GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-07 20:27:22 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000021 TOSHIBA_MQ01ABD100 rev.AX0A4M 931,51GB Running: uk8er7p6.exe; Driver: C:\Users\Kamila\AppData\Local\Temp\uwldqpog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb20384b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb20384f3c 8 bytes [A0, 6B, 9F, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb20385216 8 bytes [90, 6B, 9F, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb2038540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb203857af 8 bytes [70, 6B, 9F, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb20385964 8 bytes [60, 6B, 9F, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb20385f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb20385f5e 8 bytes [30, 6B, 9F, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb204012a0 8 bytes {JMP QWORD [RIP-0x7baf7]} .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb20401420 8 bytes {JMP QWORD [RIP-0x7bac2]} .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb20401450 8 bytes {JMP QWORD [RIP-0x7c51a]} .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb20401570 8 bytes {JMP QWORD [RIP-0x7c167]} .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb20401620 8 bytes {JMP QWORD [RIP-0x7c410]} .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb20401ce0 8 bytes {JMP QWORD [RIP-0x7bd88]} .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb20401fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]} .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb20402860 8 bytes {JMP QWORD [RIP-0x7cbfe]} .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 0000000077ba13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 0000000077ba1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077ba1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077ba1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077ba16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077ba16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[6092] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077ba1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb20384b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb20384f3c 8 bytes [A0, 6B, E4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb20385216 8 bytes [90, 6B, E4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb2038540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb203857af 8 bytes [70, 6B, E4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb20385964 8 bytes [60, 6B, E4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb20385f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb20385f5e 8 bytes [30, 6B, E4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb204012a0 8 bytes {JMP QWORD [RIP-0x7baf7]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb20401420 8 bytes {JMP QWORD [RIP-0x7bac2]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb20401450 8 bytes {JMP QWORD [RIP-0x7c51a]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb20401570 8 bytes {JMP QWORD [RIP-0x7c167]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb20401620 8 bytes {JMP QWORD [RIP-0x7c410]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb20401ce0 8 bytes {JMP QWORD [RIP-0x7bd88]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb20401fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb20402860 8 bytes {JMP QWORD [RIP-0x7cbfe]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 0000000077ba13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 0000000077ba1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077ba1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077ba1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077ba16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077ba16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3780] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077ba1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb20384b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb20384f3c 8 bytes [A0, 6B, 3D, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb20385216 8 bytes [90, 6B, 3D, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb2038540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb203857af 8 bytes [70, 6B, 3D, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb20385964 8 bytes [60, 6B, 3D, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb20385f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb20385f5e 8 bytes [30, 6B, 3D, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb204012a0 8 bytes {JMP QWORD [RIP-0x7baf7]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb20401420 8 bytes {JMP QWORD [RIP-0x7bac2]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb20401450 8 bytes {JMP QWORD [RIP-0x7c51a]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb20401570 8 bytes {JMP QWORD [RIP-0x7c167]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb20401620 8 bytes {JMP QWORD [RIP-0x7c410]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb20401ce0 8 bytes {JMP QWORD [RIP-0x7bd88]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb20401fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb20402860 8 bytes {JMP QWORD [RIP-0x7cbfe]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 0000000077ba13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 0000000077ba1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077ba1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077ba1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077ba16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077ba16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[2508] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077ba1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb20384b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb20384f3c 8 bytes [A0, 6B, AC, 7F, 00, 00, 00, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb20385216 8 bytes [90, 6B, AC, 7F, 00, 00, 00, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb2038540f 8 bytes {JMP 0xffffffffffffffee} .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb203857af 8 bytes [70, 6B, AC, 7F, 00, 00, 00, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb20385964 8 bytes [60, 6B, AC, 7F, 00, 00, 00, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb20385f01 8 bytes {JMP 0xffffffffffffff9e} .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb20385f5e 8 bytes [30, 6B, AC, 7F, 00, 00, 00, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb204012a0 8 bytes {JMP QWORD [RIP-0x7baf7]} .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb20401420 8 bytes {JMP QWORD [RIP-0x7bac2]} .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb20401450 8 bytes {JMP QWORD [RIP-0x7c51a]} .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb20401570 8 bytes {JMP QWORD [RIP-0x7c167]} .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb20401620 8 bytes {JMP QWORD [RIP-0x7c410]} .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb20401ce0 8 bytes {JMP QWORD [RIP-0x7bd88]} .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb20401fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]} .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb20402860 8 bytes {JMP QWORD [RIP-0x7cbfe]} .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 0000000077ba13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 0000000077ba1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077ba1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077ba1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077ba16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077ba16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[1884] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077ba1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb20384b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb20384f3c 8 bytes [A0, 6B, C2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb20385216 8 bytes [90, 6B, C2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb2038540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb203857af 8 bytes [70, 6B, C2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb20385964 8 bytes [60, 6B, C2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb20385f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb20385f5e 8 bytes [30, 6B, C2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb204012a0 8 bytes {JMP QWORD [RIP-0x7baf7]} .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb20401420 8 bytes {JMP QWORD [RIP-0x7bac2]} .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb20401450 8 bytes {JMP QWORD [RIP-0x7c51a]} .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb20401570 8 bytes {JMP QWORD [RIP-0x7c167]} .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb20401620 8 bytes {JMP QWORD [RIP-0x7c410]} .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb20401ce0 8 bytes {JMP QWORD [RIP-0x7bd88]} .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb20401fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]} .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb20402860 8 bytes {JMP QWORD [RIP-0x7cbfe]} .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 0000000077ba13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 0000000077ba1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077ba1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077ba1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077ba16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077ba16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4848] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077ba1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb20384b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb20384f3c 8 bytes [A0, 6B, 03, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb20385216 8 bytes [90, 6B, 03, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb2038540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb203857af 8 bytes [70, 6B, 03, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb20385964 8 bytes [60, 6B, 03, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb20385f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb20385f5e 8 bytes [30, 6B, 03, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb204012a0 8 bytes {JMP QWORD [RIP-0x7baf7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb20401420 8 bytes {JMP QWORD [RIP-0x7bac2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb20401450 8 bytes {JMP QWORD [RIP-0x7c51a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb20401570 8 bytes {JMP QWORD [RIP-0x7c167]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb20401620 8 bytes {JMP QWORD [RIP-0x7c410]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb20401ce0 8 bytes {JMP QWORD [RIP-0x7bd88]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb20401fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb20402860 8 bytes {JMP QWORD [RIP-0x7cbfe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 0000000077ba13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 0000000077ba1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077ba1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077ba1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077ba16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077ba16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077ba1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb20384b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb20384f3c 8 bytes [A0, 6B, 34, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb20385216 8 bytes [90, 6B, 34, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb2038540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb203857af 8 bytes [70, 6B, 34, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb20385964 8 bytes [60, 6B, 34, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb20385f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb20385f5e 8 bytes [30, 6B, 34, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb204012a0 8 bytes {JMP QWORD [RIP-0x7baf7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb20401420 8 bytes {JMP QWORD [RIP-0x7bac2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb20401450 8 bytes {JMP QWORD [RIP-0x7c51a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb20401570 8 bytes {JMP QWORD [RIP-0x7c167]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb20401620 8 bytes {JMP QWORD [RIP-0x7c410]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb20401ce0 8 bytes {JMP QWORD [RIP-0x7bd88]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb20401fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb20402860 8 bytes {JMP QWORD [RIP-0x7cbfe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 0000000077ba13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 0000000077ba1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077ba1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077ba1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077ba16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077ba16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1376] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077ba1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb20384b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb20384f3c 8 bytes [A0, 6B, 70, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb20385216 8 bytes [90, 6B, 70, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb2038540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb203857af 8 bytes [70, 6B, 70, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb20385964 8 bytes [60, 6B, 70, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb20385f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb20385f5e 8 bytes [30, 6B, 70, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb204012a0 8 bytes {JMP QWORD [RIP-0x7baf7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb20401420 8 bytes {JMP QWORD [RIP-0x7bac2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb20401450 8 bytes {JMP QWORD [RIP-0x7c51a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb20401570 8 bytes {JMP QWORD [RIP-0x7c167]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb20401620 8 bytes {JMP QWORD [RIP-0x7c410]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb20401ce0 8 bytes {JMP QWORD [RIP-0x7bd88]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb20401fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb20402860 8 bytes {JMP QWORD [RIP-0x7cbfe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 0000000077ba13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 0000000077ba1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077ba1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077ba1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077ba16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077ba16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4976] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077ba1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb20384b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb20384f3c 8 bytes [A0, 6B, 0D, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb20385216 8 bytes [90, 6B, 0D, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb2038540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb203857af 8 bytes [70, 6B, 0D, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb20385964 8 bytes [60, 6B, 0D, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb20385f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb20385f5e 8 bytes [30, 6B, 0D, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb204012a0 8 bytes {JMP QWORD [RIP-0x7baf7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb20401420 8 bytes {JMP QWORD [RIP-0x7bac2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb20401450 8 bytes {JMP QWORD [RIP-0x7c51a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb20401570 8 bytes {JMP QWORD [RIP-0x7c167]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb20401620 8 bytes {JMP QWORD [RIP-0x7c410]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb20401ce0 8 bytes {JMP QWORD [RIP-0x7bd88]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb20401fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb20402860 8 bytes {JMP QWORD [RIP-0x7cbfe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 0000000077ba13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 0000000077ba1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077ba1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077ba1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077ba16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077ba16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5052] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077ba1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb20384b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb20384f3c 2 bytes [A0, 6B] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 319 00007ffb20384f3f 5 bytes [FE, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb20385216 2 bytes [90, 6B] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 713 00007ffb20385219 5 bytes [FE, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb2038540f 2 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 482 00007ffb20385412 5 bytes [FE, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb203857af 2 bytes [70, 6B] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 914 00007ffb203857b2 5 bytes [FE, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb20385964 2 bytes [60, 6B] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 423 00007ffb20385967 5 bytes [FE, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb20385f01 2 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 660 00007ffb20385f04 5 bytes [FE, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb20385f5e 2 bytes [30, 6B] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 81 00007ffb20385f61 5 bytes [FE, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb204012a0 8 bytes {JMP QWORD [RIP-0x7baf7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb20401420 8 bytes {JMP QWORD [RIP-0x7bac2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb20401450 8 bytes {JMP QWORD [RIP-0x7c51a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb20401570 8 bytes {JMP QWORD [RIP-0x7c167]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb20401620 8 bytes {JMP QWORD [RIP-0x7c410]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb20401ce0 8 bytes {JMP QWORD [RIP-0x7bd88]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb20401fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb20402860 8 bytes {JMP QWORD [RIP-0x7cbfe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 0000000077ba13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 0000000077ba1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077ba1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077ba1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077ba16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077ba16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5768] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077ba1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb20384b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb20384f3c 8 bytes [A0, 6B, 7D, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb20385216 8 bytes [90, 6B, 7D, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb2038540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb203857af 8 bytes [70, 6B, 7D, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb20385964 8 bytes [60, 6B, 7D, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb20385f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb20385f5e 8 bytes [30, 6B, 7D, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb204012a0 8 bytes {JMP QWORD [RIP-0x7baf7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb20401420 8 bytes {JMP QWORD [RIP-0x7bac2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb20401450 8 bytes {JMP QWORD [RIP-0x7c51a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb20401570 8 bytes {JMP QWORD [RIP-0x7c167]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb20401620 8 bytes {JMP QWORD [RIP-0x7c410]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb20401ce0 8 bytes {JMP QWORD [RIP-0x7bd88]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb20401fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb20402860 8 bytes {JMP QWORD [RIP-0x7cbfe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 0000000077ba13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 0000000077ba1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077ba1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077ba1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077ba16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077ba16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5816] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077ba1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb20384b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb20384f3c 8 bytes [A0, 6B, 16, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb20385216 8 bytes [90, 6B, 16, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb2038540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb203857af 8 bytes [70, 6B, 16, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb20385964 8 bytes [60, 6B, 16, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb20385f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb20385f5e 8 bytes [30, 6B, 16, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb204012a0 8 bytes {JMP QWORD [RIP-0x7baf7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb20401420 8 bytes {JMP QWORD [RIP-0x7bac2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb20401450 8 bytes {JMP QWORD [RIP-0x7c51a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb20401570 8 bytes {JMP QWORD [RIP-0x7c167]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb20401620 8 bytes {JMP QWORD [RIP-0x7c410]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb20401ce0 8 bytes {JMP QWORD [RIP-0x7bd88]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb20401fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb20402860 8 bytes {JMP QWORD [RIP-0x7cbfe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 0000000077ba13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 0000000077ba1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077ba1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077ba1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077ba16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077ba16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5356] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077ba1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb20384b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb20384f3c 8 bytes [A0, 6B, F8, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb20385216 8 bytes [90, 6B, F8, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb2038540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb203857af 8 bytes [70, 6B, F8, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb20385964 8 bytes [60, 6B, F8, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb20385f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb20385f5e 8 bytes [30, 6B, F8, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb204012a0 8 bytes {JMP QWORD [RIP-0x7baf7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb20401420 8 bytes {JMP QWORD [RIP-0x7bac2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb20401450 8 bytes {JMP QWORD [RIP-0x7c51a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb20401570 8 bytes {JMP QWORD [RIP-0x7c167]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb20401620 8 bytes {JMP QWORD [RIP-0x7c410]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb20401ce0 8 bytes {JMP QWORD [RIP-0x7bd88]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb20401fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb20402860 8 bytes {JMP QWORD [RIP-0x7cbfe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 0000000077ba13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 0000000077ba1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077ba1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077ba1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077ba16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077ba16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5088] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077ba1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb20384b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb20384f3c 8 bytes [A0, 6B, FC, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb20385216 8 bytes [90, 6B, FC, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb2038540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb203857af 8 bytes [70, 6B, FC, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb20385964 8 bytes [60, 6B, FC, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb20385f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb20385f5e 8 bytes [30, 6B, FC, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb204012a0 8 bytes {JMP QWORD [RIP-0x7baf7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb20401420 8 bytes {JMP QWORD [RIP-0x7bac2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb20401450 8 bytes {JMP QWORD [RIP-0x7c51a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb20401570 8 bytes {JMP QWORD [RIP-0x7c167]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb20401620 8 bytes {JMP QWORD [RIP-0x7c410]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb20401ce0 8 bytes {JMP QWORD [RIP-0x7bd88]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb20401fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb20402860 8 bytes {JMP QWORD [RIP-0x7cbfe]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 0000000077ba13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 0000000077ba1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077ba1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077ba1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077ba16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077ba16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5180] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077ba1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb20384b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb20384f3c 8 bytes [A0, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb20385216 8 bytes [90, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb2038540f 8 bytes {JMP 0xffffffffffffffee} .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb203857af 8 bytes [70, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb20385964 8 bytes [60, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb20385f01 8 bytes {JMP 0xffffffffffffff9e} .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb20385f5e 8 bytes [30, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb204012a0 8 bytes {JMP QWORD [RIP-0x7baf7]} .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb20401420 8 bytes {JMP QWORD [RIP-0x7bac2]} .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb20401450 8 bytes {JMP QWORD [RIP-0x7c51a]} .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb20401570 8 bytes {JMP QWORD [RIP-0x7c167]} .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb20401620 8 bytes {JMP QWORD [RIP-0x7c410]} .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb20401ce0 8 bytes {JMP QWORD [RIP-0x7bd88]} .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb20401fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]} .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb20402860 8 bytes {JMP QWORD [RIP-0x7cbfe]} .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 0000000077ba13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 0000000077ba1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077ba1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077ba1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077ba16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077ba16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kamila\Desktop\uk8er7p6.exe[5536] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077ba1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\WINDOWS\system32\AUDIODG.EXE[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffb20520000] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\WINDOWS\system32\AUDIODG.EXE[ntdll.dll!NtClose] [7ffb20520010] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\WINDOWS\SYSTEM32\KERNEL32.DLL[ntdll.dll!NtClose] [7ffb20520010] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\WINDOWS\SYSTEM32\KERNELBASE.dll[ntdll.dll!NtClose] [7ffb20520010] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffb20520000] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtClose] [7ffb20520010] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtClose] [7ffb20520010] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtClose] [7ffb20520010] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\WINDOWS\SYSTEM32\kernel.appcore.dll[ntdll.dll!NtClose] [7ffb20520010] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\WINDOWS\system32\CRYPTBASE.dll[ntdll.dll!NtClose] [7ffb20520010] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\WINDOWS\system32\bcryptPrimitives.dll[ntdll.dll!NtClose] [7ffb20520010] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\WINDOWS\SYSTEM32\user32.dll[ntdll.dll!NtClose] [7ffb20520010] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtClose] [7ffb20520010] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\WINDOWS\system32\CRYPTSP.dll[ntdll.dll!NtClose] [7ffb20520010] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtClose] [7ffb20520010] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\WINDOWS\system32\bcrypt.dll[ntdll.dll!NtClose] [7ffb20520010] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\WINDOWS\System32\audioses.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffb20520000] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\WINDOWS\System32\AVRT.