GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-05 21:11:42 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HGST_HTS721010A9E630 rev.JB0OA3J0 931,51GB Running: 3v9zn1je.exe; Driver: C:\Users\Dejw\AppData\Local\Temp\aftciaow.sys ---- Kernel code sections - GMER 2.2 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 451 00000000774711d3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007747142f 8 bytes [50, 8E, F3, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077471584 8 bytes [40, 8E, F3, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007747190e 8 bytes [30, 8E, F3, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077471c44 8 bytes [20, 8E, F3, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077471dc5 8 bytes [10, 8E, F3, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077471f4f 8 bytes [00, 8E, F3, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76 0000000077471fcc 8 bytes [F0, 8D, F3, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 580 0000000077472284 8 bytes [E0, 8D, F3, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774bff80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774c0100 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774c0130 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774c0250 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774c0300 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774c0930 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774c0b80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774c13e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 451 00000000774711d3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007747142f 8 bytes [50, 9E, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077471584 8 bytes [40, 9E, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007747190e 8 bytes [30, 9E, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077471c44 8 bytes [20, 9E, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077471dc5 8 bytes [10, 9E, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077471f4f 8 bytes [00, 9E, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76 0000000077471fcc 8 bytes [F0, 9D, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 580 0000000077472284 8 bytes [E0, 9D, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774bff80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774c0100 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774c0130 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774c0250 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774c0300 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774c0930 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774c0b80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774c13e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 451 00000000774711d3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007747142f 8 bytes [50, 6E, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077471584 8 bytes [40, 6E, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007747190e 8 bytes [30, 6E, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077471c44 8 bytes [20, 6E, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077471dc5 8 bytes [10, 6E, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077471f4f 8 bytes [00, 6E, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76 0000000077471fcc 8 bytes [F0, 6D, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 580 0000000077472284 8 bytes [E0, 6D, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774bff80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774c0100 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774c0130 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774c0250 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774c0300 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774c0930 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774c0b80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774c13e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 451 00000000774711d3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007747142f 8 bytes [50, DE, E8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077471584 8 bytes [40, DE, E8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007747190e 8 bytes {XOR DH, BL; CALL 0x106} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077471c44 8 bytes {AND DH, BL; CALL 0x106} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077471dc5 8 bytes {ADC DH, BL; CALL 0x106} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077471f4f 8 bytes {ADD DH, BL; CALL 0x106} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76 0000000077471fcc 8 bytes [F0, DD, E8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 580 0000000077472284 8 bytes {LOOPNZ 0xffffffffffffffdf; CALL 0x106} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774bff80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774c0100 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774c0130 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774c0250 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774c0300 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774c0930 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774c0b80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774c13e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 451 00000000774711d3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007747142f 8 bytes [50, EE, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077471584 8 bytes [40, EE, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007747190e 8 bytes [30, EE, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077471c44 8 bytes [20, EE, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077471dc5 8 bytes [10, EE, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077471f4f 8 bytes [00, EE, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76 0000000077471fcc 8 bytes [F0, ED, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 580 0000000077472284 8 bytes [E0, ED, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774bff80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774c0100 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774c0130 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774c0250 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774c0300 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774c0930 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774c0b80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774c13e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 451 00000000774711d3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007747142f 8 bytes [50, 0E, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077471584 8 bytes [40, 0E, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007747190e 8 bytes [30, 0E, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077471c44 8 bytes [20, 0E, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077471dc5 8 bytes [10, 0E, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077471f4f 8 bytes [00, 0E, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76 0000000077471fcc 8 bytes [F0, 0D, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 580 0000000077472284 8 bytes [E0, 0D, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774bff80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774c0100 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774c0130 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774c0250 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774c0300 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774c0930 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774c0b80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774c13e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 451 00000000774711d3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007747142f 8 bytes [50, AE, ED, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077471584 8 bytes [40, AE, ED, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007747190e 8 bytes [30, AE, ED, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077471c44 8 bytes [20, AE, ED, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077471dc5 8 bytes [10, AE, ED, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077471f4f 8 bytes [00, AE, ED, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76 0000000077471fcc 8 bytes [F0, AD, ED, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 580 0000000077472284 8 bytes [E0, AD, ED, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774bff80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774c0100 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774c0130 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774c0250 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774c0300 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774c0930 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774c0b80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774c13e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 451 00000000774711d3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007747142f 8 bytes [50, DE, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077471584 8 bytes [40, DE, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007747190e 8 bytes [30, DE, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077471c44 8 bytes [20, DE, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077471dc5 8 bytes [10, DE, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077471f4f 8 bytes [00, DE, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76 0000000077471fcc 8 bytes [F0, DD, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 580 0000000077472284 8 bytes [E0, DD, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774bff80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774c0100 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774c0130 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774c0250 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774c0300 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774c0930 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774c0b80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774c13e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 451 00000000774711d3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007747142f 8 bytes [50, 1E, F5, 7E, 00, 00, 00, ...] .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077471584 8 bytes [40, 1E, F5, 7E, 00, 00, 00, ...] .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007747190e 8 bytes [30, 1E, F5, 7E, 00, 00, 00, ...] .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077471c44 8 bytes [20, 1E, F5, 7E, 00, 00, 00, ...] .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077471dc5 8 bytes [10, 1E, F5, 7E, 00, 00, 00, ...] .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077471f4f 8 bytes [00, 1E, F5, 7E, 00, 00, 00, ...] .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76 0000000077471fcc 8 bytes [F0, 1D, F5, 7E, 00, 00, 00, ...] .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 580 0000000077472284 8 bytes [E0, 1D, F5, 7E, 00, 00, 00, ...] .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774bff80 8 bytes {JMP QWORD [RIP-0x4e342]} .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774c0100 8 bytes {JMP QWORD [RIP-0x4e341]} .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774c0130 8 bytes {JMP QWORD [RIP-0x4ed07]} .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774c0250 8 bytes {JMP QWORD [RIP-0x4e948]} .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774c0300 8 bytes {JMP QWORD [RIP-0x4ed82]} .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774c0930 8 bytes {JMP QWORD [RIP-0x4e6b2]} .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774c0b80 8 bytes {JMP QWORD [RIP-0x4ebba]} .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774c13e0 8 bytes {JMP QWORD [RIP-0x4f497]} .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Dejw\Documents\3v9zn1je.exe[3604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800163ce94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800163cc38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800163d614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800163da10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800163d86c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff8800356cad8] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Devices - GMER 2.2 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa8005b2c2c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa8005b2c2c0 ---- Kernel code sections - GMER 2.2 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification Device \Driver\atapi \Device\Ide\IdePort1 fffffa8005b2c2c0 ---- Kernel code sections - GMER 2.2 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification Device \Driver\atapi \Device\Ide\IdePort2 fffffa8005b2c2c0 ---- Kernel code sections - GMER 2.2 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 fffffa8005b2c2c0 ---- Kernel code sections - GMER 2.2 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification Device \Driver\atapi \Device\Ide\IdePort3 fffffa8005b2c2c0 Device \FileSystem\Ntfs \Ntfs fffffa8005b302c0 Device \Driver\usbehci \Device\USBPDO-5 fffffa80073b52c0 Device \Driver\usbohci \Device\USBFDO-3 fffffa80073b32c0 Device \Driver\usbohci \Device\USBPDO-1 fffffa80073b32c0 Device \Driver\cdrom \Device\CdRom0 fffffa80068cf2c0 Device \Driver\usbohci \Device\USBPDO-6 fffffa80073b32c0 Device \Driver\usbohci \Device\USBFDO-4 fffffa80073b32c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa80073b32c0 Device \Driver\usbehci \Device\USBPDO-2 fffffa80073b52c0 Device \Driver\usbehci \Device\USBFDO-5 fffffa80073b52c0 Device \Driver\usbohci \Device\USBPDO-3 fffffa80073b32c0 Device \Driver\usbohci \Device\USBFDO-1 fffffa80073b32c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80070e62c0 Device \Driver\usbohci \Device\USBFDO-6 fffffa80073b32c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{376D9599-3829-4BDF-9470-A123A719EDDD} fffffa80070e62c0 Device \Driver\atapi \Device\ScsiPort0 fffffa8005b2c2c0 Device \Driver\usbohci \Device\USBPDO-4 fffffa80073b32c0 Device \Driver\usbehci \Device\USBFDO-2 fffffa80073b52c0 Device \Driver\atapi \Device\ScsiPort1 fffffa8005b2c2c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa80073b32c0 Device \Driver\atapi \Device\ScsiPort2 fffffa8005b2c2c0 Device \Driver\atapi \Device\ScsiPort3 fffffa8005b2c2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{E865626F-900A-4A15-8334-948C94DCBA92} fffffa80070e62c0 ---- Trace I/O - GMER 2.2 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8005b2c2c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa8005b2c2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80061c52e0] fffffa80061c52e0 Trace 3 CLASSPNP.SYS[fffff880020fe43f] -> nt!IofCallDriver -> [0xfffffa80060da310] fffffa80060da310 Trace 5 ACPI.sys[fffff88001763781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80060dd060] fffffa80060dd060 Trace \Driver\atapi[0xfffffa8005b638e0] -> IRP_MJ_CREATE -> 0xfffffa8005b2c2c0 fffffa8005b2c2c0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2C 0x04 0x64 0x12 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x58 0x39 0x8E 0x83 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x59 0xEE 0x41 0x27 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x27 0xAB 0xB2 0x2A ... ---- Files - GMER 2.2 ---- File C:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_d1d5f78d6bdf46d5\winload.exe.mui (size mismatch) 28672/35904 bytes executable File C:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_d1d5f78d6bdf46d5\winresume.exe.mui (size mismatch) 23040/30272 bytes executable File C:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16397_none_b712dc81865e358e\winload.exe (size mismatch) 591360/604176 bytes executable File C:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16397_none_b712dc81865e358e\winresume.exe (size mismatch) 506368/518368 bytes executable File C:\Windows\winsxs\amd64_microsoft-windows-bootres_31bf3856ad364e35_6.1.7600.16385_none_9b11b2ca9ba1db4b\bootres.dll (size mismatch) 537600/2217552 bytes executable ---- EOF - GMER 2.2 ----