GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-11 23:01:10 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000006a ST1000DM rev.CC49 931,51GB Running: tull5r2m.exe; Driver: C:\Users\Damian\AppData\Local\Temp\awrdrpog.sys ---- System - GMER 2.1 ---- SSDT 8543B6A0 ZwAlertResumeThread SSDT 8543B6F8 ZwAlertThread SSDT 854466F0 ZwAllocateVirtualMemory SSDT 85420E28 ZwAlpcConnectPort SSDT 8540E750 ZwAssignProcessToJobObject SSDT 853E1EC0 ZwCreateMutant SSDT 8540C008 ZwCreateSymbolicLinkObject SSDT 854784F0 ZwCreateThread SSDT 8540E670 ZwCreateThreadEx SSDT 8540E7A8 ZwDebugActiveProcess SSDT 854467B0 ZwDuplicateObject SSDT 8543F270 ZwFreeVirtualMemory SSDT 853E1F28 ZwImpersonateAnonymousToken SSDT 8543B648 ZwImpersonateThread SSDT 8634CE98 ZwLoadDriver SSDT 8543F218 ZwMapViewOfSection SSDT 853E1E68 ZwOpenEvent SSDT 854495A8 ZwOpenProcess SSDT 85446758 ZwOpenProcessToken SSDT 853E1DB8 ZwOpenSection SSDT 85478448 ZwOpenThread SSDT 8540E6E8 ZwProtectVirtualMemory SSDT 8543B750 ZwResumeThread SSDT 8543F100 ZwSetContextThread SSDT 8543F158 ZwSetInformationProcess SSDT 8540E7E0 ZwSetSystemInformation SSDT 853E1E10 ZwSuspendProcess SSDT 8543B7A8 ZwSuspendThread SSDT 8540F080 ZwTerminateProcess SSDT 8543B7E0 ZwTerminateThread SSDT 8543F1C0 ZwUnmapViewOfSection SSDT 85446668 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 82C42339 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7BD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 82C82DD0 8 Bytes [A0, B6, 43, 85, F8, B6, 43, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82C82DE8 4 Bytes [F0, 66, 44, 85] .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82C82DF4 4 Bytes [28, 0E, 42, 85] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82C82E48 4 Bytes [50, E7, 40, 85] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82C82EC4 4 Bytes [C0, 1E, 3E, 85] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F814000, 0x153E5A, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Users\Damian\Downloads\tull5r2m.exe[920] ntdll.dll!NtTerminateThread 771268D8 1 Byte [E9] .text C:\Users\Damian\Downloads\tull5r2m.exe[920] ntdll.dll!NtTerminateThread 771268D8 5 Bytes JMP 00020050 .text C:\Users\Damian\Downloads\tull5r2m.exe[920] USER32.dll!ChangeWindowMessageFilterEx + F 76F524D7 7 Bytes JMP 00220A12 .text C:\Users\Damian\Downloads\tull5r2m.exe[920] USER32.dll!RecordShutdownReason + 372 76F906C2 7 Bytes JMP 00220930 .text C:\Users\Damian\Downloads\FRST.exe[1216] ntdll.dll!NtTerminateThread 771268D8 1 Byte [E9] .text C:\Users\Damian\Downloads\FRST.exe[1216] ntdll.dll!NtTerminateThread 771268D8 5 Bytes JMP 00020050 .text C:\Users\Damian\Downloads\FRST.exe[1216] USER32.dll!ChangeWindowMessageFilterEx + F 76F524D7 7 Bytes JMP 00910BD6 .text C:\Users\Damian\Downloads\FRST.exe[1216] USER32.dll!RecordShutdownReason + 372 76F906C2 7 Bytes JMP 00910AF4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtCreateFile + 6 771255CE 4 Bytes [28, 94, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtCreateFile + B 771255D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtMapViewOfSection + 6 77125C2E 4 Bytes [28, 97, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtMapViewOfSection + B 77125C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenFile + 6 77125CDE 4 Bytes [68, 94, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenFile + B 77125CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenProcess + 6 77125D8E 4 Bytes [A8, 95, 03, 01] {TEST AL, 0x95; ADD EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenProcess + B 77125D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenProcessToken + B 77125DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenProcessTokenEx + 6 77125DAE 4 Bytes [A8, 96, 03, 01] {TEST AL, 0x96; ADD EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenProcessTokenEx + B 77125DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenThread + 6 77125E0E 4 Bytes [68, 95, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenThread + B 77125E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenThreadToken + 6 77125E1E 4 Bytes [68, 96, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenThreadToken + B 77125E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenThreadTokenEx + B 77125E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtQueryAttributesFile + 6 77125F3E 4 Bytes [A8, 94, 03, 01] {TEST AL, 0x94; ADD EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtQueryAttributesFile + B 77125F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtQueryFullAttributesFile + B 77125FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtSetInformationFile + 6 7712663E 4 Bytes [28, 95, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtSetInformationFile + B 77126643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtSetInformationThread + 6 7712669E 4 Bytes [28, 96, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtSetInformationThread + B 771266A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtUnmapViewOfSection + 6 771269BE 4 Bytes [68, 97, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtUnmapViewOfSection + B 771269C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtCreateFile + 6 771255CE 4 Bytes [28, 40, 0C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtCreateFile + B 771255D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtMapViewOfSection + 6 77125C2E 4 Bytes [28, 43, 0C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtMapViewOfSection + B 77125C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenFile + 6 77125CDE 4 Bytes [68, 40, 0C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenFile + B 77125CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcess + 6 77125D8E 4 Bytes [A8, 41, 0C, 00] {TEST AL, 0x41; OR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcess + B 77125D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcessToken + 6 77125D9E 4 Bytes CALL 761269E4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcessToken + B 77125DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcessTokenEx + 6 77125DAE 4 Bytes [A8, 42, 0C, 00] {TEST AL, 0x42; OR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcessTokenEx + B 77125DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThread + 6 77125E0E 4 Bytes [68, 41, 0C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThread + B 77125E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThreadToken + 6 77125E1E 4 Bytes [68, 42, 0C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThreadToken + B 77125E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThreadTokenEx + 6 77125E2E 4 Bytes CALL 76126A75 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThreadTokenEx + B 77125E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtQueryAttributesFile + 6 77125F3E 4 Bytes [A8, 40, 0C, 00] {TEST AL, 0x40; OR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtQueryAttributesFile + B 77125F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtQueryFullAttributesFile + 6 77125FEE 4 Bytes CALL 76126C33 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtQueryFullAttributesFile + B 77125FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtSetInformationFile + 6 7712663E 4 Bytes [28, 41, 0C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtSetInformationFile + B 77126643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtSetInformationThread + 6 7712669E 4 Bytes [28, 42, 0C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtSetInformationThread + B 771266A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtUnmapViewOfSection + 6 771269BE 4 Bytes [68, 43, 0C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtUnmapViewOfSection + B 771269C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtMapViewOfSection + 6 77125C2E 4 Bytes [18, 20, 53, 73] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtMapViewOfSection + B 77125C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtCreateFile + 6 771255CE 4 Bytes [28, B4, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtCreateFile + B 771255D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtMapViewOfSection + 6 77125C2E 4 Bytes [28, B7, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtMapViewOfSection + B 77125C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenFile + 6 77125CDE 4 Bytes [68, B4, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenFile + B 77125CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcess + 6 77125D8E 4 Bytes [A8, B5, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcess + B 77125D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcessToken + 6 77125D9E 4 Bytes CALL 7612F158 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcessToken + B 77125DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcessTokenEx + 6 77125DAE 4 Bytes [A8, B6, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcessTokenEx + B 77125DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThread + 6 77125E0E 4 Bytes [68, B5, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThread + B 77125E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThreadToken + 6 77125E1E 4 Bytes [68, B6, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThreadToken + B 77125E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThreadTokenEx + 6 77125E2E 4 Bytes CALL 7612F1E9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThreadTokenEx + B 77125E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtQueryAttributesFile + 6 77125F3E 4 Bytes [A8, B4, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtQueryAttributesFile + B 77125F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtQueryFullAttributesFile + 6 77125FEE 4 Bytes CALL 7612F3A7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtQueryFullAttributesFile + B 77125FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtSetInformationFile + 6 7712663E 4 Bytes [28, B5, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtSetInformationFile + B 77126643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtSetInformationThread + 6 7712669E 4 Bytes [28, B6, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtSetInformationThread + B 771266A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtUnmapViewOfSection + 6 771269BE 4 Bytes [68, B7, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtUnmapViewOfSection + B 771269C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtCreateFile + 6 771255CE 4 Bytes [28, 00, 6A, 00] {SUB [EAX], AL; PUSH 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtCreateFile + B 771255D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtMapViewOfSection + 6 77125C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtMapViewOfSection + 6 77125C2E 4 Bytes [28, 03, 6A, 00] {SUB [EBX], AL; PUSH 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtMapViewOfSection + B 77125C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenFile + 6 77125CDE 4 Bytes [68, 00, 6A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenFile + B 77125CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenProcess + 6 77125D8E 4 Bytes [A8, 01, 6A, 00] {TEST AL, 0x1; PUSH 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenProcess + B 77125D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenProcessToken + 6 77125D9E 4 Bytes CALL 7612C7A4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenProcessToken + B 77125DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenProcessTokenEx + 6 77125DAE 4 Bytes [A8, 02, 6A, 00] {TEST AL, 0x2; PUSH 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenProcessTokenEx + B 77125DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenThread + 6 77125E0E 4 Bytes [68, 01, 6A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenThread + B 77125E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenThreadToken + 6 77125E1E 4 Bytes [68, 02, 6A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenThreadToken + B 77125E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenThreadTokenEx + 6 77125E2E 4 Bytes CALL 7612C835 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenThreadTokenEx + B 77125E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtQueryAttributesFile + 6 77125F3E 4 Bytes [A8, 00, 6A, 00] {TEST AL, 0x0; PUSH 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtQueryAttributesFile + B 77125F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtQueryFullAttributesFile + 6 77125FEE 4 Bytes CALL 7612C9F3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtQueryFullAttributesFile + B 77125FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtSetInformationFile + 6 7712663E 4 Bytes [28, 01, 6A, 00] {SUB [ECX], AL; PUSH 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtSetInformationFile + B 77126643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtSetInformationThread + 6 7712669E 4 Bytes [28, 02, 6A, 00] {SUB [EDX], AL; PUSH 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtSetInformationThread + B 771266A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtUnmapViewOfSection + 6 771269BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtUnmapViewOfSection + 6 771269BE 4 Bytes [68, 03, 6A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtUnmapViewOfSection + B 771269C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtCreateFile + 6 771255CE 4 Bytes [28, CC, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtCreateFile + B 771255D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtMapViewOfSection + 6 77125C2E 4 Bytes [28, CF, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtMapViewOfSection + B 77125C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenFile + 6 77125CDE 4 Bytes [68, CC, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenFile + B 77125CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcess + 6 77125D8E 4 Bytes [A8, CD, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcess + B 77125D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcessToken + B 77125DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcessTokenEx + 6 77125DAE 4 Bytes [A8, CE, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcessTokenEx + B 77125DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThread + 6 77125E0E 4 Bytes [68, CD, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThread + B 77125E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThreadToken + 6 77125E1E 4 Bytes [68, CE, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThreadToken + B 77125E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThreadTokenEx + B 77125E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtQueryAttributesFile + 6 77125F3E 4 Bytes [A8, CC, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtQueryAttributesFile + B 77125F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtQueryFullAttributesFile + B 77125FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtSetInformationFile + 6 7712663E 4 Bytes [28, CD, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtSetInformationFile + B 77126643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtSetInformationThread + 6 7712669E 4 Bytes [28, CE, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtSetInformationThread + B 771266A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtUnmapViewOfSection + 6 771269BE 4 Bytes [68, CF, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtUnmapViewOfSection + B 771269C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtCreateFile + 6 771255CE 4 Bytes [28, 84, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtCreateFile + B 771255D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtMapViewOfSection + 6 77125C2E 4 Bytes [28, 87, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtMapViewOfSection + B 77125C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenFile + 6 77125CDE 4 Bytes [68, 84, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenFile + B 77125CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcess + 6 77125D8E 4 Bytes [A8, 85, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcess + B 77125D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcessToken + B 77125DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcessTokenEx + 6 77125DAE 4 Bytes [A8, 86, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcessTokenEx + B 77125DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThread + 6 77125E0E 4 Bytes [68, 85, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThread + B 77125E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThreadToken + 6 77125E1E 4 Bytes [68, 86, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThreadToken + B 77125E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThreadTokenEx + B 77125E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtQueryAttributesFile + 6 77125F3E 4 Bytes [A8, 84, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtQueryAttributesFile + B 77125F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtQueryFullAttributesFile + B 77125FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtSetInformationFile + 6 7712663E 4 Bytes [28, 85, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtSetInformationFile + B 77126643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtSetInformationThread + 6 7712669E 4 Bytes [28, 86, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtSetInformationThread + B 771266A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtUnmapViewOfSection + 6 771269BE 4 Bytes [68, 87, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtUnmapViewOfSection + B 771269C3 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ----