GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-05 18:50:07 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320325AS rev.0003SDM1 298,09GB Running: ycfyzszk.exe; Driver: C:\Users\asus\AppData\Local\Temp\aftcqaoc.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x92C9A48C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x92C2A97C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x92C9AF6A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x92CA7568] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x92CA75B4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x92CA774E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x92CA74D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0x92CA75F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x92CA751E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0x92C9B4A0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x92C9B6BC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x92CA7708] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x92C9BD58] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x92C9A4F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x92C9EEF4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0x92C2AA54] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x92C9A0DE] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x92C2AE36] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x92C9A558] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x92C9F2EA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x92C9C8C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x92CA7592] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x92CA75D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x92CA7772] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x92CA74FC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x92C9E7CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x92CA7686] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x92CA7546] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x92C9EBC2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x92CA772C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x92C2ABD4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x92C9C6DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x92C9C3C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x92C9A5BE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x92C9A624] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0x92C9BBD2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x92C9A178] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x92C9A34A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x92C9A2D8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x92C9BF22] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x92C9C084] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x92C9A3D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0x92C9BA10] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x92C9BBB2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0x92C27C14] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x92C9A68A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x92C9AFC6] ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwReplaceKey + 151D 8308CB65 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830C6C12 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 830CDFF8 4 Bytes [8C, A4, C9, 92] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 830CE020 4 Bytes [7C, A9, C2, 92] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 830CE080 4 Bytes [6A, AF, C9, 92] {PUSH -0x51; LEAVE ; XCHG EDX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 830CE0D4 8 Bytes [68, 75, CA, 92, B4, 75, CA, ...] {PUSH DWORD 0xb492ca75; JNZ 0xffffffd1; XCHG EDX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 830CE0E0 4 Bytes [4E, 77, CA, 92] {DEC ESI; JA 0xffffffcd; XCHG EDX, EAX} .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 114 8328BF21 4 Bytes CALL 92C9CF31 \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 132 832A5E01 4 Bytes CALL 92C9CF47 \SystemRoot\system32\drivers\aswSnx.sys .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8C8BD774] ? C:\Windows\System32\Drivers\aquukn11.SYS suspicious PE modification .text C:\Program Files\Alcohol Soft\Alcohol 120\Alcoholx.dll section is writeable [0x77D41000, 0x152A2, 0xE0000020] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtCreateFile + 6 77C055F2 4 Bytes [28, 40, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtCreateFile + B 77C055F7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtMapViewOfSection + 6 77C05C52 4 Bytes [28, 43, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtMapViewOfSection + B 77C05C57 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtOpenFile + 6 77C05D02 4 Bytes [68, 40, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtOpenFile + B 77C05D07 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtOpenProcess + 6 77C05DB2 4 Bytes [A8, 41, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtOpenProcess + B 77C05DB7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtOpenProcessToken + 6 77C05DC2 4 Bytes CALL 76C09D08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtOpenProcessToken + B 77C05DC7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtOpenProcessTokenEx + 6 77C05DD2 4 Bytes [A8, 42, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtOpenProcessTokenEx + B 77C05DD7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtOpenThread + 6 77C05E32 4 Bytes [68, 41, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtOpenThread + B 77C05E37 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtOpenThreadToken + 6 77C05E42 4 Bytes [68, 42, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtOpenThreadToken + B 77C05E47 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtOpenThreadTokenEx + 6 77C05E52 4 Bytes CALL 76C09D99 .