GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-09 13:02:59 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250410AS rev.0006HPM1 232,89GB Running: ksqrqr2u.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uwddakob.sys ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwSaveKey + 13CD 82C859A9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82CA54E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtCreateFile + 6 76FD55CE 4 Bytes [28, F4, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtCreateFile + B 76FD55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtMapViewOfSection + 6 76FD5C2E 4 Bytes [28, F7, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtMapViewOfSection + B 76FD5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtOpenFile + 6 76FD5CDE 4 Bytes [68, F4, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtOpenFile + B 76FD5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtOpenProcess + 6 76FD5D8E 4 Bytes [A8, F5, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtOpenProcess + B 76FD5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtOpenProcessToken + 6 76FD5D9E 4 Bytes CALL 75FDF098 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtOpenProcessToken + B 76FD5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtOpenProcessTokenEx + 6 76FD5DAE 4 Bytes [A8, F6, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtOpenProcessTokenEx + B 76FD5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtOpenThread + 6 76FD5E0E 4 Bytes [68, F5, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtOpenThread + B 76FD5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtOpenThreadToken + 6 76FD5E1E 4 Bytes [68, F6, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtOpenThreadToken + B 76FD5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtOpenThreadTokenEx + 6 76FD5E2E 4 Bytes CALL 75FDF129 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtOpenThreadTokenEx + B 76FD5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtQueryAttributesFile + 6 76FD5F3E 4 Bytes [A8, F4, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtQueryAttributesFile + B 76FD5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtQueryFullAttributesFile + 6 76FD5FEE 4 Bytes CALL 75FDF2E7 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtQueryFullAttributesFile + B 76FD5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtSetInformationFile + 6 76FD663E 4 Bytes [28, F5, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtSetInformationFile + B 76FD6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtSetInformationThread + 6 76FD669E 4 Bytes [28, F6, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtSetInformationThread + B 76FD66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtUnmapViewOfSection + 6 76FD69BE 4 Bytes [68, F7, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[568] ntdll.dll!NtUnmapViewOfSection + B 76FD69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtCreateFile + 6 76FD55CE 4 Bytes [28, 08, 21, 00] {SUB [EAX], CL; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtCreateFile + B 76FD55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtMapViewOfSection + 6 76FD5C2E 4 Bytes [28, 0B, 21, 00] {SUB [EBX], CL; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtMapViewOfSection + B 76FD5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtOpenFile + 6 76FD5CDE 4 Bytes [68, 08, 21, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtOpenFile + B 76FD5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtOpenProcess + 6 76FD5D8E 4 Bytes [A8, 09, 21, 00] {TEST AL, 0x9; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtOpenProcess + B 76FD5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtOpenProcessToken + 6 76FD5D9E 4 Bytes CALL 75FD7EAC C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtOpenProcessToken + B 76FD5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtOpenProcessTokenEx + 6 76FD5DAE 4 Bytes [A8, 0A, 21, 00] {TEST AL, 0xa; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtOpenProcessTokenEx + B 76FD5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtOpenThread + 6 76FD5E0E 4 Bytes [68, 09, 21, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtOpenThread + B 76FD5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtOpenThreadToken + 6 76FD5E1E 4 Bytes [68, 0A, 21, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtOpenThreadToken + B 76FD5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtOpenThreadTokenEx + 6 76FD5E2E 4 Bytes CALL 75FD7F3D C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtOpenThreadTokenEx + B 76FD5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtQueryAttributesFile + 6 76FD5F3E 4 Bytes [A8, 08, 21, 00] {TEST AL, 0x8; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtQueryAttributesFile + B 76FD5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtQueryFullAttributesFile + 6 76FD5FEE 4 Bytes CALL 75FD80FB C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtQueryFullAttributesFile + B 76FD5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtSetInformationFile + 6 76FD663E 4 Bytes [28, 09, 21, 00] {SUB [ECX], CL; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtSetInformationFile + B 76FD6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtSetInformationThread + 6 76FD669E 4 Bytes [28, 0A, 21, 00] {SUB [EDX], CL; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtSetInformationThread + B 76FD66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtUnmapViewOfSection + 6 76FD69BE 4 Bytes [68, 0B, 21, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[924] ntdll.dll!NtUnmapViewOfSection + B 76FD69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtCreateFile + 6 76FD55CE 4 Bytes [28, 64, 06, 01] {SUB [ESI+EAX+0x1], AH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtCreateFile + B 76FD55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtMapViewOfSection + 6 76FD5C2E 4 Bytes [28, 67, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtMapViewOfSection + B 76FD5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenFile + 6 76FD5CDE 4 Bytes [68, 64, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenFile + B 