GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-26 17:11:00 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000059 WDC_WD64 rev.01.0 596,17GB Running: r3tsk5by.exe; Driver: C:\Users\ADMIN\AppData\Local\Temp\aglorpod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtCreateFile + 6 76E3426A 4 Bytes [28, AC, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtCreateFile + B 76E3426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtMapViewOfSection + 6 76E349BA 4 Bytes [28, AF, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtMapViewOfSection + B 76E349BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenFile + 6 76E34A4A 4 Bytes [68, AC, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenFile + B 76E34A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenProcess + 6 76E34ACA 4 Bytes [A8, AD, 8F, 00] {TEST AL, 0xad; POP DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenProcess + B 76E34ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenProcessToken + 6 76E34ADA 4 Bytes CALL 75E3DA8C .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenProcessToken + B 76E34ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenProcessTokenEx + 6 76E34AEA 4 Bytes [A8, AE, 8F, 00] {TEST AL, 0xae; POP DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenProcessTokenEx + B 76E34AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenThread + 6 76E34B3A 4 Bytes [68, AD, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenThread + B 76E34B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenThreadToken + 6 76E34B4A 4 Bytes [68, AE, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenThreadToken + B 76E34B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenThreadTokenEx + 6 76E34B5A 4 Bytes CALL 75E3DB0D .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenThreadTokenEx + B 76E34B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtQueryAttributesFile + 6 76E34BEA 4 Bytes [A8, AC, 8F, 00] {TEST AL, 0xac; POP DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtQueryAttributesFile + B 76E34BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtQueryFullAttributesFile + 6 76E34C9A 4 Bytes CALL 75E3DC4B .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtQueryFullAttributesFile + B 76E34C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtSetInformationFile + 6 76E3517A 4 Bytes [28, AD, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtSetInformationFile + B 76E3517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtSetInformationThread + 6 76E351CA 4 Bytes [28, AE, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtSetInformationThread + B 76E351CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtUnmapViewOfSection + 6 76E3546A 4 Bytes [68, AF, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtUnmapViewOfSection + B 76E3546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtCreateFile + 6 76E3426A 4 Bytes [28, C8, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtCreateFile + B 76E3426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtMapViewOfSection + 6 76E349BA 4 Bytes [28, CB, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtMapViewOfSection + B 76E349BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenFile + 6 76E34A4A 4 Bytes [68, C8, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenFile + B 76E34A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenProcess + 6 76E34ACA 4 Bytes [A8, C9, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenProcess + B 76E34ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenProcessToken + 6 76E34ADA 4 Bytes CALL 75E3DBA8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenProcessToken + B 76E34ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenProcessTokenEx + 6 76E34AEA 4 Bytes [A8, CA, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenProcessTokenEx + B 76E34AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenThread + 6 76E34B3A 4 Bytes [68, C9, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenThread + B 76E34B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenThreadToken + 6 76E34B4A 4 Bytes [68, CA, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenThreadToken + B 76E34B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenThreadTokenEx + 6 76E34B5A 4 Bytes CALL 75E3DC29 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenThreadTokenEx + B 76E34B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtQueryAttributesFile + 6 76E34BEA 4 Bytes [A8, C8, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtQueryAttributesFile + B 76E34BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtQueryFullAttributesFile + 6 76E34C9A 4 Bytes CALL 75E3DD67 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtQueryFullAttributesFile + B 76E34C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtSetInformationFile + 6 76E3517A 4 Bytes [28, C9, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtSetInformationFile + B 76E3517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtSetInformationThread + 6 76E351CA 4 Bytes [28, CA, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtSetInformationThread + B 76E351CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtUnmapViewOfSection + 6 76E3546A 4 Bytes [68, CB, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtUnmapViewOfSection + B 76E3546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtCreateFile + 6 76E3426A 4 Bytes [28, A0, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtCreateFile + B 76E3426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtMapViewOfSection + 6 76E349BA 4 Bytes [28, A3, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtMapViewOfSection + B 76E349BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenFile + 6 76E34A4A 4 Bytes [68, A0, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenFile + B 76E34A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenProcess + 6 76E34ACA 4 Bytes [A8, A1, 1B, 00] {TEST AL, 0xa1; SBB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenProcess + B 76E34ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenProcessToken + 6 76E34ADA 4 Bytes CALL 75E36680 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenProcessToken + B 76E34ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenProcessTokenEx + 6 76E34AEA 4 Bytes [A8, A2, 1B, 00] {TEST AL, 0xa2; SBB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenProcessTokenEx + B 76E34AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenThread + 6 76E34B3A 4 Bytes [68, A1, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenThread + B 76E34B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenThreadToken + 6 76E34B4A 4 Bytes [68, A2, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenThreadToken + B 76E34B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenThreadTokenEx + 6 76E34B5A 4 Bytes CALL 75E36701 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtOpenThreadTokenEx + B 76E34B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtQueryAttributesFile + 6 76E34BEA 4 Bytes [A8, A0, 1B, 00] {TEST AL, 0xa0; SBB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtQueryAttributesFile + B 76E34BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtQueryFullAttributesFile + 6 76E34C9A 4 Bytes CALL 75E3683F .