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtOpenThreadTokenEx + B 77C05E57 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtQueryAttributesFile + 6 77C05F62 4 Bytes [A8, 40, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtQueryAttributesFile + B 77C05F67 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtQueryFullAttributesFile + 6 77C06012 4 Bytes CALL 76C09F57 .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtQueryFullAttributesFile + B 77C06017 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtSetInformationFile + 6 77C06662 4 Bytes [28, 41, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtSetInformationFile + B 77C06667 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtSetInformationThread + 6 77C066C2 4 Bytes [28, 42, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtSetInformationThread + B 77C066C7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtUnmapViewOfSection + 6 77C069E2 4 Bytes [68, 43, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!NtUnmapViewOfSection + B 77C069E7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!LdrUnloadDll 77C1CC26 5 Bytes JMP 004303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[752] ntdll.dll!LdrLoadDll 77C22611 5 Bytes JMP 004301F8 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1728] kernel32.dll!SetUnhandledExceptionFilter 7720F6AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtCreateFile + 6 77C055F2 4 Bytes [28, 78, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtCreateFile + B 77C055F7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtMapViewOfSection + 6 77C05C52 4 Bytes [28, 7B, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtMapViewOfSection + B 77C05C57 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtOpenFile + 6 77C05D02 4 Bytes [68, 78, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtOpenFile + B 77C05D07 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtOpenProcess + 6 77C05DB2 4 Bytes [A8, 79, D1, 00] {TEST AL, 0x79; ROL DWORD [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtOpenProcess + B 77C05DB7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtOpenProcessToken + 6 77C05DC2 4 Bytes CALL 76C12F40 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtOpenProcessToken + B 77C05DC7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtOpenProcessTokenEx + 6 77C05DD2 4 Bytes [A8, 7A, D1, 00] {TEST AL, 0x7a; ROL DWORD [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtOpenProcessTokenEx + B 77C05DD7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtOpenThread + 6 77C05E32 4 Bytes [68, 79, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtOpenThread + B 77C05E37 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtOpenThreadToken + 6 77C05E42 4 Bytes [68, 7A, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtOpenThreadToken + B 77C05E47 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtOpenThreadTokenEx + 6 77C05E52 4 Bytes CALL 76C12FD1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtOpenThreadTokenEx + B 77C05E57 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtQueryAttributesFile + 6 77C05F62 4 Bytes [A8, 78, D1, 00] {TEST AL, 0x78; ROL DWORD [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtQueryAttributesFile + B 77C05F67 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtQueryFullAttributesFile + 6 77C06012 4 Bytes CALL 76C1318F .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtQueryFullAttributesFile + B 77C06017 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtSetInformationFile + 6 77C06662 4 Bytes [28, 79, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtSetInformationFile + B 77C06667 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtSetInformationThread + 6 77C066C2 4 Bytes [28, 7A, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtSetInformationThread + B 77C066C7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtUnmapViewOfSection + 6 77C069E2 4 Bytes [68, 7B, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!NtUnmapViewOfSection + B 77C069E7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!LdrUnloadDll 77C1CC26 5 Bytes JMP 00DD03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1896] ntdll.dll!LdrLoadDll 77C22611 5 Bytes JMP 00DD01F8 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2940] kernel32.dll!SetUnhandledExceptionFilter 7720F6AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\CCleaner\CCleaner.exe[3228] USER32.dll!SetScrollRange 77548ECD 5 Bytes JMP 00E27D76 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3228] USER32.dll!GetScrollInfo 77552DAB 5 Bytes JMP 00E27CFD C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3228] USER32.dll!SetScrollInfo 775548E2 5 Bytes JMP 00E27DB3 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3228] USER32.dll!GetScrollRange 77570472 3 Bytes JMP 00E27C94 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3228] USER32.dll!GetScrollRange + 4 77570476 1 Byte [89] .text C:\Program Files\CCleaner\CCleaner.exe[3228] USER32.dll!SetScrollPos 775704D6 