76FD5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcess + 6 76FD5D8E 4 Bytes [A8, 65, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcess + B 76FD5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcessToken + 6 76FD5D9E 4 Bytes CALL 75FE6408 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcessToken + B 76FD5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcessTokenEx + 6 76FD5DAE 4 Bytes [A8, 66, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcessTokenEx + B 76FD5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThread + 6 76FD5E0E 4 Bytes [68, 65, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThread + B 76FD5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThreadToken + 6 76FD5E1E 4 Bytes [68, 66, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThreadToken + B 76FD5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThreadTokenEx + 6 76FD5E2E 4 Bytes CALL 75FE6499 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThreadTokenEx + B 76FD5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtQueryAttributesFile + 6 76FD5F3E 4 Bytes [A8, 64, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtQueryAttributesFile + B 76FD5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtQueryFullAttributesFile + 6 76FD5FEE 4 Bytes CALL 75FE6657 C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtQueryFullAttributesFile + B 76FD5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtSetInformationFile + 6 76FD663E 4 Bytes [28, 65, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtSetInformationFile + B 76FD6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtSetInformationThread + 6 76FD669E 4 Bytes [28, 66, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtSetInformationThread + B 76FD66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtUnmapViewOfSection + 6 76FD69BE 4 Bytes [68, 67, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtUnmapViewOfSection + B 76FD69C3 1 Byte [E2] .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1576] kernel32.dll!SetUnhandledExceptionFilter 7574F4FB 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtCreateFile + 6 76FD55CE 4 Bytes [28, 48, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtCreateFile + B 76FD55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtMapViewOfSection + 6 76FD5C2E 4 Bytes [28, 4B, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtMapViewOfSection + B 76FD5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenFile + 6 76FD5CDE 4 Bytes [68, 48, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenFile + B 76FD5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenProcess + 6 76FD5D8E 4 Bytes [A8, 49, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenProcess + B 76FD5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenProcessToken + 6 76FD5D9E 4 Bytes CALL 75FE49EC C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenProcessToken + B 76FD5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenProcessTokenEx + 6 76FD5DAE 4 Bytes [A8, 4A, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenProcessTokenEx + B 76FD5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenThread + 6 76FD5E0E 4 Bytes [68, 49, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenThread + B 76FD5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenThreadToken + 6 76FD5E1E 4 Bytes [68, 4A, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenThreadToken + B 76FD5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenThreadTokenEx + 6 76FD5E2E 4 Bytes CALL 75FE4A7D C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenThreadTokenEx + B 76FD5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtQueryAttributesFile + 6 76FD5F3E 4 Bytes [A8, 48, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtQueryAttributesFile + B 76FD5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtQueryFullAttributesFile + 6 76FD5FEE 4 Bytes CALL 75FE4C3B C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtQueryFullAttributesFile + B 76FD5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtSetInformationFile + 6 76FD663E 4 Bytes [28, 49, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtSetInformationFile + B 76FD6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtSetInformationThread + 6 76FD669E 4 Bytes [28, 4A, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtSetInformationThread + B 76FD66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtUnmapViewOfSection + 6 76FD69BE 4 Bytes [68, 4B, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtUnmapViewOfSection + B 76FD69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtCreateFile + 6 76FD55CE 4 Bytes [28, 58, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtCreateFile + B 76FD55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtMapViewOfSection + 6 76FD5C2E 4 Bytes [28, 5B, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtMapViewOfSection + B 76FD5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenFile + 6 76FD5CDE 4 Bytes [68, 58, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenFile + B 76FD5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenProcess + 6 76FD5D8E 4 Bytes [A8, 59, 39, 00] {TEST AL, 0x59; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenProcess + B 76FD5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenProcessToken + 6 76FD5D9E 4 Bytes CALL 75FD96FC C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenProcessToken + B 76FD5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenProcessTokenEx + 6 76FD5DAE 4 Bytes [A8, 5A, 39, 00] {TEST AL, 0x5a; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenProcessTokenEx + B 76FD5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenThread + 6 76FD5E0E 4 Bytes [68, 59, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenThread + B 76FD5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenThreadToken + 6 76FD5E1E 4 Bytes [68, 5A, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenThreadToken + B 76FD5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenThreadTokenEx + 6 76FD5E2E 4 Bytes CALL 75FD978D C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenThreadTokenEx + B 76FD5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtQueryAttributesFile + 6 76FD5F3E 4 Bytes [A8, 58, 39, 00] {TEST AL, 0x58; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtQueryAttributesFile + B 76FD5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtQueryFullAttributesFile + 6 76FD5FEE 4 Bytes CALL 75FD994B C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtQueryFullAttributesFile + B 76FD5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtSetInformationFile + 6 76FD663E 4 Bytes [28, 59, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtSetInformationFile + B 76FD6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtSetInformationThread + 6 76FD669E 4 Bytes [28, 5A, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtSetInformationThread + B 76FD66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtUnmapViewOfSection + 6 76FD69BE 4 Bytes [68, 5B, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtUnmapViewOfSection + B 76FD69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtCreateFile + 6 76FD55CE 4 Bytes [28, A8, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtCreateFile + B 76FD55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtMapViewOfSection + 6 76FD5C2E 4 Bytes [28, AB, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtMapViewOfSection + B 76FD5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenFile + 6 76FD5CDE 4 Bytes [68, A8, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenFile + B 76FD5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenProcess + 6 76FD5D8E 4 Bytes [A8, A9, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenProcess + B 76FD5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenProcessToken + 6 76FD5D9E 4 Bytes CALL 75FDAE4C C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenProcessToken + B 76FD5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenProcessTokenEx + 6 76FD5DAE 4 Bytes [A8, AA, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenProcessTokenEx + B 76FD5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenThread + 6 76FD5E0E 4 Bytes [68, A9, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenThread + B 76FD5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenThreadToken + 6 76FD5E1E 4 Bytes [68, AA, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenThreadToken + B 76FD5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenThreadTokenEx + 6 76FD5E2E 4 Bytes CALL 75FDAEDD C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenThreadTokenEx + B 76FD5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtQueryAttributesFile + 6 76FD5F3E 4 Bytes [A8, A8, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtQueryAttributesFile + B 76FD5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtQueryFullAttributesFile + 6 76FD5FEE 4 Bytes CALL 75FDB09B C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtQueryFullAttributesFile + B 76FD5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtSetInformationFile + 6 76FD663E 4 Bytes [28, A9, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtSetInformationFile + B 76FD6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtSetInformationThread + 6 76FD669E 4 Bytes [28, AA, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtSetInformationThread + B 76FD66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtUnmapViewOfSection + 6 76FD69BE 4 Bytes [68, AB, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtUnmapViewOfSection + B 76FD69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtMapViewOfSection + 6 76FD5C2E 4 Bytes [18, 20, 86, 73] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtMapViewOfSection + B 76FD5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtCreateFile + 6 76FD55CE 4 Bytes [28, 68, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtCreateFile + B 76FD55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtMapViewOfSection + 6 76FD5C2E 4 Bytes [28, 6B, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtMapViewOfSection + B 76FD5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenFile + 6 76FD5CDE 4 Bytes [68, 68, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenFile + B 76FD5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenProcess + 6 76FD5D8E 4 Bytes [A8, 69, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenProcess + B 76FD5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenProcessToken + 6 76FD5D9E 4 Bytes CALL 75FE480C C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenProcessToken + B 76FD5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenProcessTokenEx + 6 76FD5DAE 4 Bytes [A8, 6A, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenProcessTokenEx + B 76FD5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenThread + 6 76FD5E0E 4 Bytes [68, 69, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenThread + B 76FD5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenThreadToken + 6 76FD5E1E 4 Bytes [68, 6A, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenThreadToken + B 76FD5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenThreadTokenEx + 6 76FD5E2E 4 Bytes CALL 75FE489D C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenThreadTokenEx + B 76FD5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtQueryAttributesFile + 6 76FD5F3E 4 Bytes [A8, 68, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtQueryAttributesFile + B 76FD5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtQueryFullAttributesFile + 6 76FD5FEE 4 Bytes CALL 75FE4A5B C:\Windows\system32\OLEAUT32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtQueryFullAttributesFile + B 76FD5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtSetInformationFile + 6 76FD663E 4 Bytes [28, 69, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtSetInformationFile + B 76FD6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtSetInformationThread + 6 76FD669E 4 Bytes [28, 6A, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtSetInformationThread + B 76FD66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtUnmapViewOfSection + 6 76FD69BE 4 Bytes [68, 6B, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtUnmapViewOfSection + B 76FD69C3 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ----