GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-07-26 09:50:54 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS725032A9A364 rev.PC3OC72E 298,09GB Running: m8on87tl.exe; Driver: C:\Users\HP\AppData\Local\Temp\uwrdqpow.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[2004] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073391a22 2 bytes [39, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2004] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073391ad0 2 bytes [39, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2004] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073391b08 2 bytes [39, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2004] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073391bba 2 bytes [39, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2004] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073391bda 2 bytes [39, 73] .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2252] C:\Windows\syswow64\kernel32.dll!CreateThread + 28 0000000076091ec4 4 bytes {CALL 0xffffffff8b21ac31} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764c1465 2 bytes [4C, 76] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764c14bb 2 bytes [4C, 76] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772bf930 14 bytes {MOV RAX, 0x7fef9c230f0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000772bf780 7 bytes [48, B8, F0, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772bf788 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000772bf8f0 7 bytes [48, B8, 48, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000772bf8f8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772bf910 7 bytes [48, B8, C4, BE, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000772bf918 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000772bf920 7 bytes [48, B8, C4, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000772bf928 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772bf930 7 bytes [48, B8, D0, BD, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000772bf938 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000772bf950 7 bytes [48, B8, 14, C0, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772bf958 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000772bf9a0 7 bytes [48, B8, 6C, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000772bf9a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000772bf9b0 7 bytes [48, B8, 00, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000772bf9b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000772bf9e0 7 bytes [48, B8, 54, BE, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000772bf9e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000772bfa80 7 bytes [48, B8, 9C, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772bfa88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000772bfc00 7 bytes [48, B8, 18, BD, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772bfc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000772c0670 7 bytes {ADD [RAX-0x48], CL; CALL 0x14003c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772c0678 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772c06c0 7 bytes [48, B8, 24, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000772c06c8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000772c0810 7 bytes [48, B8, B0, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000772c0818 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000772bf780 7 bytes [48, B8, F0, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772bf788 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000772bf8f0 7 bytes [48, B8, 48, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000772bf8f8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772bf910 7 bytes [48, B8, C4, BE, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000772bf918 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000772bf920 7 bytes [48, B8, C4, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000772bf928 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772bf930 7 bytes [48, B8, D0, BD, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000772bf938 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000772bf950 7 bytes [48, B8, 14, C0, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772bf958 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000772bf9a0 7 bytes [48, B8, 6C, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000772bf9a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000772bf9b0 7 bytes [48, B8, 00, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000772bf9b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000772bf9e0 7 bytes [48, B8, 54, BE, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000772bf9e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000772bfa80 7 bytes [48, B8, 9C, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772bfa88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000772bfc00 7 bytes [48, B8, 18, BD, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772bfc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000772c0670 7 bytes {ADD [RAX-0x48], CL; CALL 0x14003c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772c0678 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772c06c0 7 bytes [48, B8, 24, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000772c06c8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000772c0810 7 bytes [48, B8, B0, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000772c0818 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000772bf780 7 bytes [48, B8, F0, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772bf788 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000772bf8f0 7 bytes [48, B8, 48, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000772bf8f8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772bf910 7 bytes [48, B8, C4, BE, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000772bf918 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000772bf920 7 bytes [48, B8, C4, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000772bf928 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772bf930 7 bytes [48, B8, D0, BD, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000772bf938 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000772bf950 7 bytes [48, B8, 14, C0, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772bf958 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000772bf9a0 7 bytes [48, B8, 6C, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000772bf9a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000772bf9b0 7 bytes [48, B8, 00, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000772bf9b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000772bf9e0 7 bytes [48, B8, 54, BE, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000772bf9e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000772bfa80 7 bytes [48, B8, 9C, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772bfa88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000772bfc00 7 bytes [48, B8, 18, BD, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772bfc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000772c0670 7 bytes {ADD [RAX-0x48], CL; CALL 0x14003c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772c0678 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772c06c0 7 bytes [48, B8, 24, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000772c06c8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000772c0810 7 bytes [48, B8, B0, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000772c0818 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000772bf780 7 bytes [48, B8, F0, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772bf788 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000772bf8f0 7 bytes [48, B8, 48, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000772bf8f8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772bf910 7 bytes [48, B8, C4, BE, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000772bf918 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000772bf920 