3 Bytes JMP 00E27C69 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3228] USER32.dll!SetScrollPos + 4 775704DA 1 Byte [89] .text C:\Program Files\CCleaner\CCleaner.exe[3228] USER32.dll!GetScrollPos 77570E5B 3 Bytes JMP 00E27CD2 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3228] USER32.dll!GetScrollPos + 4 77570E5F 1 Byte [89] .text C:\Program Files\CCleaner\CCleaner.exe[3228] USER32.dll!EnableScrollBar 775719E6 5 Bytes JMP 00E27DED C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3228] USER32.dll!ShowScrollBar 77573CA1 5 Bytes JMP 00E27D36 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!LdrUnloadDll 77C1CC26 5 Bytes JMP 000E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!LdrLoadDll 77C22611 5 Bytes JMP 000E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtCreateFile + 6 77C055F2 4 Bytes [28, 7C, AD, 00] {SUB [EBP+EBP*4+0x0], BH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtCreateFile + B 77C055F7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtMapViewOfSection + 6 77C05C52 4 Bytes [28, 7F, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtMapViewOfSection + B 77C05C57 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenFile + 6 77C05D02 4 Bytes [68, 7C, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenFile + B 77C05D07 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenProcess + 6 77C05DB2 4 Bytes [A8, 7D, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenProcess + B 77C05DB7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenProcessToken + 6 77C05DC2 4 Bytes CALL 76C10B44 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenProcessToken + B 77C05DC7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenProcessTokenEx + 6 77C05DD2 4 Bytes [A8, 7E, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenProcessTokenEx + B 77C05DD7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenThread + 6 77C05E32 4 Bytes [68, 7D, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenThread + B 77C05E37 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenThreadToken + 6 77C05E42 4 Bytes [68, 7E, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenThreadToken + B 77C05E47 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenThreadTokenEx + 6 77C05E52 4 Bytes CALL 76C10BD5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenThreadTokenEx + B 77C05E57 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtQueryAttributesFile + 6 77C05F62 4 Bytes [A8, 7C, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtQueryAttributesFile + B 77C05F67 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtQueryFullAttributesFile + 6 77C06012 4 Bytes CALL 76C10D93 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtQueryFullAttributesFile + B 77C06017 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtSetInformationFile + 6 77C06662 4 Bytes [28, 7D, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtSetInformationFile + B 77C06667 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtSetInformationThread + 6 77C066C2 4 Bytes [28, 7E, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtSetInformationThread + B 77C066C7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtUnmapViewOfSection + 6 77C069E2 4 Bytes [68, 7F, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtUnmapViewOfSection + B 77C069E7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!LdrUnloadDll 77C1CC26 5 Bytes JMP 00BD03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!LdrLoadDll 77C22611 5 Bytes JMP 00BD01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtCreateFile + 6 77C055F2 4 Bytes [28, 10, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtCreateFile + B 77C055F7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtMapViewOfSection + 6 77C05C52 4 Bytes [28, 13, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtMapViewOfSection + B 77C05C57 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtOpenFile + 6 77C05D02 4 Bytes [68, 10, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtOpenFile + B 77C05D07 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtOpenProcess + 6 77C05DB2 4 Bytes [A8, 11, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtOpenProcess + B 77C05DB7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtOpenProcessToken + 6 77C05DC2 4 Bytes CALL 76C09DD8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtOpenProcessToken + B 77C05DC7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtOpenProcessTokenEx + 6 77C05DD2 4 Bytes [A8, 12, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtOpenProcessTokenEx + B 77C05DD7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtOpenThread + 6 77C05E32 4 Bytes [68, 11, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtOpenThread + B 77C05E37 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtOpenThreadToken + 6 77C05E42 4 Bytes [68, 12, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtOpenThreadToken + B 77C05E47 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtOpenThreadTokenEx + 6 77C05E52 4 Bytes CALL 76C09E69 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtOpenThreadTokenEx + B 77C05E57 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtQueryAttributesFile + 6 77C05F62 4 Bytes [A8, 10, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtQueryAttributesFile + B 77C05F67 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtQueryFullAttributesFile + 6 77C06012 4 Bytes CALL 76C0A027 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtQueryFullAttributesFile + B 77C06017 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtSetInformationFile + 6 77C06662 4 Bytes [28, 11, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtSetInformationFile + B 77C06667 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtSetInformationThread + 6 77C066C2 4 Bytes [28, 12, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtSetInformationThread + B 77C066C7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtUnmapViewOfSection + 6 77C069E2 4 Bytes [68, 13, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!NtUnmapViewOfSection + B 77C069E7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!LdrUnloadDll 77C1CC26 5 Bytes JMP 005C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4464] ntdll.dll!LdrLoadDll 77C22611 5 Bytes JMP 005C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtCreateFile + 6 77C055F2 4 Bytes [28, 1C, C1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtCreateFile + B 77C055F7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtMapViewOfSection + 6 77C05C52 4 Bytes [28, 1F, C1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtMapViewOfSection + B 77C05C57 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenFile + 6 77C05D02 4 Bytes [68, 1C, C1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenFile + B 77C05D07 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenProcess + 6 77C05DB2 4 Bytes [A8, 1D, C1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenProcess + B 77C05DB7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenProcessToken + 6 77C05DC2 4 Bytes CALL 76C11EE4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenProcessToken + B 77C05DC7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenProcessTokenEx + 6 77C05DD2 4 Bytes [A8, 1E, C1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenProcessTokenEx + B 77C05DD7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenThread + 6 77C05E32 4 Bytes [68, 1D, C1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenThread + B 77C05E37 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenThreadToken + 6 77C05E42 4 Bytes [68, 1E, C1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenThreadToken + B 77C05E47 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenThreadTokenEx + 6 77C05E52 4 Bytes CALL 76C11F75 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenThreadTokenEx + B 77C05E57 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtQueryAttributesFile + 6 77C05F62 4 Bytes [A8, 1C, C1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtQueryAttributesFile + B 77C05F67 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtQueryFullAttributesFile + 6 77C06012 4 Bytes CALL 76C12133 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtQueryFullAttributesFile + B 77C06017 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtSetInformationFile + 6 77C06662 4 Bytes [28, 1D, C1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtSetInformationFile + B 77C06667 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtSetInformationThread + 6 77C066C2 4 Bytes [28, 1E, C1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtSetInformationThread + B 77C066C7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtUnmapViewOfSection + 6 77C069E2 4 Bytes [68, 1F, C1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtUnmapViewOfSection + B 77C069E7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!LdrUnloadDll 77C1CC26 5 Bytes JMP 00DB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!LdrLoadDll 77C22611 5 Bytes JMP 00DB01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!LdrUnloadDll 77C1CC26 5 Bytes JMP 000E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!LdrLoadDll 77C22611 5 Bytes JMP 000E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtCreateFile + 6 77C055F2 4 Bytes [28, 7C, 30, 00] {SUB [EAX+ESI+0x0], BH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtCreateFile + B 77C055F7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtMapViewOfSection + 6 77C05C52 4 Bytes [28, 7F, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtMapViewOfSection + B 77C05C57 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenFile + 6 77C05D02 4 Bytes [68, 7C, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenFile + B 77C05D07 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenProcess + 6 77C05DB2 4 Bytes [A8, 7D, 30, 00] {TEST AL, 0x7d; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenProcess + B 77C05DB7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenProcessToken + 6 77C05DC2 4 Bytes CALL 76C08E44 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenProcessToken + B 77C05DC7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenProcessTokenEx + 6 77C05DD2 4 Bytes [A8, 7E, 30, 00] {TEST AL, 0x7e; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenProcessTokenEx + B 77C05DD7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenThread + 6 77C05E32 4 Bytes [68, 7D, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenThread + B 77C05E37 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenThreadToken + 6 77C05E42 4 Bytes [68, 7E, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenThreadToken + B 77C05E47 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenThreadTokenEx + 6 77C05E52 4 Bytes CALL 76C08ED5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenThreadTokenEx + B 77C05E57 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtQueryAttributesFile + 6 77C05F62 4 Bytes [A8, 7C, 30, 00] {TEST AL, 0x7c; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtQueryAttributesFile + B 77C05F67 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtQueryFullAttributesFile + 6 77C06012 4 Bytes CALL 76C09093 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtQueryFullAttributesFile + B 77C06017 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtSetInformationFile + 6 77C06662 4 Bytes [28, 7D, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtSetInformationFile + B 77C06667 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtSetInformationThread + 6 77C066C2 4 Bytes [28, 7E, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtSetInformationThread + B 77C066C7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtUnmapViewOfSection + 6 77C069E2 4 Bytes [68, 7F, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtUnmapViewOfSection + B 77C069E7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!LdrUnloadDll 77C1CC26 5 Bytes JMP 003C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!LdrLoadDll 77C22611 5 Bytes JMP 003C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtCreateFile + 6 77C055F2 4 Bytes [28, 10, E7, 00] {SUB [EAX], DL; OUT 0x0, EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtCreateFile + B 77C055F7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtMapViewOfSection + 6 77C05C52 4 Bytes [28, 13, E7, 00] {SUB [EBX], DL; OUT 0x0, EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtMapViewOfSection + B 77C05C57 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenFile + 6 77C05D02 4 Bytes [68, 10, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenFile + B 77C05D07 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenProcess + 6 77C05DB2 4 Bytes [A8, 11, E7, 00] {TEST AL, 0x11; OUT 0x0, EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenProcess + B 77C05DB7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenProcessToken + 6 77C05DC2 4 Bytes CALL 76C144D8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenProcessToken + B 77C05DC7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenProcessTokenEx + 6 77C05DD2 4 Bytes [A8, 12, E7, 00] {TEST AL, 0x12; OUT 0x0, EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenProcessTokenEx + B 77C05DD7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenThread + 6 77C05E32 4 Bytes [68, 11, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenThread + B 77C05E37 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenThreadToken + 6 77C05E42 4 Bytes [68, 12, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenThreadToken + B 77C05E47 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenThreadTokenEx + 6 77C05E52 4 Bytes CALL 76C14569 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtOpenThreadTokenEx + B 77C05E57 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtQueryAttributesFile + 6 77C05F62 4 Bytes [A8, 10, E7, 00] {TEST AL, 0x10; OUT 0x0, EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtQueryAttributesFile + B 77C05F67 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtQueryFullAttributesFile + 6 77C06012 4 Bytes CALL 76C14727 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtQueryFullAttributesFile + B 77C06017 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtSetInformationFile + 6 77C06662 4 Bytes [28, 11, E7, 00] {SUB [ECX], DL; OUT 0x0, EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtSetInformationFile + B 77C06667 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtSetInformationThread + 6 77C066C2 4 Bytes [28, 12, E7, 00] {SUB [EDX], DL; OUT 0x0, EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtSetInformationThread + B 77C066C7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtUnmapViewOfSection + 6 77C069E2 4 Bytes [68, 13, E7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!NtUnmapViewOfSection + B 77C069E7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!LdrUnloadDll 77C1CC26 5 Bytes JMP 00EB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5584] ntdll.dll!LdrLoadDll 77C22611 5 Bytes JMP 00EB01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtCreateFile + 6 77C055F2 4 Bytes [28, E0, DE, 00] {SUB AL, AH; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtCreateFile + B 77C055F7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtMapViewOfSection + 6 77C05C52 4 Bytes [28, E3, DE, 00] {SUB BL, AH; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtMapViewOfSection + B 77C05C57 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtOpenFile + 6 77C05D02 4 Bytes [68, E0, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtOpenFile + B 77C05D07 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtOpenProcess + 6 77C05DB2 4 Bytes [A8, E1, DE, 00] {TEST AL, 0xe1; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtOpenProcess + B 77C05DB7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtOpenProcessToken + 6 77C05DC2 4 Bytes CALL 76C13CA8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtOpenProcessToken + B 77C05DC7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtOpenProcessTokenEx + 6 77C05DD2 4 Bytes [A8, E2, DE, 00] {TEST AL, 0xe2; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtOpenProcessTokenEx + B 77C05DD7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtOpenThread + 6 77C05E32 4 Bytes [68, E1, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtOpenThread + B 77C05E37 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtOpenThreadToken + 6 77C05E42 4 Bytes [68, E2, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtOpenThreadToken + B 77C05E47 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtOpenThreadTokenEx + 6 77C05E52 4 Bytes CALL 76C13D39 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtOpenThreadTokenEx + B 77C05E57 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtQueryAttributesFile + 6 77C05F62 4 Bytes [A8, E0, DE, 00] {TEST AL, 0xe0; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtQueryAttributesFile + B 77C05F67 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtQueryFullAttributesFile + 6 77C06012 4 Bytes CALL 76C13EF7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtQueryFullAttributesFile + B 77C06017 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtSetInformationFile + 6 77C06662 4 Bytes [28, E1, DE, 00] {SUB CL, AH; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtSetInformationFile + B 77C06667 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtSetInformationThread + 6 77C066C2 4 Bytes [28, E2, DE, 00] {SUB DL, AH; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtSetInformationThread + B 77C066C7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtUnmapViewOfSection + 6 77C069E2 4 Bytes [68, E3, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!NtUnmapViewOfSection + B 77C069E7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!LdrUnloadDll 77C1CC26 5 Bytes JMP 00FA03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5612] ntdll.dll!LdrLoadDll 77C22611 5 Bytes JMP 00FA01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtCreateFile + 6 77C055F2 4 Bytes [28, 5C, 90, 00] {SUB [EAX+EDX*4+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtCreateFile + B 77C055F7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtMapViewOfSection + 6 77C05C52 4 Bytes [28, 5F, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtMapViewOfSection + B 77C05C57 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenFile + 6 77C05D02 4 Bytes [68, 5C, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenFile + B 77C05D07 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenProcess + 6 77C05DB2 4 Bytes [A8, 5D, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenProcess + B 77C05DB7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenProcessToken + 6 77C05DC2 4 Bytes CALL 76C0EE24 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenProcessToken + B 77C05DC7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenProcessTokenEx + 6 77C05DD2 4 Bytes [A8, 5E, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenProcessTokenEx + B 77C05DD7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenThread + 6 77C05E32 4 Bytes [68, 5D, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenThread + B 77C05E37 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenThreadToken + 6 77C05E42 4 Bytes [68, 5E, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenThreadToken + B 77C05E47 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenThreadTokenEx + 6 77C05E52 4 Bytes CALL 76C0EEB5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtOpenThreadTokenEx + B 77C05E57 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtQueryAttributesFile + 6 77C05F62 4 Bytes [A8, 5C, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtQueryAttributesFile + B 77C05F67 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtQueryFullAttributesFile + 6 77C06012 4 Bytes CALL 76C0F073 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtQueryFullAttributesFile + B 77C06017 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtSetInformationFile + 6 77C06662 4 Bytes [28, 5D, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtSetInformationFile + B 77C06667 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtSetInformationThread + 6 77C066C2 4 Bytes [28, 5E, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtSetInformationThread + B 77C066C7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtUnmapViewOfSection + 6 77C069E2 4 Bytes [68, 5F, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!NtUnmapViewOfSection + B 77C069E7 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!LdrUnloadDll 77C1CC26 5 Bytes JMP 009503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[6056] ntdll.dll!LdrLoadDll 77C22611 5 Bytes JMP 009501F8 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74625635] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.19061_none_72d6d48d86649709\gdiplus.dll IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746256F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.19061_none_72d6d48d86649709\gdiplus.dll IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746424A2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.19061_none_72d6d48d86649709\gdiplus.dll IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7464251D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.19061_none_72d6d48d86649709\gdiplus.dll IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74638581] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.19061_none_72d6d48d86649709\gdiplus.dll IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74634D35] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.19061_none_72d6d48d86649709\gdiplus.dll IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746350DC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.19061_none_72d6d48d86649709\gdiplus.dll IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746351B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.19061_none_72d6d48d86649709\gdiplus.dll IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746366DE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.19061_none_72d6d48d86649709\gdiplus.dll IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746382D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.19061_none_72d6d48d86649709\gdiplus.dll IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74638827] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.19061_none_72d6d48d86649709\gdiplus.dll IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74639088] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.19061_none_72d6d48d86649709\gdiplus.dll IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7463E22B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.19061_none_72d6d48d86649709\gdiplus.dll IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74634C67] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.19061_none_72d6d48d86649709\gdiplus.dll ---- Devices - GMER 2.2 ---- Device \FileSystem\Ntfs \Ntfs 85CF51F8 Device \FileSystem\fastfat \FatCdrom 8B509440 Device \Driver\NetBT \Device\NetBT_Tcpip_{784F966A-0010-44FD-9DCF-45BA60FF7EED} 86EEF1F8 Device \Driver\usbohci \Device\USBPDO-0 870831F8 Device \Driver\usbehci \Device\USBPDO-1 870841F8 Device \Driver\usbohci \Device\USBPDO-2 870831F8 Device \Driver\usbehci \Device\USBPDO-3 870841F8 Device \Driver\PCI_PNP0848 \Device\00000057 sptd.sys Device \Driver\cdrom \Device\CdRom0 86F241F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85CF11F8 Device \Driver\atapi \Device\Ide\IdePort0 85CF11F8 Device \Driver\atapi \Device\Ide\IdePort1 85CF11F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 85CF11F8 Device \Driver\msahci \Device\Ide\PciIde0Channel0 85CF21F8 Device \Driver\msahci \Device\Ide\PciIde0Channel1 85CF21F8 Device \Driver\cdrom \Device\CdRom1 86F241F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 86EEF1F8 Device \Driver\usbohci \Device\USBFDO-0 870831F8 Device \Driver\usbehci \Device\USBFDO-1 870841F8 Device \Driver\usbohci \Device\USBFDO-2 870831F8 Device \Driver\usbehci \Device\USBFDO-3 870841F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{7B82BBB1-8E80-4A46-BB60-DE3DCBDC3E2F} 86EEF1F8 Device \Driver\aquukn11 \Device\Scsi\aquukn111Port2Path0Target0Lun0 871E71F8 Device \Driver\aquukn11 \Device\Scsi\aquukn111 871E71F8 Device \FileSystem\fastfat \Fat 8B509440 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Trace I/O - GMER 2.2 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85cf11f8]<< 85cf11f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ba32e0] 86ba32e0 Trace 3 CLASSPNP.SYS[8d13659e] -> nt!IofCallDriver -> [0x86aba918] 86aba918 Trace 5 ACPI.sys[8c8e23d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86a96030] 86a96030 Trace \Driver\atapi[0x86a73a38] -> IRP_MJ_CREATE -> 0x85cf11f8 85cf11f8 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x79 0x2F 0x94 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x89 0xF1 0x33 0x74 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8D 0xCD 0x74 0xBC ... Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7B82BBB1-8E80-4A46-BB60-DE3DCBDC3E2F}@LeaseObtainedTime 1459868729 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7B82BBB1-8E80-4A46-BB60-DE3DCBDC3E2F}@T1 1459870529 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7B82BBB1-8E80-4A46-BB60-DE3DCBDC3E2F}@T2 1459871879 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7B82BBB1-8E80-4A46-BB60-DE3DCBDC3E2F}@LeaseTerminatesTime 1459872329 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x79 0x2F 0x94 0x56 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x89 0xF1 0x33 0x74 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8D 0xCD 0x74 0xBC ... Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.6.7601.19161_186f1b195aade7756c6e665199a8a9f3daec1f2_cab_06b7af8e Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers@AliveServerCount 4 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\0A8B3C43-C587-40BD-BFA6-EA962B2403F0@UDN uuid:0a8b3c43-c587-40bd-bfa6-ea962b2403f0 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\0A8B3C43-C587-40BD-BFA6-EA962B2403F0@SerialNumber {416464C1-3C16-4DB5-A77D-AA0A14652010} Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\0A8B3C43-C587-40BD-BFA6-EA962B2403F0@FriendlyName ALEKSANDRA-VAIO: Aleksandra: Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\0A8B3C43-C587-40BD-BFA6-EA962B2403F0@ModelName Windows Media Player Sharing Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\0A8B3C43-C587-40BD-BFA6-EA962B2403F0@ModelNumber 12.0 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\0A8B3C43-C587-40BD-BFA6-EA962B2403F0@ModelURL http://go.microsoft.com/fwlink/?LinkId=105926 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\0A8B3C43-C587-40BD-BFA6-EA962B2403F0@ManufacturerURL http://www.microsoft.com/ Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\0A8B3C43-C587-40BD-BFA6-EA962B2403F0@Manufacturer Microsoft Corporation Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\0A8B3C43-C587-40BD-BFA6-EA962B2403F0@NetworkInterface {7B82BBB1-8E80-4A46-BB60-DE3DCBDC3E2F} Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\0A8B3C43-C587-40BD-BFA6-EA962B2403F0@NetworkID {0551B01C-3887-4152-BCB0-C2731AAAD07D} Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\0A8B3C43-C587-40BD-BFA6-EA962B2403F0@NetworkIPCount 