, 49, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenThread + B 77055E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenThreadToken + 6 77055E1E 4 Bytes [68, 4A, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenThreadToken + B 77055E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenThreadTokenEx + B 77055E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtQueryAttributesFile + 6 77055F3E 4 Bytes [A8, 48, 88, 00] {TEST AL, 0x48; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtQueryAttributesFile + B 77055F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtQueryFullAttributesFile + B 77055FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtSetInformationFile + 6 7705663E 4 Bytes [28, 49, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtSetInformationFile + B 77056643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtSetInformationThread + 6 7705669E 4 Bytes [28, 4A, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtSetInformationThread + B 770566A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtUnmapViewOfSection + 6 770569BE 4 Bytes [68, 4B, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtUnmapViewOfSection + B 770569C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!LdrUnloadDll 7706C8DE 5 Bytes JMP 009203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!LdrLoadDll 770722B8 5 Bytes JMP 009201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtCreateFile + 6 770555CE 4 Bytes [28, 60, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtCreateFile + B 770555D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtMapViewOfSection + 6 77055C2E 4 Bytes [28, 63, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtMapViewOfSection + B 77055C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenFile + 6 77055CDE 4 Bytes [68, 60, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenFile + B 77055CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcess + 6 77055D8E 4 Bytes [A8, 61, 04, 01] {TEST AL, 0x61; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcess + B 77055D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcessToken + B 77055DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcessTokenEx + 6 77055DAE 4 Bytes [A8, 62, 04, 01] {TEST AL, 0x62; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcessTokenEx + B 77055DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThread + 6 77055E0E 4 Bytes [68, 61, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThread + B 77055E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThreadToken + 6 77055E1E 4 Bytes [68, 62, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThreadToken + B 77055E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThreadTokenEx + B 77055E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtQueryAttributesFile + 6 77055F3E 4 Bytes [A8, 60, 04, 01] {TEST AL, 0x60; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtQueryAttributesFile + B 77055F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtQueryFullAttributesFile + B 77055FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtSetInformationFile + 6 7705663E 4 Bytes [28, 61, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtSetInformationFile + B 77056643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtSetInformationThread + 6 7705669E 4 Bytes [28, 62, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtSetInformationThread + B 770566A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtUnmapViewOfSection + 6 770569BE 4 Bytes [68, 63, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtUnmapViewOfSection + B 770569C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!LdrUnloadDll 7706C8DE 5 Bytes JMP 012103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!LdrLoadDll 770722B8 5 Bytes JMP 012101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtCreateFile + 6 770555CE 4 Bytes [28, A0, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtCreateFile + B 770555D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtMapViewOfSection + 6 77055C2E 4 Bytes [28, A3, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtMapViewOfSection + B 77055C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtOpenFile + 6 77055CDE 4 Bytes [68, A0, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtOpenFile + B 77055CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtOpenProcess + 6 77055D8E 4 Bytes [A8, A1, 2C, 00] {TEST AL, 0xa1; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtOpenProcess + B 77055D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtOpenProcessToken + B 77055DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtOpenProcessTokenEx + 6 77055DAE 4 Bytes [A8, A2, 2C, 00] {TEST AL, 0xa2; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtOpenProcessTokenEx + B 77055DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtOpenThread + 6 77055E0E 4 Bytes [68, A1, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtOpenThread + B 77055E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtOpenThreadToken + 6 77055E1E 4 Bytes [68, A2, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtOpenThreadToken + B 77055E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtOpenThreadTokenEx + B 77055E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtQueryAttributesFile + 6 77055F3E 4 Bytes [A8, A0, 2C, 00] {TEST AL, 0xa0; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtQueryAttributesFile + B 77055F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtQueryFullAttributesFile + B 77055FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtSetInformationFile + 6 7705663E 4 Bytes [28, A1, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtSetInformationFile + B 77056643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtSetInformationThread + 6 7705669E 4 Bytes [28, A2, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtSetInformationThread + B 770566A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtUnmapViewOfSection + 6 770569BE 4 Bytes [68, A3, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtUnmapViewOfSection + B 770569C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!LdrUnloadDll 7706C8DE 5 Bytes JMP 003203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!LdrLoadDll 770722B8 5 Bytes JMP 003201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtCreateFile + 6 770555CE 4 Bytes [28, 4C, 04, 01] {SUB [ESP+EAX+0x1], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtCreateFile + B 770555D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtMapViewOfSection + 6 77055C2E 4 Bytes [28, 4F, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtMapViewOfSection + B 77055C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenFile + 6 77055CDE 4 Bytes [68, 4C, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenFile + B 77055CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenProcess + 6 77055D8E 4 Bytes [A8, 4D, 04, 01] {TEST AL, 0x4d; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenProcess + B 77055D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenProcessToken + B 77055DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenProcessTokenEx + 6 77055DAE 4 Bytes [A8, 4E, 04, 01] {TEST AL, 0x4e; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenProcessTokenEx + B 77055DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenThread + 6 77055E0E 4 Bytes [68, 4D, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenThread + B 77055E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenThreadToken + 6 77055E1E 4 Bytes [68, 4E, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenThreadToken + B 77055E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenThreadTokenEx + B 77055E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtQueryAttributesFile + 6 77055F3E 4 Bytes [A8, 4C, 04, 01] {TEST AL, 0x4c; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtQueryAttributesFile + B 77055F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtQueryFullAttributesFile + B 77055FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtSetInformationFile + 6 7705663E 4 Bytes [28, 4D, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtSetInformationFile + B 77056643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtSetInformationThread + 6 7705669E 4 Bytes [28, 4E, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtSetInformationThread + B 770566A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtUnmapViewOfSection + 6 770569BE 4 Bytes [68, 4F, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtUnmapViewOfSection + B 770569C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!LdrUnloadDll 7706C8DE 5 Bytes JMP 012103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!LdrLoadDll 770722B8 5 Bytes JMP 012101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtMapViewOfSection + 6 77055C2E 4 Bytes [18, 20, 9F, 65] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtMapViewOfSection + B 77055C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!LdrUnloadDll 7706C8DE 5 Bytes JMP 000E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!LdrLoadDll 770722B8 5 Bytes JMP 000E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtCreateFile + 6 770555CE 4 Bytes [28, BC, C2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtCreateFile + B 770555D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtMapViewOfSection + 6 77055C2E 4 Bytes [28, BF, C2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtMapViewOfSection + B 77055C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenFile + 6 77055CDE 4 Bytes [68, BC, C2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenFile + B 77055CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenProcess + 6 77055D8E 4 Bytes [A8, BD, C2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenProcess + B 77055D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenProcessToken + B 77055DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenProcessTokenEx + 6 77055DAE 4 Bytes [A8, BE, C2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenProcessTokenEx + B 77055DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenThread + 6 77055E0E 4 Bytes [68, BD, C2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenThread + B 77055E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenThreadToken + 6 77055E1E 4 Bytes [68, BE, C2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenThreadToken + B 77055E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenThreadTokenEx + B 77055E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtQueryAttributesFile + 6 77055F3E 4 Bytes [A8, BC, C2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtQueryAttributesFile + B 77055F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtQueryFullAttributesFile + B 77055FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtSetInformationFile + 6 7705663E 4 Bytes [28, BD, C2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtSetInformationFile + B 77056643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtSetInformationThread + 6 7705669E 4 Bytes [28, BE, C2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtSetInformationThread + B 770566A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtUnmapViewOfSection + 6 770569BE 4 Bytes [68, BF, C2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtUnmapViewOfSection + B 770569C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!LdrUnloadDll 7706C8DE 5 Bytes JMP 00DE03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!LdrLoadDll 770722B8 5 Bytes JMP 00DE01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtCreateFile + 6 770555CE 4 Bytes [28, 38, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtCreateFile + B 770555D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtMapViewOfSection + 6 77055C2E 4 Bytes [28, 3B, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtMapViewOfSection + B 77055C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenFile + 6 77055CDE 4 Bytes [68, 38, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenFile + B 