7 bytes [48, B8, C4, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000772bf928 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772bf930 7 bytes [48, B8, D0, BD, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000772bf938 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000772bf950 7 bytes [48, B8, 14, C0, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772bf958 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000772bf9a0 7 bytes [48, B8, 6C, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000772bf9a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000772bf9b0 7 bytes [48, B8, 00, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000772bf9b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000772bf9e0 7 bytes [48, B8, 54, BE, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000772bf9e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000772bfa80 7 bytes [48, B8, 9C, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772bfa88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000772bfc00 7 bytes [48, B8, 18, BD, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772bfc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000772c0670 7 bytes {ADD [RAX-0x48], CL; CALL 0x14003c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772c0678 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772c06c0 7 bytes [48, B8, 24, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000772c06c8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000772c0810 7 bytes [48, B8, B0, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000772c0818 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000772bf780 7 bytes [48, B8, F0, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772bf788 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000772bf8f0 7 bytes [48, B8, 48, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000772bf8f8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772bf910 7 bytes [48, B8, C4, BE, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000772bf918 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000772bf920 7 bytes [48, B8, C4, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000772bf928 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772bf930 7 bytes [48, B8, D0, BD, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000772bf938 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000772bf950 7 bytes [48, B8, 14, C0, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772bf958 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000772bf9a0 7 bytes [48, B8, 6C, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000772bf9a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000772bf9b0 7 bytes [48, B8, 00, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000772bf9b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000772bf9e0 7 bytes [48, B8, 54, BE, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000772bf9e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000772bfa80 7 bytes [48, B8, 9C, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772bfa88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000772bfc00 7 bytes [48, B8, 18, BD, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772bfc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000772c0670 7 bytes {ADD [RAX-0x48], CL; CALL 0x14003c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772c0678 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772c06c0 7 bytes [48, B8, 24, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000772c06c8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000772c0810 7 bytes [48, B8, B0, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000772c0818 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000772bf780 7 bytes [48, B8, F0, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772bf788 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000772bf8f0 7 bytes [48, B8, 48, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000772bf8f8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772bf910 7 bytes [48, B8, C4, BE, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000772bf918 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000772bf920 7 bytes [48, B8, C4, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000772bf928 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772bf930 7 bytes [48, B8, D0, BD, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000772bf938 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000772bf950 7 bytes [48, B8, 14, C0, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772bf958 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000772bf9a0 7 bytes [48, B8, 6C, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000772bf9a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000772bf9b0 7 bytes [48, B8, 00, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000772bf9b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000772bf9e0 7 bytes [48, B8, 54, BE, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000772bf9e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000772bfa80 7 bytes [48, B8, 9C, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772bfa88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000772bfc00 7 bytes [48, B8, 18, BD, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772bfc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000772c0670 7 bytes {ADD [RAX-0x48], CL; CALL 0x14003c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772c0678 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772c06c0 7 bytes [48, B8, 24, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000772c06c8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000772c0810 7 bytes [48, B8, B0, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000772c0818 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000772bf780 7 bytes [48, B8, F0, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772bf788 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000772bf8f0 7 bytes [48, B8, 48, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000772bf8f8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772bf910 7 bytes [48, B8, C4, BE, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000772bf918 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000772bf920 7 bytes [48, B8, C4, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000772bf928 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772bf930 7 bytes [48, B8, D0, BD, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000772bf938 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000772bf950 7 bytes [48, B8, 14, C0, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772bf958 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000772bf9a0 7 bytes [48, B8, 6C, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000772bf9a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000772bf9b0 7 bytes [48, B8, 00, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000772bf9b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000772bf9e0 7 bytes [48, B8, 54, BE, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000772bf9e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000772bfa80 7 bytes [48, B8, 9C, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772bfa88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000772bfc00 7 bytes [48, B8, 18, BD, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772bfc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000772c0670 7 bytes {ADD [RAX-0x48], CL; CALL 0x14003c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772c0678 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772c06c0 7 bytes [48, B8, 24, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000772c06c8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000772c0810 7 bytes [48, B8, B0, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000772c0818 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000772bf780 7 bytes [48, B8, F0, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772bf788 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000772bf8f0 7 bytes [48, B8, 48, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000772bf8f8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772bf910 7 bytes [48, B8, C4, BE, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000772bf918 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000772bf920 7 bytes [48, B8, C4, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000772bf928 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772bf930 7 bytes [48, B8, D0, BD, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000772bf938 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000772bf950 7 bytes [48, B8, 14, C0, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772bf958 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000772bf9a0 7 bytes [48, B8, 6C, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000772bf9a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000772bf9b0 7 bytes [48, B8, 00, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000772bf9b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000772bf9e0 7 bytes [48, B8, 54, BE, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000772bf9e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000772bfa80 7 bytes [48, B8, 9C, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772bfa88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000772bfc00 7 bytes [48, B8, 18, BD, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000772bfc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000772c0670 7 bytes {ADD [RAX-0x48], CL; CALL 0x14003c6} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772c0678 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772c06c0 7 bytes [48, B8, 24, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000772c06c8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000772c0810 7 bytes [48, B8, B0, BF, 03, 40, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000772c0818 6 bytes {ADD [RAX], AL; JMP RAX} ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800106be94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800106bc38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800106c614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800106ca10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800106c86c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee8c1a630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee8c1aee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee8c1b31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee8c1aef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2344] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee8c1aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee8c1a630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee8c1aee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee8c1b31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee8c1aef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3044] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee8c1aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee8c1a630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee8c1aee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee8c1b31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee8c1aef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee8c1aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee8c1a630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee8c1aee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee8c1b31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee8c1aef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4632] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee8c1aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee8c1a630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee8c1aee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee8c1b31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee8c1aef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4376] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee8c1aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee8c1a630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee8c1aee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee8c1b31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee8c1aef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee8c1aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee8c1a630] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee8c1aee0] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee8c1b31c] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee8c1aef8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1700] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee8c1aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll ---- Devices - GMER 2.2 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80024972c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80024972c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80024972c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa80024972c0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa80024972c0 Device \FileSystem\Ntfs \Ntfs fffffa8002e162c0 Device \FileSystem\fastfat \Fat fffffa8003bcd2c0 Device \Driver\usbehci \Device\USBPDO-5 fffffa8003b1c2c0 Device \Driver\usbohci \Device\USBFDO-3 fffffa8003b192c0 Device \Driver\usbohci \Device\USBPDO-1 fffffa8003b192c0 Device \Driver\cdrom \Device\CdRom0 fffffa80037de2c0 Device \Driver\cdrom \Device\CdRom1 fffffa80037de2c0 Device \Driver\usbohci \Device\USBFDO-4 fffffa8003b192c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa8003b192c0 Device \Driver\usbehci \Device\USBPDO-2 fffffa8003b1c2c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa80037fe2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{316E7B86-D6CA-4CA2-A0D8-785B753B848E} fffffa80039312c0 Device \Driver\dtsoftbus01 \Device\00000095 fffffa80037fe2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{8732D14C-78C7-4559-ABA1-6E838480810F} fffffa80039312c0 Device \Driver\usbehci \Device\USBFDO-5 fffffa8003b1c2c0 Device \Driver\usbohci \Device\USBPDO-3 fffffa8003b192c0 Device \Driver\usbohci \Device\USBFDO-1 fffffa8003b192c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80039312c0 Device \Driver\usbohci \Device\USBPDO-4 fffffa8003b192c0 Device \Driver\usbehci \Device\USBFDO-2 fffffa8003b1c2c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80024972c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa8003b192c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80024972c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80024972c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{FE7EA34F-25CD-458B-BD56-79FA387D9A5D} fffffa80039312c0 ---- Trace I/O - GMER 2.2 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys >>UNKNOWN [0xfffffa80024972c0]<< sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys fffffa80024972c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80034ab060] fffffa80034ab060 Trace 3 CLASSPNP.SYS[fffff88000dbf43f] -> nt!IofCallDriver -> [0xfffffa80034aa040] fffffa80034aa040 Trace 5 hpdskflt.sys[fffff88001fdc289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800343f620] fffffa800343f620 Trace \Driver\atapi[0xfffffa8002eb7480] -> IRP_MJ_CREATE -> 0xfffffa80024972c0 fffffa80024972c0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application@Sources MSDMine?STacSV?DfSdk Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x42 0x70 0x95 0x9D ... Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FE7EA34F-25CD-458B-BD56-79FA387D9A5D}@LeaseObtainedTime 1469518287 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FE7EA34F-25CD-458B-BD56-79FA387D9A5D}@T1 1469518564 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FE7EA34F-25CD-458B-BD56-79FA387D9A5D}@T2 1469518789 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FE7EA34F-25CD-458B-BD56-79FA387D9A5D}@LeaseTerminatesTime 1469518887 Reg HKLM\SYSTEM\ControlSet002\services\eventlog\Application@Sources MSDMine?STacSV?DfSdk Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x42 0x70 0x95 0x9D ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----