2 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\0A8B3C43-C587-40BD-BFA6-EA962B2403F0@RemoteURLCount 0 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\0A8B3C43-C587-40BD-BFA6-EA962B2403F0@IPAddress fe80::95c7:e52e:3937:9a9f Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\0A8B3C43-C587-40BD-BFA6-EA962B2403F0@Alive 1 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\0A8B3C43-C587-40BD-BFA6-EA962B2403F0@IconFileName C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\Icon Files\0a8b3c43-c587-40bd-bfa6-ea962b2403f0.png Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\0A8B3C43-C587-40BD-BFA6-EA962B2403F0@NetworkIP0 fe80::%11/64 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\0A8B3C43-C587-40BD-BFA6-EA962B2403F0@NetworkIP1 192.168.0.0/24 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\3FFF0BF6-D473-415E-B1B9-05FA45CD72B0@UDN uuid:3fff0bf6-d473-415e-b1b9-05fa45cd72b0 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\3FFF0BF6-D473-415E-B1B9-05FA45CD72B0@SerialNumber {C01A31D1-8752-49ED-84CF-D354AA447D49} Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\3FFF0BF6-D473-415E-B1B9-05FA45CD72B0@FriendlyName ALEKSANDRA-VAIO: Olik: Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\3FFF0BF6-D473-415E-B1B9-05FA45CD72B0@ModelName Windows Media Player Sharing Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\3FFF0BF6-D473-415E-B1B9-05FA45CD72B0@ModelNumber 12.0 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\3FFF0BF6-D473-415E-B1B9-05FA45CD72B0@ModelURL http://go.microsoft.com/fwlink/?LinkId=105926 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\3FFF0BF6-D473-415E-B1B9-05FA45CD72B0@ManufacturerURL http://www.microsoft.com/ Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\3FFF0BF6-D473-415E-B1B9-05FA45CD72B0@Manufacturer Microsoft Corporation Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\3FFF0BF6-D473-415E-B1B9-05FA45CD72B0@NetworkInterface {7B82BBB1-8E80-4A46-BB60-DE3DCBDC3E2F} Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\3FFF0BF6-D473-415E-B1B9-05FA45CD72B0@NetworkID {0551B01C-3887-4152-BCB0-C2731AAAD07D} Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\3FFF0BF6-D473-415E-B1B9-05FA45CD72B0@NetworkIPCount 2 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\3FFF0BF6-D473-415E-B1B9-05FA45CD72B0@RemoteURLCount 0 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\3FFF0BF6-D473-415E-B1B9-05FA45CD72B0@IPAddress fe80::95c7:e52e:3937:9a9f Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\3FFF0BF6-D473-415E-B1B9-05FA45CD72B0@Alive 1 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\3FFF0BF6-D473-415E-B1B9-05FA45CD72B0@IconFileName C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\Icon Files\3fff0bf6-d473-415e-b1b9-05fa45cd72b0.png Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\3FFF0BF6-D473-415E-B1B9-05FA45CD72B0@NetworkIP0 fe80::%11/64 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\3FFF0BF6-D473-415E-B1B9-05FA45CD72B0@NetworkIP1 192.168.0.0/24 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\55C720F3-030D-47B5-8CE0-8D67FB5E18C9@UDN uuid:55c720f3-030d-47b5-8ce0-8d67fb5e18c9 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\55C720F3-030D-47B5-8CE0-8D67FB5E18C9@SerialNumber {65A0B4AC-A13A-4027-88B9-CD709C9E2E27} Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\55C720F3-030D-47B5-8CE0-8D67FB5E18C9@FriendlyName ALEKSANDRA-VAIO: Go??: Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\55C720F3-030D-47B5-8CE0-8D67FB5E18C9@ModelName Windows Media Player Sharing Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\55C720F3-030D-47B5-8CE0-8D67FB5E18C9@ModelNumber 12.0 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\55C720F3-030D-47B5-8CE0-8D67FB5E18C9@ModelURL http://go.microsoft.com/fwlink/?LinkId=105926 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\55C720F3-030D-47B5-8CE0-8D67FB5E18C9@ManufacturerURL http://www.microsoft.com/ Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\55C720F3-030D-47B5-8CE0-8D67FB5E18C9@Manufacturer Microsoft Corporation Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\55C720F3-030D-47B5-8CE0-8D67FB5E18C9@NetworkInterface {7B82BBB1-8E80-4A46-BB60-DE3DCBDC3E2F} Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\55C720F3-030D-47B5-8CE0-8D67FB5E18C9@NetworkID {0551B01C-3887-4152-BCB0-C2731AAAD07D} Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\55C720F3-030D-47B5-8CE0-8D67FB5E18C9@NetworkIPCount 2 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\55C720F3-030D-47B5-8CE0-8D67FB5E18C9@RemoteURLCount 0 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\55C720F3-030D-47B5-8CE0-8D67FB5E18C9@IPAddress fe80::95c7:e52e:3937:9a9f Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\55C720F3-030D-47B5-8CE0-8D67FB5E18C9@Alive 1 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\55C720F3-030D-47B5-8CE0-8D67FB5E18C9@IconFileName C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\Icon Files\55c720f3-030d-47b5-8ce0-8d67fb5e18c9.png Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\55C720F3-030D-47B5-8CE0-8D67FB5E18C9@NetworkIP0 fe80::%11/64 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\55C720F3-030D-47B5-8CE0-8D67FB5E18C9@NetworkIP1 192.168.0.0/24 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@1F519B4B 183 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1294460222-3170352447-1002595209-1000@RefCount 4 ---- EOF - GMER 2.2 ----