GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-26 13:20:17 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000036 HGST_HTS545050A7E680 rev.GR2OA320 465,76GB Running: z7iqttkv.exe; Driver: C:\Users\LENA_M~1\AppData\Local\Temp\agayrkog.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\SYSTEM32\iertutil.dll [2916] entry point in ".rdata" section 00000000717a1590 .text C:\WINDOWS\Explorer.EXE[1876] C:\WINDOWS\System32\KERNEL32.DLL!MapViewOfFileEx + 10 00007ffe3875beba 9 bytes {JMP QWORD [RIP-0x7fffbec0]} ? C:\WINDOWS\SYSTEM32\iertutil.dll [6412] entry point in ".rdata" section 00000000717a1590 ? C:\WINDOWS\SYSTEM32\dbgcore.DLL [6412] entry point in ".rdata" section 0000000070cac940 .text C:\Users\Lena_Mateusz\AppData\Local\Microsoft\OneDrive\OneDrive.exe[6732] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffe3909132f 8 bytes [50, 6E, 74, 7E, 00, 00, 00, ...] .text C:\Users\Lena_Mateusz\AppData\Local\Microsoft\OneDrive\OneDrive.exe[6732] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffe39091421 8 bytes [40, 6E, 74, 7E, 00, 00, 00, ...] .text ... * 2 .text C:\Users\Lena_Mateusz\AppData\Local\Microsoft\OneDrive\OneDrive.exe[6732] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffe390916b0 8 bytes [20, 6E, 74, 7E, 00, 00, 00, ...] .text C:\Users\Lena_Mateusz\AppData\Local\Microsoft\OneDrive\OneDrive.exe[6732] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffe39091894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Users\Lena_Mateusz\AppData\Local\Microsoft\OneDrive\OneDrive.exe[6732] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffe3909230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Users\Lena_Mateusz\AppData\Local\Microsoft\OneDrive\OneDrive.exe[6732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffe39136260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Users\Lena_Mateusz\AppData\Local\Microsoft\OneDrive\OneDrive.exe[6732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffe39136560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Users\Lena_Mateusz\AppData\Local\Microsoft\OneDrive\OneDrive.exe[6732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffe391365c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Users\Lena_Mateusz\AppData\Local\Microsoft\OneDrive\OneDrive.exe[6732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffe39136800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Users\Lena_Mateusz\AppData\Local\Microsoft\OneDrive\OneDrive.exe[6732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffe39136960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Users\Lena_Mateusz\AppData\Local\Microsoft\OneDrive\OneDrive.exe[6732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffe39137770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Users\Lena_Mateusz\AppData\Local\Microsoft\OneDrive\OneDrive.exe[6732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffe39137d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Users\Lena_Mateusz\AppData\Local\Microsoft\OneDrive\OneDrive.exe[6732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffe39138fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Users\Lena_Mateusz\AppData\Local\Microsoft\OneDrive\OneDrive.exe[6732] C:\WINDOWS\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000050951462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Lena_Mateusz\AppData\Local\Microsoft\OneDrive\OneDrive.exe[6732] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 00000000509516b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Lena_Mateusz\AppData\Local\Microsoft\OneDrive\OneDrive.exe[6732] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 00000000509517eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Lena_Mateusz\AppData\Local\Microsoft\OneDrive\OneDrive.exe[6732] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 000000005095181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Lena_Mateusz\AppData\Local\Microsoft\OneDrive\OneDrive.exe[6732] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000050951857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6928] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffe3909132f 8 bytes [50, 6E, 4F, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6928] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffe39091421 8 bytes [40, 6E, 4F, 7E, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6928] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffe390916b0 8 bytes [20, 6E, 4F, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6928] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffe39091894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6928] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffe3909230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6928] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffe39136260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6928] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffe39136560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6928] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffe391365c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6928] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffe39136800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6928] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffe39136960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6928] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffe39137770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6928] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffe39137d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6928] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffe39138fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6928] C:\WINDOWS\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000050951462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6928] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 00000000509516b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6928] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 00000000509517eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6928] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 000000005095181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6928] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000050951857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\WINDOWS\SYSTEM32\iertutil.dll [6928] entry point in ".rdata" section 00000000717a1590 ? C:\WINDOWS\system32\apphelp.dll [6928] entry point in ".rdata" section 0000000066e0f7c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffe3909132f 8 bytes [50, 6E, 3D, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffe39091421 8 bytes [40, 6E, 3D, 7F, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffe390916b0 