77055CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenProcess + 6 77055D8E 4 Bytes [A8, 39, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenProcess + B 77055D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenProcessToken + B 77055DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenProcessTokenEx + 6 77055DAE 4 Bytes [A8, 3A, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenProcessTokenEx + B 77055DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenThread + 6 77055E0E 4 Bytes [68, 39, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenThread + B 77055E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenThreadToken + 6 77055E1E 4 Bytes [68, 3A, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenThreadToken + B 77055E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtOpenThreadTokenEx + B 77055E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtQueryAttributesFile + 6 77055F3E 4 Bytes [A8, 38, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtQueryAttributesFile + B 77055F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtQueryFullAttributesFile + B 77055FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtSetInformationFile + 6 7705663E 4 Bytes [28, 39, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtSetInformationFile + B 77056643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtSetInformationThread + 6 7705669E 4 Bytes [28, 3A, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtSetInformationThread + B 770566A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtUnmapViewOfSection + 6 770569BE 4 Bytes [68, 3B, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!NtUnmapViewOfSection + B 770569C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!LdrUnloadDll 7706C8DE 5 Bytes JMP 00B503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4904] ntdll.dll!LdrLoadDll 770722B8 5 Bytes JMP 00B501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtCreateFile + 6 770555CE 4 Bytes [28, C8, 85, 00] {SUB AL, CL; TEST [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtCreateFile + B 770555D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtMapViewOfSection + 6 77055C2E 4 Bytes [28, CB, 85, 00] {SUB BL, CL; TEST [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtMapViewOfSection + B 77055C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtOpenFile + 6 77055CDE 4 Bytes [68, C8, 85, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtOpenFile + B 77055CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtOpenProcess + 6 77055D8E 4 Bytes [A8, C9, 85, 00] {TEST AL, 0xc9; TEST [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtOpenProcess + B 77055D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtOpenProcessToken + B 77055DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtOpenProcessTokenEx + 6 77055DAE 4 Bytes [A8, CA, 85, 00] {TEST AL, 0xca; TEST [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtOpenProcessTokenEx + B 77055DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtOpenThread + 6 77055E0E 4 Bytes [68, C9, 85, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtOpenThread + B 77055E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtOpenThreadToken + 6 77055E1E 4 Bytes [68, CA, 85, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtOpenThreadToken + B 77055E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtOpenThreadTokenEx + B 77055E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtQueryAttributesFile + 6 77055F3E 4 Bytes [A8, C8, 85, 00] {TEST AL, 0xc8; TEST [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtQueryAttributesFile + B 77055F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtQueryFullAttributesFile + B 77055FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtSetInformationFile + 6 7705663E 4 Bytes [28, C9, 85, 00] {SUB CL, CL; TEST [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtSetInformationFile + B 77056643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtSetInformationThread + 6 7705669E 4 Bytes [28, CA, 85, 00] {SUB DL, CL; TEST [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtSetInformationThread + B 770566A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtUnmapViewOfSection + 6 770569BE 4 Bytes [68, CB, 85, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!NtUnmapViewOfSection + B 770569C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!LdrUnloadDll 7706C8DE 5 Bytes JMP 009603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5016] ntdll.dll!LdrLoadDll 770722B8 5 Bytes JMP 009601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtCreateFile + 6 770555CE 4 Bytes [28, 44, CB, 00] {SUB [EBX+ECX*8+0x0], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtCreateFile + B 770555D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtMapViewOfSection + 6 77055C2E 4 Bytes [28, 47, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtMapViewOfSection + B 77055C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenFile + 6 77055CDE 4 Bytes [68, 44, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenFile + B 77055CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenProcess + 6 77055D8E 4 Bytes [A8, 45, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenProcess + B 77055D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenProcessToken + B 77055DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenProcessTokenEx + 6 77055DAE 4 Bytes [A8, 46, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenProcessTokenEx + B 77055DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenThread + 6 77055E0E 4 Bytes [68, 45, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenThread + B 77055E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenThreadToken + 6 77055E1E 4 Bytes [68, 46, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenThreadToken + B 77055E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenThreadTokenEx + B 77055E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtQueryAttributesFile + 6 77055F3E 4 Bytes [A8, 44, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtQueryAttributesFile + B 77055F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtQueryFullAttributesFile + B 77055FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtSetInformationFile + 6 7705663E 4 Bytes [28, 45, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtSetInformationFile + B 77056643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtSetInformationThread + 6 7705669E 4 Bytes [28, 46, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtSetInformationThread + B 770566A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtUnmapViewOfSection + 6 770569BE 4 Bytes [68, 47, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtUnmapViewOfSection + B 770569C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!LdrUnloadDll 7706C8DE 5 Bytes JMP 00D803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!LdrLoadDll 770722B8 5 Bytes JMP 00D801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtCreateFile + 6 770555CE 4 Bytes [28, B4, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtCreateFile + B 770555D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtMapViewOfSection + 6 77055C2E 4 Bytes [28, B7, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtMapViewOfSection + B 77055C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtOpenFile + 6 77055CDE 4 Bytes [68, B4, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtOpenFile + B 77055CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtOpenProcess + 6 77055D8E 4 Bytes [A8, B5, D2, 00] {TEST AL, 0xb5; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtOpenProcess + B 77055D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtOpenProcessToken + B 77055DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtOpenProcessTokenEx + 6 77055DAE 4 Bytes [A8, B6, D2, 00] {TEST AL, 0xb6; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtOpenProcessTokenEx + B 77055DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtOpenThread + 6 77055E0E 4 Bytes [68, B5, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtOpenThread + B 77055E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtOpenThreadToken + 6 77055E1E 4 Bytes [68, B6, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtOpenThreadToken + B 77055E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtOpenThreadTokenEx + B 77055E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtQueryAttributesFile + 6 77055F3E 4 Bytes [A8, B4, D2, 00] {TEST AL, 0xb4; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtQueryAttributesFile + B 77055F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtQueryFullAttributesFile + B 77055FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtSetInformationFile + 6 7705663E 4 Bytes [28, B5, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtSetInformationFile + B 77056643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtSetInformationThread + 6 7705669E 4 Bytes [28, B6, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtSetInformationThread + B 770566A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtUnmapViewOfSection + 6 770569BE 4 Bytes [68, B7, D2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!NtUnmapViewOfSection + B 770569C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!LdrUnloadDll 7706C8DE 5 Bytes JMP 00DF03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[6116] ntdll.dll!LdrLoadDll 770722B8 5 Bytes JMP 00DF01F8 ---- Devices - GMER 2.1 ---- Device \Driver\BTHUSB \Device\00000081 bthport.sys Device \Driver\BTHUSB \Device\00000083 bthport.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{4BC9500D-2817-44CE-A22F-596FFB291435}\Connection@Name isatap.{A64EE00B-C0C5-41AF-8963-08C8AFC3EDA9} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{A9B32DEF-8AE5-444E-9DE5-9EEB76389229}\Connection@Name isatap.{C8FFD2EA-F808-4DCE-AA89-993839A0BF58} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{4BC9500D-2817-44CE-A22F-596FFB291435}?\Device\{A9B32DEF-8AE5-444E-9DE5-9EEB76389229}?\Device\{2F742435-FB49-4C52-8A89-B6613BB1D178}?\Device\{BD55D8D7-93C8-4BF6-B3D6-77EF466E9336}?\Device\{651CB0A4-4587-4FE7-A08A-FF207EF2D024}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{4BC9500D-2817-44CE-A22F-596FFB291435}"?"{A9B32DEF-8AE5-444E-9DE5-9EEB76389229}"?"{2F742435-FB49-4C52-8A89-B6613BB1D178}"?"{BD55D8D7-93C8-4BF6-B3D6-77EF466E9336}"?"{651CB0A4-4587-4FE7-A08A-FF207EF2D024}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{4BC9500D-2817-44CE-A22F-596FFB291435}?\Device\TCPIP6TUNNEL_{A9B32DEF-8AE5-444E-9DE5-9EEB76389229}?\Device\TCPIP6TUNNEL_{2F742435-FB49-4C52-8A89-B6613BB1D178}?\Device\TCPIP6TUNNEL_{BD55D8D7-93C8-4BF6-B3D6-77EF466E9336}?\Device\TCPIP6TUNNEL_{651CB0A4-4587-4FE7-A08A-FF207EF2D024}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00c2c648fc7d Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4BC9500D-2817-44CE-A22F-596FFB291435}@InterfaceName isatap.{A64EE00B-C0C5-41AF-8963-08C8AFC3EDA9} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4BC9500D-2817-44CE-A22F-596FFB291435}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{A9B32DEF-8AE5-444E-9DE5-9EEB76389229}@InterfaceName isatap.{C8FFD2EA-F808-4DCE-AA89-993839A0BF58} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{A9B32DEF-8AE5-444E-9DE5-9EEB76389229}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpNameServer 192.168.15.2 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{55FE366E-1FEE-4B22-BF31-B60B26406C37}@LeaseObtainedTime 1448794855 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{55FE366E-1FEE-4B22-BF31-B60B26406C37}@T1 1448798455 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{55FE366E-1FEE-4B22-BF31-B60B26406C37}@T2 1448801155 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{55FE366E-1FEE-4B22-BF31-B60B26406C37}@LeaseTerminatesTime 1448802055 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00c2c648fc7d (not active ControlSet) Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{6BB48510-1E91-11E5-BD73-806E6F6E6963} 3789890824 ---- EOF - GMER 2.1 ----