GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-06-11 21:56:05 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000034 ST1000LM024_HN-M101MBB rev.2AR10002 931.51GB Running: 00o32h7t.exe; Driver: C:\Users\danya\AppData\Local\Temp\pxloypod.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600023da00 7 bytes [00, 0C, 7E, 01, 00, B1, F2] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 8 fffff9600023da08 7 bytes [01, 0A, C0, FF, 00, 66, DB] ---- User code sections - GMER 2.2 ---- .text C:\WINDOWS\system32\atiesrxx.exe[684] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fe56a5177a 4 bytes [A5, 56, FE, 07] .text C:\WINDOWS\system32\atiesrxx.exe[684] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fe56a51782 4 bytes [A5, 56, FE, 07] .text C:\WINDOWS\system32\atieclxx.exe[1212] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fe56a5177a 4 bytes [A5, 56, FE, 07] .text C:\WINDOWS\system32\atieclxx.exe[1212] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fe56a51782 4 bytes [A5, 56, FE, 07] .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fe56c1107d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fe56c11118 8 bytes [A0, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 37 000007fe56c11155 7 bytes [6B, F8, 7F, 00, 00, 00, 00] .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fe56c112e2 8 bytes [80, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fe56c113b7 8 bytes [70, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\SYSTEM32\ntdll.dll!strlen + 168 000007fe56c11538 8 bytes [60, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 405 000007fe56c116e5 8 bytes [50, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 421 000007fe56c116f5 8 bytes [40, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\SYSTEM32\ntdll.dll!strncpy + 354 000007fe56c11942 8 bytes [30, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fe56c12c70 8 bytes {JMP QWORD [RIP-0x18bf]} .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fe56c12df0 8 bytes {JMP QWORD [RIP-0x18be]} .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fe56c12e20 8 bytes {JMP QWORD [RIP-0x1d0e]} .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fe56c12f40 8 bytes {JMP QWORD [RIP-0x1c64]} .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fe56c12ff0 8 bytes {JMP QWORD [RIP-0x1ea2]} .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fe56c136b1 8 bytes {JMP QWORD [RIP-0x1d75]} .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fe56c13991 8 bytes {JMP QWORD [RIP-0x22a2]} .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fe56c14211 8 bytes {JMP QWORD [RIP-0x2b32]} .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 0000000077c315f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 0000000077c317d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 0000000077c318c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077c318e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077c31903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe[4840] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000077c3195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4528] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fe4db01532 4 bytes [B0, 4D, FE, 07] .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4528] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fe4db0153a 4 bytes [B0, 4D, FE, 07] .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4528] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fe4db0165a 4 bytes [B0, 4D, FE, 07] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[4380] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 0000000077c315f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[4380] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 0000000077c317d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[4380] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 0000000077c318c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[4380] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077c318e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[4380] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077c31903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[4380] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000077c3195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\danya\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[5200] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 0000000077c315f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\danya\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[5200] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 0000000077c317d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\danya\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[5200] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 0000000077c318c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\danya\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[5200] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077c318e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\danya\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[5200] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077c31903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\danya\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[5200] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000077c3195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fe56c1107d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fe56c11118 8 bytes [A0, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 37 000007fe56c11155 7 bytes [6B, F8, 7F, 00, 00, 00, 00] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fe56c112e2 8 bytes [80, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fe56c113b7 8 bytes [70, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\SYSTEM32\ntdll.dll!strlen + 168 000007fe56c11538 8 bytes [60, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 405 000007fe56c116e5 8 bytes [50, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 421 000007fe56c116f5 8 bytes [40, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\SYSTEM32\ntdll.dll!strncpy + 354 000007fe56c11942 8 bytes [30, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fe56c12c70 8 bytes {JMP QWORD [RIP-0x18bf]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fe56c12df0 8 bytes {JMP QWORD [RIP-0x18be]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fe56c12e20 8 bytes {JMP QWORD [RIP-0x1d0e]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fe56c12f40 8 bytes {JMP QWORD [RIP-0x1c64]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fe56c12ff0 8 bytes {JMP QWORD [RIP-0x1ea2]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fe56c136b1 8 bytes {JMP QWORD [RIP-0x1d75]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fe56c13991 8 bytes {JMP QWORD [RIP-0x22a2]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fe56c14211 8 bytes {JMP QWORD [RIP-0x2b32]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 0000000077c315f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 0000000077c317d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 0000000077c318c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077c318e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077c31903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5244] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000077c3195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[5916] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 0000000077c315f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[5916] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 0000000077c317d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[5916] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 