8 bytes [20, 6E, 3D, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffe39091894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffe3909230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffe39136260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffe39136560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffe391365c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffe39136800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffe39136960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffe39137770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffe39137d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffe39138fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3432] C:\WINDOWS\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000050951462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3432] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 00000000509516b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3432] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 00000000509517eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3432] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 000000005095181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3432] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000050951857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\WINDOWS\SYSTEM32\iertutil.dll [3432] entry point in ".rdata" section 00000000717a1590 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [3432] entry point in ".rdata" section 000000006bbfa020 ? C:\WINDOWS\system32\ncryptsslp.dll [3432] entry point in ".rdata" section 00000000671004f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffe3909132f 8 bytes [50, 6E, 9C, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffe39091421 8 bytes [40, 6E, 9C, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffe390916b0 8 bytes [20, 6E, 9C, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffe39091894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffe3909230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffe39136260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffe39136560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffe391365c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffe39136800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffe39136960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffe39137770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffe39137d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffe39138fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\WINDOWS\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000050951462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 00000000509516b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 00000000509517eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 000000005095181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000050951857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\WINDOWS\system32\apphelp.dll [1600] entry point in ".rdata" section 0000000066e0f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [1600] entry point in ".rdata" section 00000000717a1590 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [1600] entry point in ".rdata" section 000000006bbfa020 ? C:\WINDOWS\SYSTEM32\atlthunk.dll [1600] entry point in ".data" section 0000000066d74290 ? C:\WINDOWS\system32\mssprxy.dll [1600] entry point in ".rdata" section 000000006722a650 ? C:\Windows\System32\ActXPrxy.dll [1600] entry point in ".rdata" section 00000000636e9c50 ? C:\Windows\System32\OneCoreCommonProxyStub.dll [1600] entry point in ".rdata" section 000000006720da90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8752] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffe3909132f 8 bytes [50, 6E, D2, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8752] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffe39091421 8 bytes [40, 6E, D2, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8752] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffe390916b0 8 bytes [20, 6E, D2, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8752] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffe39091894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8752] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffe3909230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffe39136260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffe39136560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffe391365c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffe39136800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffe39136960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffe39137770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffe39137d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffe39138fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8752] C:\WINDOWS\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000050951462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8752] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 00000000509516b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8752] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 00000000509517eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8752] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 000000005095181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8752] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000050951857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\WINDOWS\system32\apphelp.dll [8752] entry point in ".rdata" section 0000000066e0f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [8752] entry point in ".rdata" section 00000000717a1590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8480] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffe3909132f 8 bytes [50, 6E, F2, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8480] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffe39091421 8 bytes [40, 6E, F2, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8480] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffe390916b0 8 bytes [20, 6E, F2, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8480] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffe39091894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8480] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffe3909230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffe39136260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffe39136560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffe391365c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffe39136800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffe39136960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffe39137770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffe39137d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffe39138fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8480] C:\WINDOWS\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000050951462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8480] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 