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffb20520000] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\WINDOWS\System32\AVRT.dll[ntdll.dll!NtClose] [7ffb20520010] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\Windows\system32\ole32.dll[ntdll.dll!NtClose] [7ffb20520010] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtClose] [7ffb20520010] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\Windows\system32\SETUPAPI.dll[ntdll.dll!NtClose] [7ffb20520010] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\Windows\system32\SHLWAPI.dll[ntdll.dll!NtClose] [7ffb20520010] IAT C:\WINDOWS\system32\AUDIODG.EXE[728] @ C:\Windows\system32\SHELL32.dll[ntdll.dll!NtClose] [7ffb20520010] ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [844:868] fffff960008942d0 Thread C:\Windows\System32\SettingSyncHost.exe [4888:5256] 00007ffb1a5c7090 Thread C:\Windows\System32\SettingSyncHost.exe [4888:5548] 00007ffb11d37470 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control@LastBootShutdown 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x31 0x11 0xAF 0x59 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x83 0x73 0xB1 0x59 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@en-US 84 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\CMN17360_32_07DB_EB^BC6E46495905B40B8AA01A0BE880AA7F@Timestamp 0xEE 0x19 0xEB 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 944 Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{26290804-82CE-4A1B-A3C5-F018C3A73B70}\Connection@Name Reusable ISATAP Interface {26290804-82CE-4A1B-A3C5-F018C3A73B70} Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Users\Kamila\AppData\Local\Temp\nsk4400.tmp\nsis7z.dll??\??\C:\Users\Kamila\AppData\Local\Temp\nsk4400.tmp\UAC.dll??\??\C:\Users\Kamila\AppData\Local\Temp\nsk4400.tmp\??\??\C:\Users\Kamila\AppData\Local\Temp\~nsuA.tmp\Au_.exe??\??\C:\Users\Kamila\AppData\Local\Temp\~nsuA.tmp??\??\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat??\??\C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat??\??\C:\WINDOWS\Temp\obu65CF.tmp??\??\C:\WINDOWS\Temp\obu67B5.tmp??\??\C:\WINDOWS\Temp\obu68FE.tmp??\??\C:\WINDOWS\Temp\obu69BA.tmp??\??\C:\WINDOWS\Temp\obu9C40.tmp??\??\C:\WINDOWS\Temp\obu9D89.tmp??\??\C:\WINDOWS\Temp\obu9E07.tmp??\??\C:\WINDOWS\Temp\obu9E66.tmp??\??\C:\WINDOWS\Temp\obuAF0E.tmp??\??\C:\WINDOWS\Temp\obuC629.tmp??\??\C:\Users\Kamila\AppData\Local\Temp\FXSAPIDebugLogFile.txt?? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@AllowProtectedRenames 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3900064 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1570968848 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 86 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 488221393 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 3866 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 3871 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID ab90c1d7-9bbc-4543-8fbe-5da426c Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AITEventLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\SQMLogger@FileCounter 6 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\acpiex\Parameters\Wdf@TimeOfLastSqmLog 0x87 0x45 0x67 0x4B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\AmdPPM\Parameters\Wdf@TimeOfLastSqmLog 0x57 0xE2 0xA2 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\amdpsp\Parameters\Wdf@TimeOfLastSqmLog 0x77 0xD2 0x05 0x4C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\645a04d47765 Reg HKLM\SYSTEM\CurrentControlSet\Services\cdrom\Parameters\Wdf@TimeOfLastSqmLog 0x5A 0xCD 0xCD 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CompositeBus\Parameters\Wdf@TimeOfLastSqmLog 0x57 0xE2 0xA2 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{6fc1f086-9ed1-4283-b92c-36ece4b374b2}@LastProbeTime 1478249564 Reg HKLM\SYSTEM\CurrentControlSet\Services\HDAudBus\Parameters\Wdf@TimeOfLastSqmLog 0xBA 0xE1 0xC1 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{26290804-82CE-4A1B-A3C5-F018C3A73B70}@InterfaceName Reusable ISATAP Interface {26290804-82CE-4A1B-A3C5-F018C3A73B70} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{26290804-82CE-4A1B-A3C5-F018C3A73B70}@ReusableType 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters\Wdf@TimeOfLastSqmLog 0xAF 0x45 0xD0 0x08 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\msisadrv\Parameters\Wdf@TimeOfLastSqmLog 0xFA 0x34 0x32 0x4C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\NdisVirtualBus\Parameters\Wdf@TimeOfLastSqmLog 0xF9 0x25 0xEB 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PEAUTH\Parameters\Wdf@TimeOfLastSqmLog 0x1A 0x9F 0x19 0x69 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?N?, ?lis ?06 ?16, 04:24:20???????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 13003 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 5944 Reg HKLM\SYSTEM\CurrentControlSet\Services\SmbDrv\Parameters\Wdf@TimeOfLastSqmLog 0x37 0xC7 0xE8 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 84 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 781 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters\Wdf@TimeOfLastSqmLog 0x37 0xC7 0xE8 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58C477A9-34B6-48D8-806A-E3D591897A00}@LeaseObtainedTime 1478540197 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58C477A9-34B6-48D8-806A-E3D591897A00}@T1 1478560054 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58C477A9-34B6-48D8-806A-E3D591897A00}@T2 1478576254 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58C477A9-34B6-48D8-806A-E3D591897A00}@LeaseTerminatesTime 1478583397 Reg HKLM\SYSTEM\CurrentControlSet\Services\Thotkey\Parameters\Wdf@TimeOfLastSqmLog 0x37 0xC7 0xE8 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UCX01000\Parameters\Wdf@TimeOfLastSqmLog 0x7D 0x2D 0xA3 0x53 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\umbus\Parameters\Wdf@TimeOfLastSqmLog 0x57 0xE2 0xA2 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\USBHUB3\Parameters\Wdf@TimeOfLastSqmLog 0x4D 0x30 0x37 0x59 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\USBXHCI\Parameters\Wdf@TimeOfLastSqmLog 0x80 0x39 0xDF 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrvroot\Parameters\Wdf@TimeOfLastSqmLog 0xC9 0xFB 0xCE 0x4B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vwifibus\Parameters\Wdf@TimeOfLastSqmLog 0x7A 0x42 0xE3 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@GlobalAssocChangedCounter 96 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@CloudSettingsDirtyMarks 2848 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@CloudUsertileDirtyMarks 2848 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0x64 0x4D 0x44 0x06 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----