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtQueryFullAttributesFile + B 76E34C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtSetInformationFile + 6 76E3517A 4 Bytes [28, A1, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtSetInformationFile + B 76E3517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtSetInformationThread + 6 76E351CA 4 Bytes [28, A2, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtSetInformationThread + B 76E351CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtUnmapViewOfSection + 6 76E3546A 4 Bytes [68, A3, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1140] ntdll.dll!NtUnmapViewOfSection + B 76E3546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtCreateFile + 6 76E3426A 4 Bytes [28, 14, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtCreateFile + B 76E3426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtMapViewOfSection + 6 76E349BA 4 Bytes [28, 17, 84, 00] {SUB [EDI], DL; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtMapViewOfSection + B 76E349BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenFile + 6 76E34A4A 4 Bytes [68, 14, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenFile + B 76E34A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenProcess + 6 76E34ACA 4 Bytes [A8, 15, 84, 00] {TEST AL, 0x15; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenProcess + B 76E34ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenProcessToken + 6 76E34ADA 4 Bytes CALL 75E3CEF4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenProcessToken + B 76E34ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenProcessTokenEx + 6 76E34AEA 4 Bytes [A8, 16, 84, 00] {TEST AL, 0x16; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenProcessTokenEx + B 76E34AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenThread + 6 76E34B3A 4 Bytes [68, 15, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenThread + B 76E34B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenThreadToken + 6 76E34B4A 4 Bytes [68, 16, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenThreadToken + B 76E34B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenThreadTokenEx + 6 76E34B5A 4 Bytes CALL 75E3CF75 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenThreadTokenEx + B 76E34B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtQueryAttributesFile + 6 76E34BEA 4 Bytes [A8, 14, 84, 00] {TEST AL, 0x14; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtQueryAttributesFile + B 76E34BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtQueryFullAttributesFile + 6 76E34C9A 4 Bytes CALL 75E3D0B3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtQueryFullAttributesFile + B 76E34C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtSetInformationFile + 6 76E3517A 4 Bytes [28, 15, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtSetInformationFile + B 76E3517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtSetInformationThread + 6 76E351CA 4 Bytes [28, 16, 84, 00] {SUB [ESI], DL; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtSetInformationThread + B 76E351CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtUnmapViewOfSection + 6 76E3546A 4 Bytes [68, 17, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtUnmapViewOfSection + B 76E3546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtCreateFile + 6 76E3426A 4 Bytes [28, 7C, 5E, 00] {SUB [ESI+EBX*2+0x0], BH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtCreateFile + B 76E3426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtMapViewOfSection + 6 76E349BA 4 Bytes [28, 7F, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtMapViewOfSection + B 76E349BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenFile + 6 76E34A4A 4 Bytes [68, 7C, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenFile + B 76E34A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenProcess + 6 76E34ACA 4 Bytes [A8, 7D, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenProcess + B 76E34ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenProcessToken + 6 76E34ADA 4 Bytes CALL 75E3A95C .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenProcessToken + B 76E34ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenProcessTokenEx + 6 76E34AEA 4 Bytes [A8, 7E, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenProcessTokenEx + B 76E34AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenThread + 6 76E34B3A 4 Bytes [68, 7D, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenThread + B 76E34B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenThreadToken + 6 76E34B4A 4 Bytes [68, 7E, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenThreadToken + B 76E34B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenThreadTokenEx + 6 76E34B5A 4 Bytes CALL 75E3A9DD .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenThreadTokenEx + B 76E34B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtQueryAttributesFile + 6 76E34BEA 4 Bytes [A8, 7C, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtQueryAttributesFile + B 76E34BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtQueryFullAttributesFile + 6 76E34C9A 4 Bytes CALL 75E3AB1B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtQueryFullAttributesFile + B 76E34C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtSetInformationFile + 6 76E3517A 4 Bytes [28, 7D, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtSetInformationFile + B 76E3517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtSetInformationThread + 6 76E351CA 4 Bytes [28, 7E, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtSetInformationThread + B 76E351CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtUnmapViewOfSection + 6 76E3546A 4 Bytes [68, 7F, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtUnmapViewOfSection + B 76E3546F 1 Byte [E2] .text C:\Program Files\Overwolf\Overwolf.exe[2192] USER32.dll!WindowFromPoint 7561884F 5 Bytes JMP 64678E00 C:\Program Files\Overwolf\OWAgent.dll .text C:\Program Files\Overwolf\Overwolf.exe[2192] USER32.dll!ShowWindow 7561CA10 5 Bytes JMP 64679360 C:\Program Files\Overwolf\OWAgent.dll .text C:\Program Files\Overwolf\Overwolf.exe[2192] USER32.dll!GetMessageW 7562FEF7 5 Bytes JMP 64679200 C:\Program Files\Overwolf\OWAgent.dll .text C:\Program Files\Overwolf\Overwolf.exe[2192] USER32.dll!GetCursorPos 75630B88 5 Bytes JMP 64678FB0 C:\Program Files\Overwolf\OWAgent.dll .text C:\Program Files\Overwolf\Overwolf.exe[2192] USER32.dll!AttachThreadInput 756423F5 5 Bytes JMP 6467A610 C:\Program Files\Overwolf\OWAgent.dll .text C:\Program Files\Overwolf\Overwolf.exe[2192] USER32.dll!UpdateLayeredWindowIndirect 756570EF 5 Bytes JMP 64678C10 C:\Program Files\Overwolf\OWAgent.dll .text C:\Program Files\Overwolf\Overwolf.exe[2192] shell32.dll!ShellExecuteW 762C9725 5 Bytes JMP 6467A3C0 C:\Program Files\Overwolf\OWAgent.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtMapViewOfSection + 6 76E349BA 4 Bytes [18, 00, 23, 64] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtMapViewOfSection + B 76E349BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtCreateFile + 6 76E3426A 4 Bytes [28, EC, 2C, 00] {SUB AH, CH; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtCreateFile + B 76E3426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtMapViewOfSection + 6 76E349BA 4 Bytes [28, EF, 2C, 00] {SUB BH, CH; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtMapViewOfSection + B 76E349BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenFile + 6 76E34A4A 4 Bytes [68, EC, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenFile + B 76E34A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenProcess + 6 76E34ACA 4 Bytes [A8, ED, 2C, 00] {TEST AL, 0xed; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenProcess + B 76E34ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenProcessToken + 6 76E34ADA 4 Bytes CALL 75E377CC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenProcessToken + B 76E34ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenProcessTokenEx + 6 76E34AEA 4 Bytes [A8, EE, 2C, 00] {TEST AL, 0xee; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenProcessTokenEx + B 76E34AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenThread + 6 76E34B3A 4 Bytes [68, ED, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenThread + B 76E34B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenThreadToken + 6 76E34B4A 4 Bytes [68, EE, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenThreadToken + B 76E34B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenThreadTokenEx + 6 76E34B5A 4 Bytes CALL 75E3784D .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenThreadTokenEx + B 76E34B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtQueryAttributesFile + 6 76E34BEA 4 Bytes [A8, EC, 2C, 00] {TEST AL, 0xec; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtQueryAttributesFile + B 76E34BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtQueryFullAttributesFile + 6 76E34C9A 4 Bytes CALL 75E3798B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtQueryFullAttributesFile + B 76E34C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtSetInformationFile + 6 76E3517A 4 Bytes [28, ED, 2C, 00] {SUB CH, CH; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtSetInformationFile + B 76E3517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtSetInformationThread + 6 76E351CA 4 Bytes [28, EE, 2C, 00] {SUB DH, CH; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtSetInformationThread + B 76E351CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtUnmapViewOfSection + 6 76E3546A 4 Bytes [68, EF, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtUnmapViewOfSection + B 76E3546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtCreateFile + 6 76E3426A 4 Bytes [28, 04, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtCreateFile + B 76E3426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtMapViewOfSection + 6 76E349BA 4 Bytes [28, 07, 1B, 00] {SUB [EDI], AL; SBB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtMapViewOfSection + B 76E349BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenFile + 6 76E34A4A 4 Bytes [68, 04, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenFile + B 76E34A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenProcess + 6 76E34ACA 4 Bytes [A8, 05, 1B, 00] {TEST AL, 0x5; SBB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenProcess + B 76E34ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenProcessToken + 6 76E34ADA 4 Bytes CALL 75E365E4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenProcessToken + B 76E34ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenProcessTokenEx + 6 76E34AEA 4 Bytes [A8, 06, 1B, 00] {TEST AL, 0x6; SBB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenProcessTokenEx + B 76E34AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenThread + 6 76E34B3A 4 Bytes [68, 05, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenThread + B 76E34B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenThreadToken + 6 76E34B4A 4 Bytes [68, 06, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenThreadToken + B 76E34B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenThreadTokenEx + 6 76E34B5A 4 Bytes CALL 75E36665 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenThreadTokenEx + B 76E34B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtQueryAttributesFile + 6 76E34BEA 4 Bytes [A8, 04, 1B, 00] {TEST AL, 0x4; SBB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtQueryAttributesFile + B 76E34BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtQueryFullAttributesFile + 6 76E34C9A 4 Bytes CALL 75E367A3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtQueryFullAttributesFile + B 76E34C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtSetInformationFile + 6 76E3517A 4 Bytes [28, 05, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtSetInformationFile + B 76E3517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtSetInformationThread + 6 76E351CA 4 Bytes [28, 06, 1B, 00] {SUB [ESI], AL; SBB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtSetInformationThread + B 76E351CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtUnmapViewOfSection + 6 76E3546A 4 Bytes [68, 07, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtUnmapViewOfSection + B 76E3546F 1 Byte [E2] ---- EOF - GMER 2.1 ----