0000000077c318c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[5916] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077c318e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[5916] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077c31903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[5916] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000077c3195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6084] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 0000000077c315f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6084] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 0000000077c317d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6084] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 0000000077c318c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6084] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077c318e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6084] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077c31903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[6084] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000077c3195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fe56c1107d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fe56c11118 8 bytes [A0, 6B, B9, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 37 000007fe56c11155 7 bytes [6B, B9, FE, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fe56c112e2 8 bytes [80, 6B, B9, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fe56c113b7 8 bytes [70, 6B, B9, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\SYSTEM32\ntdll.dll!strlen + 168 000007fe56c11538 8 bytes [60, 6B, B9, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 405 000007fe56c116e5 8 bytes [50, 6B, B9, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 421 000007fe56c116f5 8 bytes [40, 6B, B9, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\SYSTEM32\ntdll.dll!strncpy + 354 000007fe56c11942 8 bytes [30, 6B, B9, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fe56c12c70 8 bytes {JMP QWORD [RIP-0x18bf]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fe56c12df0 8 bytes {JMP QWORD [RIP-0x18be]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fe56c12e20 8 bytes {JMP QWORD [RIP-0x1d0e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fe56c12f40 8 bytes {JMP QWORD [RIP-0x1c64]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fe56c12ff0 8 bytes {JMP QWORD [RIP-0x1ea2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fe56c136b1 8 bytes {JMP QWORD [RIP-0x1d75]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fe56c13991 8 bytes {JMP QWORD [RIP-0x22a2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fe56c14211 8 bytes {JMP QWORD [RIP-0x2b32]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 0000000077c315f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 0000000077c317d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 0000000077c318c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077c318e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077c31903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6960] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000077c3195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fe56c1107d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fe56c11118 8 bytes [A0, 6B, 85, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 37 000007fe56c11155 7 bytes [6B, 85, FE, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fe56c112e2 8 bytes [80, 6B, 85, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fe56c113b7 8 bytes [70, 6B, 85, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\SYSTEM32\ntdll.dll!strlen + 168 000007fe56c11538 8 bytes [60, 6B, 85, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 405 000007fe56c116e5 8 bytes [50, 6B, 85, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 421 000007fe56c116f5 8 bytes [40, 6B, 85, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\SYSTEM32\ntdll.dll!strncpy + 354 000007fe56c11942 8 bytes [30, 6B, 85, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fe56c12c70 8 bytes {JMP QWORD [RIP-0x18bf]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fe56c12df0 8 bytes {JMP QWORD [RIP-0x18be]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fe56c12e20 8 bytes {JMP QWORD [RIP-0x1d0e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fe56c12f40 8 bytes {JMP QWORD [RIP-0x1c64]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fe56c12ff0 8 bytes {JMP QWORD [RIP-0x1ea2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fe56c136b1 8 bytes {JMP QWORD [RIP-0x1d75]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fe56c13991 8 bytes {JMP QWORD [RIP-0x22a2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fe56c14211 8 bytes {JMP QWORD [RIP-0x2b32]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 0000000077c315f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 0000000077c317d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 0000000077c318c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077c318e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077c31903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6976] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000077c3195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fe56c1107d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fe56c11118 8 bytes [A0, 6B, 67, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 37 000007fe56c11155 7 bytes [6B, 67, FE, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fe56c112e2 8 bytes [80, 6B, 67, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fe56c113b7 8 bytes [70, 6B, 67, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\SYSTEM32\ntdll.dll!strlen + 168 000007fe56c11538 8 bytes [60, 6B, 67, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 405 000007fe56c116e5 8 bytes [50, 6B, 67, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 421 000007fe56c116f5 8 bytes [40, 6B, 67, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\SYSTEM32\ntdll.dll!strncpy + 354 000007fe56c11942 8 bytes [30, 6B, 67, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fe56c12c70 8 bytes {JMP QWORD [RIP-0x18bf]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fe56c12df0 8 bytes {JMP QWORD [RIP-0x18be]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fe56c12e20 8 bytes {JMP QWORD [RIP-0x1d0e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fe56c12f40 8 bytes {JMP QWORD [RIP-0x1c64]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fe56c12ff0 8 bytes {JMP QWORD [RIP-0x1ea2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fe56c136b1 8 bytes {JMP QWORD [RIP-0x1d75]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fe56c13991 8 bytes {JMP QWORD [RIP-0x22a2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fe56c14211 8 bytes {JMP QWORD [RIP-0x2b32]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 0000000077c315f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 0000000077c317d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 0000000077c318c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077c318e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077c31903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7100] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000077c3195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fe56c1107d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fe56c11118 8 bytes [A0, 6B, C1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 37 000007fe56c11155 7 bytes [6B, C1, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fe56c112e2 8 bytes [80, 6B, C1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fe56c113b7 8 bytes [70, 6B, C1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\SYSTEM32\ntdll.dll!strlen + 168 000007fe56c11538 8 bytes [60, 6B, C1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 405 000007fe56c116e5 8 bytes [50, 6B, C1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 