GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-11-03 14:59:43 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD2500JS-00NCB1 rev.10.02E02 232,89GB Running: n289d8wh.exe; Driver: C:\Users\Jakub\AppData\Local\Temp\uwddykod.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x89B18B10] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x89B195EE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x89B255E0] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x89B2562C] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x89B257C6] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x89B2554E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSection [0x89B25670] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x89B25596] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThread [0x89B19B24] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x89B19D40] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x89B25780] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x89B1A3DC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x89B18B76] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x89B1DB58] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x89B1875E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x89B18BDC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x89B1DF4E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x89B1AE6C] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x89B2560A] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x89B2564E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x89B257EA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x89B25574] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x89B1D452] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSection [0x89B256FE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x89B255BE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenThread [0x89B1D83A] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x89B257A4] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8F95B0CC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueryObject [0x89B1AD38] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x89B1AA46] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x89B18C42] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x89B18CA8] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwSetContextThread [0x8F95B316] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x89B187F8] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x89B189CE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x89B1895C] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x89B1A5A6] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x89B1A708] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x89B18A56] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwTerminateProcess [0x8F95B194] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x89B1A236] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwVdmControl [0x89B18D0E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x89B1964A] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwRollbackEnlistment + 1409 8284F9A5 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8286F512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 1393 82876988 2 Bytes [10, 8B] .text ntoskrnl.exe!KeRemoveQueueEx + 1396 8287698B 1 Byte [89] .text ntoskrnl.exe!KeRemoveQueueEx + 141B 82876A10 4 Bytes [EE, 95, B1, 89] {OUT DX, AL; XCHG EBP, EAX; MOV CL, 0x89} .text ntoskrnl.exe!KeRemoveQueueEx + 146F 82876A64 8 Bytes [E0, 55, B2, 89, 2C, 56, B2, ...] {LOOPNZ 0x57; MOV DL, 0x89; SUB AL, 0x56; MOV DL, 0x89} .text ntoskrnl.exe!KeRemoveQueueEx + 147B 82876A70 4 Bytes [C6, 57, B2, 89] .text ... ---- User code sections - GMER 2.1 ---- .text C:\Windows\RtHDVCpl.exe[112] kernel32.dll!GetBinaryTypeW + 70 752A69E4 1 Byte [62] .text C:\Windows\system32\Dwm.exe[312] kernel32.dll!GetBinaryTypeW + 70 752A69E4 1 Byte [62] .text C:\Windows\system32\csrss.exe[436] kernel32.dll!GetBinaryTypeW + 70 752A69E4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[448] kernel32.dll!GetBinaryTypeW + 70 752A69E4 1 Byte [62] .text C:\Windows\system32\wininit.exe[500] kernel32.dll!GetBinaryTypeW + 70 752A69E4 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!LdrUnloadDll 76EFC8DE 5 Bytes JMP 000E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!LdrLoadDll 76F022AE 5 Bytes JMP 000E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2364] KERNEL32.dll!GetBinaryTypeW + 70 752A69E4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtCreateFile + 6 76EE560E 4 Bytes [28, B8, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtCreateFile + B 76EE5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtMapViewOfSection + 6 76EE5C6E 4 Bytes [28, BB, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtMapViewOfSection + B 76EE5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenFile + 6 76EE5D1E 4 Bytes [68, B8, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenFile + B 76EE5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenProcess + 6 76EE5DCE 4 Bytes [A8, B9, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenProcess + B 76EE5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenProcessToken + 6 76EE5DDE 4 Bytes CALL 75EECC9C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenProcessToken + B 76EE5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenProcessTokenEx + 6 76EE5DEE 4 Bytes [A8, BA, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenProcessTokenEx + B 76EE5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenThread + 6 76EE5E4E 4 Bytes [68, B9, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenThread + B 76EE5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenThreadToken + 6 76EE5E5E 4 Bytes [68, BA, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenThreadToken + B 76EE5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenThreadTokenEx + 6 76EE5E6E 4 Bytes CALL 75EECD2D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenThreadTokenEx + B 76EE5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtQueryAttributesFile + 6 76EE5F7E 4 Bytes [A8, B8, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtQueryAttributesFile + B 76EE5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtQueryFullAttributesFile + 6 76EE602E 4 Bytes CALL 75EECEEB C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtQueryFullAttributesFile + B 76EE6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtSetInformationFile + 6 76EE667E 4 Bytes [28, B9, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtSetInformationFile + B 76EE6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtSetInformationThread + 6 76EE66DE 4 Bytes [28, BA, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtSetInformationThread + B 76EE66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtUnmapViewOfSection + 6 76EE69FE 4 Bytes [68, BB, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtUnmapViewOfSection + B 76EE6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!LdrUnloadDll 76EFC8DE 5 Bytes JMP 007303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!LdrLoadDll 76F022AE 5 Bytes JMP 007301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] KERNEL32.dll!GetBinaryTypeW + 70 752A69E4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtCreateFile + 6 76EE560E 4 Bytes [28, 98, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtCreateFile + B 76EE5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtMapViewOfSection + 6 76EE5C6E 4 Bytes [28, 9B, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtMapViewOfSection + B 76EE5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenFile + 6 76EE5D1E 4 Bytes [68, 98, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenFile + B 76EE5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenProcess + 6 76EE5DCE 4 Bytes [A8, 99, 20, 00] {TEST AL, 0x99; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenProcess + B 76EE5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenProcessToken + 6 76EE5DDE 4 Bytes CALL 75EE7E7C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenProcessToken + B 76EE5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenProcessTokenEx + 6 76EE5DEE 4 Bytes [A8, 9A, 20, 00] {TEST AL, 0x9a; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenProcessTokenEx + B 76EE5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenThread + 6 76EE5E4E 4 Bytes [68, 99, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenThread + B 76EE5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenThreadToken + 6 76EE5E5E 4 Bytes [68, 9A, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenThreadToken + B 76EE5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenThreadTokenEx + 6 76EE5E6E 4 Bytes CALL 75EE7F0D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenThreadTokenEx + B 76EE5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtQueryAttributesFile + 6 76EE5F7E 4 Bytes [A8, 98, 20, 00] {TEST AL, 0x98; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtQueryAttributesFile + B 76EE5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtQueryFullAttributesFile + 6 76EE602E 4 Bytes CALL 75EE80CB C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtQueryFullAttributesFile + B 76EE6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtSetInformationFile + 6 76EE667E 4 Bytes [28, 99, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtSetInformationFile + B 76EE6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtSetInformationThread + 6 76EE66DE 4 Bytes [28, 9A, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtSetInformationThread + B 76EE66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtUnmapViewOfSection + 6 76EE69FE 4 Bytes [68, 9B, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtUnmapViewOfSection + B 76EE6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!LdrUnloadDll 76EFC8DE 5 Bytes JMP 003D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!LdrLoadDll 76F022AE 5 Bytes JMP 003D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] KERNEL32.dll!GetBinaryTypeW + 70 752A69E4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtCreateFile + 6 76EE560E 4 Bytes [28, 80, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtCreateFile + B 76EE5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtMapViewOfSection + 6 76EE5C6E 4 Bytes [28, 83, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtMapViewOfSection + B 76EE5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenFile + 6 76EE5D1E 4 Bytes [68, 80, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenFile + B 76EE5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenProcess + 6 76EE5DCE 4 Bytes [A8, 81, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenProcess + B 76EE5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenProcessToken + 6 76EE5DDE 4 Bytes CALL 75EEA464 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenProcessToken + B 76EE5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenProcessTokenEx + 6 76EE5DEE 4 Bytes [A8, 82, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenProcessTokenEx + B 76EE5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenThread + 6 76EE5E4E 4 Bytes [68, 81, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenThread + B 76EE5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenThreadToken + 6 76EE5E5E 4 Bytes [68, 82, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenThreadToken + B 76EE5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenThreadTokenEx + 6 76EE5E6E 4 Bytes CALL 75EEA4F5 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenThreadTokenEx + B 76EE5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtQueryAttributesFile + 6 76EE5F7E 4 Bytes [A8, 80, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtQueryAttributesFile + B 76EE5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtQueryFullAttributesFile + 6 76EE602E 4 Bytes CALL 75EEA6B3 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtQueryFullAttributesFile + B 76EE6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtSetInformationFile + 6 76EE667E 4 Bytes [28, 81, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtSetInformationFile + B 76EE6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtSetInformationThread + 6 76EE66DE 4 Bytes [28, 82, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtSetInformationThread + B 76EE66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtUnmapViewOfSection + 6 76EE69FE 4 Bytes [68, 83, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtUnmapViewOfSection + B 76EE6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!LdrUnloadDll 76EFC8DE 5 Bytes JMP 005703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!LdrLoadDll 76F022AE 5 Bytes JMP 005701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] KERNEL32.dll!GetBinaryTypeW + 70 752A69E4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtCreateFile + 6 76EE560E 4 Bytes [28, 54, 76, 00] {SUB [ESI+ESI*2+0x0], DL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtCreateFile + B 76EE5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtMapViewOfSection + 6 76EE5C6E 4 Bytes [28, 57, 76, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtMapViewOfSection + B 76EE5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenFile + 6 76EE5D1E 4 Bytes [68, 54, 76, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenFile + B 76EE5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenProcess + 6 76EE5DCE 4 Bytes [A8, 55, 76, 00] {TEST AL, 0x55; JBE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenProcess + B 76EE5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenProcessToken + 6 76EE5DDE 4 Bytes CALL 75EED438 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenProcessToken + B 76EE5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenProcessTokenEx + 6 76EE5DEE 4 Bytes [A8, 56, 76, 00] {TEST AL, 0x56; JBE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenProcessTokenEx + B 76EE5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenThread + 6 76EE5E4E 4 Bytes [68, 55, 76, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenThread + B 76EE5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenThreadToken + 6 76EE5E5E 4 Bytes [68, 56, 76, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenThreadToken + B 76EE5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenThreadTokenEx + 6 76EE5E6E 4 Bytes CALL 75EED4C9 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtOpenThreadTokenEx + B 76EE5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtQueryAttributesFile + 6 76EE5F7E 4 Bytes [A8, 54, 76, 00] {TEST AL, 0x54; JBE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtQueryAttributesFile + B 76EE5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtQueryFullAttributesFile + 6 76EE602E 4 Bytes CALL 75EED687 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtQueryFullAttributesFile + B 76EE6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtSetInformationFile + 6 76EE667E 4 Bytes [28, 55, 76, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtSetInformationFile + B 76EE6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtSetInformationThread + 6 76EE66DE 4 Bytes [28, 56, 76, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtSetInformationThread + B 76EE66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtUnmapViewOfSection + 6 76EE69FE 4 Bytes [68, 57, 76, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!NtUnmapViewOfSection + B 76EE6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!LdrUnloadDll 76EFC8DE 5 Bytes JMP 008303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] ntdll.dll!LdrLoadDll 76F022AE 5 Bytes JMP 008301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2636] KERNEL32.dll!GetBinaryTypeW + 70 752A69E4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtCreateFile + 6 76EE560E 4 Bytes [28, 40, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtCreateFile + B 76EE5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtMapViewOfSection + 6 76EE5C6E 4 Bytes [28, 43, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtMapViewOfSection + B 76EE5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenFile + 6 76EE5D1E 4 Bytes [68, 40, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenFile + B 76EE5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenProcess + 6 76EE5DCE 4 Bytes [A8, 41, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenProcess + B 76EE5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenProcessToken + 6 76EE5DDE 4 Bytes CALL 75EEF624 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenProcessToken + B 76EE5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenProcessTokenEx + 6 76EE5DEE 4 Bytes [A8, 42, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenProcessTokenEx + B 76EE5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenThread + 6 76EE5E4E 4 Bytes [68, 41, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenThread + B 76EE5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenThreadToken + 6 76EE5E5E 4 Bytes [68, 42, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenThreadToken + B 76EE5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenThreadTokenEx + 6 76EE5E6E 4 Bytes CALL 75EEF6B5 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenThreadTokenEx + B 76EE5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtQueryAttributesFile + 6 76EE5F7E 4 Bytes [A8, 40, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtQueryAttributesFile + B 76EE5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtQueryFullAttributesFile + 6 76EE602E 4 Bytes CALL 75EEF873 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtQueryFullAttributesFile + B 76EE6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtSetInformationFile + 6 76EE667E 4 Bytes [28, 41, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtSetInformationFile + B 76EE6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtSetInformationThread + 6 76EE66DE 4 Bytes [28, 42, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtSetInformationThread + B 76EE66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtUnmapViewOfSection + 6 76EE69FE 4 Bytes [68, 43, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtUnmapViewOfSection + B 76EE6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!LdrUnloadDll 76EFC8DE 5 Bytes JMP 00A503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!LdrLoadDll 76F022AE 5 Bytes JMP 00A501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] KERNEL32.dll!GetBinaryTypeW + 70 752A69E4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtCreateFile + 6 76EE560E 4 Bytes [28, 20, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtCreateFile + B 76EE5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtMapViewOfSection + 6 76EE5C6E 4 Bytes [28, 23, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtMapViewOfSection + B 76EE5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenFile + 6 76EE5D1E 4 Bytes [68, 20, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenFile + B 76EE5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenProcess + 6 76EE5DCE 4 Bytes [A8, 21, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenProcess + B 76EE5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenProcessToken + 6 76EE5DDE 4 Bytes CALL 75EF4B04 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenProcessToken + B 76EE5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenProcessTokenEx + 6 76EE5DEE 4 Bytes [A8, 22, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenProcessTokenEx + B 76EE5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenThread + 6 76EE5E4E 4 Bytes [68, 21, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenThread + B 76EE5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenThreadToken + 6 76EE5E5E 4 Bytes [68, 22, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenThreadToken + B 76EE5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenThreadTokenEx + 6 76EE5E6E 4 Bytes CALL 75EF4B95 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenThreadTokenEx + B 76EE5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtQueryAttributesFile + 6 76EE5F7E 4 Bytes [A8, 20, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtQueryAttributesFile + B 76EE5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtQueryFullAttributesFile + 6 76EE602E 4 Bytes CALL 75EF4D53 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtQueryFullAttributesFile + B 76EE6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtSetInformationFile + 6 76EE667E 4 Bytes [28, 21, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtSetInformationFile + B 76EE6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtSetInformationThread + 6 76EE66DE 4 Bytes [28, 22, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtSetInformationThread + B 76EE66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtUnmapViewOfSection + 6 76EE69FE 4 Bytes [68, 23, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtUnmapViewOfSection + B 76EE6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!LdrUnloadDll 76EFC8DE 5 Bytes JMP 00FA03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!LdrLoadDll 76F022AE 5 Bytes JMP 00FA01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] KERNEL32.dll!GetBinaryTypeW + 70 752A69E4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtCreateFile + 6 76EE560E 4 Bytes [28, 60, 3C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtCreateFile + B 76EE5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtMapViewOfSection + 6 76EE5C6E 4 Bytes [28, 63, 3C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtMapViewOfSection + B 76EE5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenFile + 6 76EE5D1E 4 Bytes [68, 60, 3C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenFile + B 76EE5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcess + 6 76EE5DCE 4 Bytes [A8, 61, 3C, 00] {TEST AL, 0x61; CMP AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcess + B 76EE5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcessToken + 6 76EE5DDE 4 Bytes CALL 75EE9A44 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcessToken + B 76EE5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcessTokenEx + 6 76EE5DEE 4 Bytes [A8, 62, 3C, 00] {TEST AL, 0x62; CMP AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcessTokenEx + B 76EE5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThread + 6 76EE5E4E 4 Bytes [68, 61, 3C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThread + B 76EE5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThreadToken + 6 76EE5E5E 4 Bytes [68, 62, 3C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThreadToken + B 76EE5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThreadTokenEx + 6 76EE5E6E 4 Bytes CALL 75EE9AD5 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThreadTokenEx + B 76EE5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtQueryAttributesFile + 6 76EE5F7E 4 Bytes [A8, 60, 3C, 00] {TEST AL, 0x60; CMP AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtQueryAttributesFile + B 76EE5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtQueryFullAttributesFile + 6 76EE602E 4 Bytes CALL 75EE9C93 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtQueryFullAttributesFile + B 76EE6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtSetInformationFile + 6 76EE667E 4 Bytes [28, 61, 3C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtSetInformationFile + B 76EE6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtSetInformationThread + 6 76EE66DE 4 Bytes [28, 62, 3C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtSetInformationThread + B 76EE66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtUnmapViewOfSection + 6 76EE69FE 4 Bytes [68, 63, 3C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtUnmapViewOfSection + B 76EE6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!LdrUnloadDll 76EFC8DE 5 Bytes JMP 004203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!LdrLoadDll 76F022AE 5 Bytes JMP 004201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] KERNEL32.dll!GetBinaryTypeW + 70 752A69E4 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[3160] kernel32.dll!GetBinaryTypeW + 70 752A69E4 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[3180] kernel32.dll!GetBinaryTypeW + 70 752A69E4 1 Byte [62] .text C:\Windows\system32\svchost.exe[3204] kernel32.dll!GetBinaryTypeW + 70 752A69E4 1 Byte [62] .text C:\Windows\System32\svchost.exe[3364] kernel32.dll!GetBinaryTypeW + 70 752A69E4 1 Byte [62] .text ... ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp aswTdi.sys AttachedDevice \Driver\tdx \Device\Udp aswTdi.sys ---- EOF - GMER 2.1 ----