421 000007fe56c116f5 8 bytes [40, 6B, C1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\SYSTEM32\ntdll.dll!strncpy + 354 000007fe56c11942 8 bytes [30, 6B, C1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fe56c12c70 8 bytes {JMP QWORD [RIP-0x18bf]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fe56c12df0 8 bytes {JMP QWORD [RIP-0x18be]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fe56c12e20 8 bytes {JMP QWORD [RIP-0x1d0e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fe56c12f40 8 bytes {JMP QWORD [RIP-0x1c64]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fe56c12ff0 8 bytes {JMP QWORD [RIP-0x1ea2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fe56c136b1 8 bytes {JMP QWORD [RIP-0x1d75]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fe56c13991 8 bytes {JMP QWORD [RIP-0x22a2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fe56c14211 8 bytes {JMP QWORD [RIP-0x2b32]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 0000000077c315f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 0000000077c317d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 0000000077c318c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077c318e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077c31903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000077c3195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fe56c1107d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fe56c11118 8 bytes [A0, 6B, CA, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 37 000007fe56c11155 7 bytes [6B, CA, FE, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fe56c112e2 8 bytes [80, 6B, CA, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fe56c113b7 8 bytes [70, 6B, CA, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!strlen + 168 000007fe56c11538 8 bytes [60, 6B, CA, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 405 000007fe56c116e5 8 bytes [50, 6B, CA, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 421 000007fe56c116f5 8 bytes [40, 6B, CA, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!strncpy + 354 000007fe56c11942 8 bytes [30, 6B, CA, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fe56c12c70 8 bytes {JMP QWORD [RIP-0x18bf]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fe56c12df0 8 bytes {JMP QWORD [RIP-0x18be]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fe56c12e20 8 bytes {JMP QWORD [RIP-0x1d0e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fe56c12f40 8 bytes {JMP QWORD [RIP-0x1c64]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fe56c12ff0 8 bytes {JMP QWORD [RIP-0x1ea2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fe56c136b1 8 bytes {JMP QWORD [RIP-0x1d75]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fe56c13991 8 bytes {JMP QWORD [RIP-0x22a2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fe56c14211 8 bytes {JMP QWORD [RIP-0x2b32]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 0000000077c315f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 0000000077c317d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 0000000077c318c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077c318e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077c31903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2352] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000077c3195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fe56c1107d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fe56c11118 8 bytes [A0, 6B, A0, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 37 000007fe56c11155 7 bytes [6B, A0, FE, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fe56c112e2 8 bytes [80, 6B, A0, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fe56c113b7 8 bytes [70, 6B, A0, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\SYSTEM32\ntdll.dll!strlen + 168 000007fe56c11538 8 bytes [60, 6B, A0, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 405 000007fe56c116e5 8 bytes [50, 6B, A0, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 421 000007fe56c116f5 8 bytes [40, 6B, A0, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\SYSTEM32\ntdll.dll!strncpy + 354 000007fe56c11942 8 bytes [30, 6B, A0, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fe56c12c70 8 bytes {JMP QWORD [RIP-0x18bf]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fe56c12df0 8 bytes {JMP QWORD [RIP-0x18be]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fe56c12e20 8 bytes {JMP QWORD [RIP-0x1d0e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fe56c12f40 8 bytes {JMP QWORD [RIP-0x1c64]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fe56c12ff0 8 bytes {JMP QWORD [RIP-0x1ea2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fe56c136b1 8 bytes {JMP QWORD [RIP-0x1d75]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fe56c13991 8 bytes {JMP QWORD [RIP-0x22a2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fe56c14211 8 bytes {JMP QWORD [RIP-0x2b32]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 0000000077c315f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 0000000077c317d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 0000000077c318c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077c318e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077c31903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000077c3195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fe56c1107d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fe56c11118 8 bytes [A0, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 37 000007fe56c11155 7 bytes [6B, F8, 7F, 00, 00, 00, 00] .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fe56c112e2 8 bytes [80, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fe56c113b7 8 bytes [70, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\SYSTEM32\ntdll.dll!strlen + 168 000007fe56c11538 8 bytes [60, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 405 000007fe56c116e5 8 bytes [50, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 421 000007fe56c116f5 8 bytes [40, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\SYSTEM32\ntdll.dll!strncpy + 354 000007fe56c11942 8 bytes [30, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fe56c12c70 8 bytes {JMP QWORD [RIP-0x18bf]} .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fe56c12df0 8 bytes {JMP QWORD [RIP-0x18be]} .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fe56c12e20 8 bytes {JMP QWORD [RIP-0x1d0e]} .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fe56c12f40 8 bytes {JMP QWORD [RIP-0x1c64]} .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fe56c12ff0 8 bytes {JMP QWORD [RIP-0x1ea2]} .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fe56c136b1 8 bytes {JMP QWORD [RIP-0x1d75]} .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fe56c13991 8 bytes {JMP QWORD [RIP-0x22a2]} .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fe56c14211 8 bytes {JMP QWORD [RIP-0x2b32]} .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 0000000077c315f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 0000000077c317d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 0000000077c318c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077c318e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077c31903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\danya\Downloads\Logi\00o32h7t.exe[8036] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000077c3195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\WINDOWS\explorer.exe[2196] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcConnectPortEx] [5c7964f0] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\prremote.dll ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [780:808] fffff960008b35e8 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -715758170 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----