00000000509516b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8480] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 00000000509517eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8480] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 000000005095181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8480] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000050951857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\WINDOWS\system32\apphelp.dll [8480] entry point in ".rdata" section 0000000066e0f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [8480] entry point in ".rdata" section 00000000717a1590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffe3909132f 8 bytes [50, 6E, 08, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffe39091421 8 bytes [40, 6E, 08, FF, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffe390916b0 8 bytes [20, 6E, 08, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffe39091894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffe3909230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffe39136260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffe39136560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffe391365c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffe39136800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffe39136960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffe39137770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffe39137d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffe39138fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\WINDOWS\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000050951462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 00000000509516b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 00000000509517eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 000000005095181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000050951857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\WINDOWS\system32\apphelp.dll [6672] entry point in ".rdata" section 0000000066e0f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6672] entry point in ".rdata" section 00000000717a1590 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [6672] entry point in ".rdata" section 000000006bbfa020 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5880] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffe3909132f 8 bytes [50, 6E, 3E, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5880] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffe39091421 8 bytes [40, 6E, 3E, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5880] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffe390916b0 8 bytes [20, 6E, 3E, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5880] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffe39091894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5880] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffe3909230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffe39136260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffe39136560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffe391365c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffe39136800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffe39136960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffe39137770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffe39137d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5880] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffe39138fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5880] C:\WINDOWS\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000050951462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5880] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 00000000509516b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5880] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 00000000509517eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5880] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 000000005095181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5880] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000050951857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\WINDOWS\system32\apphelp.dll [5880] entry point in ".rdata" section 0000000066e0f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [5880] entry point in ".rdata" section 00000000717a1590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffe3909132f 8 bytes [50, 6E, CA, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffe39091421 8 bytes [40, 6E, CA, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffe390916b0 8 bytes [20, 6E, CA, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffe39091894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffe3909230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffe39136260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffe39136560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffe391365c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffe39136800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffe39136960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffe39137770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffe39137d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffe39138fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\WINDOWS\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000050951462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 00000000509516b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 00000000509517eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 000000005095181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000050951857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\WINDOWS\system32\apphelp.dll [7792] entry point in ".rdata" section 0000000066e0f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [7792] entry point in ".rdata" section 00000000717a1590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffe3909132f 8 bytes [50, 6E, 35, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffe39091421 8 bytes [40, 6E, 35, FF, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffe390916b0 8 bytes [20, 6E, 35, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffe39091894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffe3909230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffe39136260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffe39136560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffe391365c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffe39136800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffe39136960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffe39137770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffe39137d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffe39138fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1624] C:\WINDOWS\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000050951462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1624] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 00000000509516b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1624] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 00000000509517eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1624] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 000000005095181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1624] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000050951857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\WINDOWS\system32\apphelp.dll [1624] entry point in ".rdata" section 0000000066e0f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [1624] entry point in ".rdata" section 00000000717a1590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7796] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffe3909132f 8 bytes [50, 6E, 5C, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7796] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffe39091421 8 bytes [40, 6E, 5C, FF, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7796] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffe390916b0 8 bytes [20, 6E, 5C, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7796] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffe39091894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7796] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffe3909230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffe39136260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffe39136560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffe391365c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffe39136800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffe39136960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffe39137770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffe39137d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffe39138fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7796] C:\WINDOWS\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000050951462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7796] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 00000000509516b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7796] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 00000000509517eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7796] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 000000005095181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7796] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000050951857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\WINDOWS\system32\apphelp.dll [7796] entry point in ".rdata" section 0000000066e0f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [7796] entry point in ".rdata" section 00000000717a1590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffe3909132f 8 bytes [50, 6E, 33, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffe39091421 8 bytes [40, 6E, 33, FF, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffe390916b0 8 bytes [20, 6E, 33, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffe39091894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffe3909230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffe39136260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffe39136560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffe391365c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffe39136800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffe39136960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffe39137770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffe39137d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffe39138fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\WINDOWS\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000050951462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 00000000509516b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 00000000509517eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 000000005095181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000050951857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\WINDOWS\system32\apphelp.dll [7800] entry point in ".rdata" section 0000000066e0f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [7800] entry point in ".rdata" section 00000000717a1590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffe3909132f 8 bytes [50, 6E, 0F, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffe39091421 8 bytes [40, 6E, 0F, FF, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffe390916b0 8 bytes [20, 6E, 0F, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffe39091894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffe3909230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffe39136260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffe39136560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffe391365c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffe39136800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffe39136960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffe39137770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffe39137d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffe39138fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8204] C:\WINDOWS\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000050951462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8204] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 00000000509516b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8204] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 00000000509517eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8204] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 000000005095181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8204] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000050951857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\WINDOWS\system32\apphelp.dll [8204] entry point in ".rdata" section 0000000066e0f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [8204] entry point in ".rdata" section 00000000717a1590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9644] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffe3909132f 8 bytes [50, 6E, 47, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9644] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffe39091421 8 bytes [40, 6E, 47, FF, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9644] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffe390916b0 8 bytes [20, 6E, 47, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9644] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffe39091894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9644] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffe3909230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffe39136260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffe39136560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffe391365c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffe39136800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffe39136960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffe39137770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffe39137d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffe39138fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9644] C:\WINDOWS\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000050951462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9644] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 00000000509516b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9644] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 00000000509517eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9644] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 000000005095181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9644] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000050951857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\WINDOWS\system32\apphelp.dll [9644] entry point in ".rdata" section 0000000066e0f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [9644] entry point in ".rdata" section 00000000717a1590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffe3909132f 8 bytes [50, 6E, 07, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffe39091421 8 bytes [40, 6E, 07, FF, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffe390916b0 8 bytes [20, 6E, 07, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffe39091894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffe3909230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffe39136260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffe39136560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffe391365c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffe39136800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffe39136960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffe39137770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffe39137d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffe39138fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\WINDOWS\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000050951462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 00000000509516b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 00000000509517eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 000000005095181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4616] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000050951857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\WINDOWS\system32\apphelp.dll [4616] entry point in ".rdata" section 0000000066e0f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [4616] entry point in ".rdata" section 00000000717a1590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffe3909132f 8 bytes [50, 6E, 97, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffe39091421 8 bytes [40, 6E, 97, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8576] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffe390916b0 8 bytes [20, 6E, 97, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8576] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffe39091894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffe3909230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffe39136260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffe39136560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffe391365c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffe39136800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffe39136960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffe39137770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffe39137d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffe39138fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8576] C:\WINDOWS\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000050951462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8576] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 00000000509516b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8576] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 00000000509517eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8576] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 000000005095181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8576] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000050951857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\WINDOWS\system32\apphelp.dll [8576] entry point in ".rdata" section 0000000066e0f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [8576] entry point in ".rdata" section 00000000717a1590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7720] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffe3909132f 8 bytes [50, 6E, 34, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7720] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffe39091421 8 bytes [40, 6E, 34, FF, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7720] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffe390916b0 8 bytes [20, 6E, 34, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7720] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffe39091894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7720] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffe3909230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffe39136260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffe39136560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffe391365c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffe39136800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffe39136960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffe39137770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffe39137d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7720] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffe39138fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7720] C:\WINDOWS\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000050951462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7720] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 00000000509516b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7720] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 00000000509517eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7720] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 000000005095181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7720] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000050951857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\WINDOWS\system32\apphelp.dll [7720] entry point in ".rdata" section 0000000066e0f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [7720] entry point in ".rdata" section 00000000717a1590 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6292] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffe3909132f 8 bytes [50, 6E, F1, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6292] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffe39091421 8 bytes [40, 6E, F1, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6292] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffe390916b0 8 bytes [20, 6E, F1, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6292] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffe39091894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6292] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffe3909230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffe39136260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffe39136560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffe391365c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffe39136800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffe39136960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffe39137770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffe39137d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffe39138fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6292] C:\WINDOWS\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000050951462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6292] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 00000000509516b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6292] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 00000000509517eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6292] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 000000005095181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6292] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000050951857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\WINDOWS\system32\apphelp.dll [6292] entry point in ".rdata" section 0000000066e0f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6292] entry point in ".rdata" section 00000000717a1590 .text C:\Users\Lena_Mateusz\Desktop\z7iqttkv.exe[9768] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffe3909132f 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\Lena_Mateusz\Desktop\z7iqttkv.exe[9768] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffe39091421 8 bytes [40, 6E, F8, 7F, 00, 00, 00, ...] .text ... * 2 .text C:\Users\Lena_Mateusz\Desktop\z7iqttkv.exe[9768] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffe390916b0 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\Lena_Mateusz\Desktop\z7iqttkv.exe[9768] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffe39091894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Users\Lena_Mateusz\Desktop\z7iqttkv.exe[9768] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffe3909230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Users\Lena_Mateusz\Desktop\z7iqttkv.exe[9768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffe39136260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Users\Lena_Mateusz\Desktop\z7iqttkv.exe[9768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffe39136560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Users\Lena_Mateusz\Desktop\z7iqttkv.exe[9768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffe391365c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Users\Lena_Mateusz\Desktop\z7iqttkv.exe[9768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffe39136800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Users\Lena_Mateusz\Desktop\z7iqttkv.exe[9768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffe39136960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Users\Lena_Mateusz\Desktop\z7iqttkv.exe[9768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffe39137770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Users\Lena_Mateusz\Desktop\z7iqttkv.exe[9768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffe39137d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Users\Lena_Mateusz\Desktop\z7iqttkv.exe[9768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffe39138fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Users\Lena_Mateusz\Desktop\z7iqttkv.exe[9768] C:\WINDOWS\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000050951462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Lena_Mateusz\Desktop\z7iqttkv.exe[9768] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 00000000509516b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Lena_Mateusz\Desktop\z7iqttkv.exe[9768] C:\WINDOWS\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 00000000509517eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Lena_Mateusz\Desktop\z7iqttkv.exe[9768] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 000000005095181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Lena_Mateusz\Desktop\z7iqttkv.exe[9768] C:\WINDOWS\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000050951857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\WINDOWS\system32\apphelp.dll [9768] entry point in ".rdata" section 0000000066e0f7c0 ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [856:908] fffff45676fa6c20 Thread C:\WINDOWS\system32\svchost.exe [1824:2280] 00007ffe2d395bd0 Thread C:\WINDOWS\system32\svchost.exe [1824:2292] 00007ffe2d399b20 Thread C:\WINDOWS\system32\svchost.exe [3708:3780] 00007ffe25c45bc0 Thread C:\WINDOWS\system32\svchost.exe [3708:3784] 00007ffe25c57d70 Thread C:\WINDOWS\system32\svchost.exe [3708:4404] 00007ffe1f9fb180 Thread C:\WINDOWS\system32\svchost.exe [3708:4428] 00007ffe1f9ff5f0 Thread C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [3960:3296] 00007ffe23de7944 Thread C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [3960:3300] 00007ffe23cabeb4 Thread C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [3960:4136] 00007ffe23cabeb4 Thread C:\Users\Lena_Mateusz\AppData\Local\Microsoft\OneDrive\OneDrive.exe [6732:7156] 000000006c39d246 Thread C:\Users\Lena_Mateusz\AppData\Local\Microsoft\OneDrive\OneDrive.exe [6732:7160] 000000006c39d246 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{098D27B8-41BE-4353-9EC5-C5699C7A631A} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{098D27B8-41BE-4353-9EC5-C5699C7A631A}\Connection Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{098D27B8-41BE-4353-9EC5-C5699C7A631A}\Connection@Name LAN-Verbindung* 5 Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{098D27B8-41BE-4353-9EC5-C5699C7A631A}\Connection@PnPInstanceId SWD\IP_TUNNEL_VBUS\Teredo_Tunnel_Device Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1700603830 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 4035 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 2835447 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 2835130 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 2835130 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 2835382 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 178 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0xC7 0x27 0x46 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\d0534912cf32 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{E76C9ABE-FEF2-41B5-B06E-EE86C69ACD5F}@DefunctTimestamp 0xF9 0xC8 0x89 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Export \Device\LanmanServer_NetbiosSmb?\Device\LanmanServer_Tcpip_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\LanmanServer_Tcpip6_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\LanmanServer_Tcpip6_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\LanmanServer_Tcpip_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\LanmanServer_Tcpip6_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\LanmanServer_Tcpip_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\LanmanServer_NetBT_Tcpip_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\LanmanServer_NetBT_Tcpip6_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\LanmanServer_NetBT_Tcpip6_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\LanmanServer_NetBT_Tcpip_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\LanmanServer_NetBT_Tcpip6_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\LanmanServer_NetBT_Tcpip_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\LanmanServer_Tcpip6_{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}?\Device\LanmanServer_Tcpip_{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}?\Device\LanmanServer_Tcp Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Bind \Device\NetbiosSmb?\Device\Tcpip_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\Tcpip6_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\Tcpip6_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\Tcpip_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\Tcpip6_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\Tcpip_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\NetBT_Tcpip_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\NetBT_Tcpip6_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\NetBT_Tcpip6_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\NetBT_Tcpip_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\NetBT_Tcpip6_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\NetBT_Tcpip_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\Tcpip6_{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}?\Device\Tcpip_{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}?\Device\Tcpip6_{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}?\Device\Tcpip_{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}?\Device\NetBT_Tcpip6_{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}?\Device\NetBT_Tcpip_{4FFD002D-6B5E-4DB3-963D-4401D00 Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Route "NetbiosSmb"?"Tcpip" "{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}"?"Tcpip6" "{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}"?"Tcpip6" "{162C3F96-22D1-4F29-AB59-E0597FDB98D2}"?"Tcpip" "{162C3F96-22D1-4F29-AB59-E0597FDB98D2}"?"Tcpip6" "{F6D8243B-7F71-4A36-906E-E6D7960E554B}"?"Tcpip" "{F6D8243B-7F71-4A36-906E-E6D7960E554B}"?"NetBT" "Tcpip" "{162C3F96-22D1-4F29-AB59-E0597FDB98D2}"?"NetBT" "Tcpip6" "{162C3F96-22D1-4F29-AB59-E0597FDB98D2}"?"NetBT" "Tcpip6" "{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}"?"NetBT" "Tcpip" "{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}"?"NetBT" "Tcpip6" "{F6D8243B-7F71-4A36-906E-E6D7960E554B}"?"NetBT" "Tcpip" "{F6D8243B-7F71-4A36-906E-E6D7960E554B}"?"Tcpip6" "{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}"?"Tcpip" "{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}"?"Tcpip6" "{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}"?"Tcpip" "{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}"?"NetBT" "Tcpip6" "{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}"?"NetBT" "Tcpip" "{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}"?"NetBT" "Tcpip" "{52A43287-DC69-4390-90FB-9EFC9E14E289} Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage@Export \Device\LanmanWorkstation_NetbiosSmb?\Device\LanmanWorkstation_Tcpip6_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\LanmanWorkstation_Tcpip_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\LanmanWorkstation_NetBT_Tcpip_{52A43287-DC69-4390-90FB-9EFC9E14E289}?\Device\LanmanWorkstation_Tcpip_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\LanmanWorkstation_NetBT_Tcpip_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\LanmanWorkstation_Tcpip6_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\LanmanWorkstation_NetBT_Tcpip6_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\LanmanWorkstation_Tcpip_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\LanmanWorkstation_NetBT_Tcpip_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\LanmanWorkstation_Tcpip6_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\LanmanWorkstation_NetBT_Tcpip6_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\LanmanWorkstation_NetBT_Tcpip6_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\LanmanWorkstation_NetBT_Tcpip_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\LanmanW Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage@Bind \Device\NetbiosSmb?\Device\Tcpip6_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\Tcpip_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\NetBT_Tcpip_{52A43287-DC69-4390-90FB-9EFC9E14E289}?\Device\Tcpip_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\NetBT_Tcpip_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\Tcpip6_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\NetBT_Tcpip6_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\Tcpip_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\NetBT_Tcpip_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\Tcpip6_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\NetBT_Tcpip6_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\NetBT_Tcpip6_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\NetBT_Tcpip_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\Tcpip_{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}?\Device\Tcpip6_{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}?\Device\Tcpip_{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}?\Device\Tcpip6_{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}?\Device\NetBT_Tcpip6_{4FFD002D-6B5E-4DB3-963D-4401D00 Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage@Route "NetbiosSmb"?"Tcpip6" "{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}"?"Tcpip" "{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}"?"NetBT" "Tcpip" "{52A43287-DC69-4390-90FB-9EFC9E14E289}"?"Tcpip" "{162C3F96-22D1-4F29-AB59-E0597FDB98D2}"?"NetBT" "Tcpip" "{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}"?"Tcpip6" "{162C3F96-22D1-4F29-AB59-E0597FDB98D2}"?"NetBT" "Tcpip6" "{162C3F96-22D1-4F29-AB59-E0597FDB98D2}"?"Tcpip" "{F6D8243B-7F71-4A36-906E-E6D7960E554B}"?"NetBT" "Tcpip" "{162C3F96-22D1-4F29-AB59-E0597FDB98D2}"?"Tcpip6" "{F6D8243B-7F71-4A36-906E-E6D7960E554B}"?"NetBT" "Tcpip6" "{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}"?"NetBT" "Tcpip6" "{F6D8243B-7F71-4A36-906E-E6D7960E554B}"?"NetBT" "Tcpip" "{F6D8243B-7F71-4A36-906E-E6D7960E554B}"?"Tcpip" "{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}"?"Tcpip6" "{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}"?"Tcpip" "{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}"?"Tcpip6" "{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}"?"NetBT" "Tcpip6" "{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}"?"NetBT" "Tcpip" "{4FFD002D-6B5E-4DB3-963D-4401D006AFA3} Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage@Export \Device\NetBIOS_NetBT_Tcpip6_{DB7F0FF5-9F49-4FA2-A224-E6EF68CCB9E2}?\Device\NetBIOS_NetBT_Tcpip_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\NetBIOS_NetBT_Tcpip6_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\NetBIOS_NetBT_Tcpip_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\NetBIOS_NetBT_Tcpip6_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\NetBIOS_NetBT_Tcpip_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\NetBIOS_NetBT_Tcpip6_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\NetBIOS_NetBT_Tcpip6_{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}?\Device\NetBIOS_NetBT_Tcpip_{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}?\Device\NetBIOS_NetBT_Tcpip_{52A43287-DC69-4390-90FB-9EFC9E14E289}?\Device\NetBIOS_NetBT_Tcpip6_{52A43287-DC69-4390-90FB-9EFC9E14E289}?\Device\NetBIOS_NetBT_Tcpip_{DB7F0FF5-9F49-4FA2-A224-E6EF68CCB9E2}?\Device\NetBIOS_NetBT_Tcpip6_{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}?\Device\NetBIOS_NetBT_Tcpip_{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}?\Device\NetBIOS_NetBT_Tcpip6_{E76C9ABE-FEF2-41B5-B06E-EE86C69ACD5F}?\Device\Ne Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage@Bind \Device\NetBT_Tcpip6_{DB7F0FF5-9F49-4FA2-A224-E6EF68CCB9E2}?\Device\NetBT_Tcpip_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\NetBT_Tcpip6_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\NetBT_Tcpip_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\NetBT_Tcpip6_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\NetBT_Tcpip_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\NetBT_Tcpip6_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\NetBT_Tcpip6_{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}?\Device\NetBT_Tcpip_{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}?\Device\NetBT_Tcpip_{52A43287-DC69-4390-90FB-9EFC9E14E289}?\Device\NetBT_Tcpip6_{52A43287-DC69-4390-90FB-9EFC9E14E289}?\Device\NetBT_Tcpip_{DB7F0FF5-9F49-4FA2-A224-E6EF68CCB9E2}?\Device\NetBT_Tcpip6_{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}?\Device\NetBT_Tcpip_{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}?\Device\NetBT_Tcpip6_{E76C9ABE-FEF2-41B5-B06E-EE86C69ACD5F}?\Device\NetBT_Tcpip6_{5A43977F-3727-42AD-A38C-DF5253122092}?\Device\NetBT_Tcpip6_{78FB2D39-1B14-4516-AA65-063B118080FA}?\Device\Ne Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage@Route "NetBT" "Tcpip6" "{DB7F0FF5-9F49-4FA2-A224-E6EF68CCB9E2}"?"NetBT" "Tcpip" "{162C3F96-22D1-4F29-AB59-E0597FDB98D2}"?"NetBT" "Tcpip6" "{162C3F96-22D1-4F29-AB59-E0597FDB98D2}"?"NetBT" "Tcpip" "{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}"?"NetBT" "Tcpip6" "{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}"?"NetBT" "Tcpip" "{F6D8243B-7F71-4A36-906E-E6D7960E554B}"?"NetBT" "Tcpip6" "{F6D8243B-7F71-4A36-906E-E6D7960E554B}"?"NetBT" "Tcpip6" "{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}"?"NetBT" "Tcpip" "{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}"?"NetBT" "Tcpip" "{52A43287-DC69-4390-90FB-9EFC9E14E289}"?"NetBT" "Tcpip6" "{52A43287-DC69-4390-90FB-9EFC9E14E289}"?"NetBT" "Tcpip" "{DB7F0FF5-9F49-4FA2-A224-E6EF68CCB9E2}"?"NetBT" "Tcpip6" "{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}"?"NetBT" "Tcpip" "{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}"?"NetBT" "Tcpip6" "{E76C9ABE-FEF2-41B5-B06E-EE86C69ACD5F}"?"NetBT" "Tcpip6" "{5A43977F-3727-42AD-A38C-DF5253122092}"?"NetBT" "Tcpip6" "{78FB2D39-1B14-4516-AA65-063B118080FA}"?"NetBT" "Tcpip" "{78FB2D39-1B14-4516-AA65-06 Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Linkage@Export \Device\NetBT_Tcpip6_{DB7F0FF5-9F49-4FA2-A224-E6EF68CCB9E2}?\Device\NetBT_Tcpip6_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\NetBT_Tcpip_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\NetBT_Tcpip_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\NetBT_Tcpip6_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\NetBT_Tcpip_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\NetBT_Tcpip6_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\NetBT_Tcpip6_{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}?\Device\NetBT_Tcpip_{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}?\Device\NetBT_Tcpip6_{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}?\Device\NetBT_Tcpip_{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}?\Device\NetBT_Tcpip_{52A43287-DC69-4390-90FB-9EFC9E14E289}?\Device\NetBT_Tcpip_{DB7F0FF5-9F49-4FA2-A224-E6EF68CCB9E2}?\Device\NetBT_Tcpip6_{52A43287-DC69-4390-90FB-9EFC9E14E289}?\Device\NetBT_Tcpip6_{E76C9ABE-FEF2-41B5-B06E-EE86C69ACD5F}?\Device\NetBT_Tcpip6_{5A43977F-3727-42AD-A38C-DF5253122092}?\Device\NetBT_Tcpip_{78FB2D39-1B14-4516-AA65-063B118080FA}?\Device\Net Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Linkage@Bind \Device\Tcpip6_{DB7F0FF5-9F49-4FA2-A224-E6EF68CCB9E2}?\Device\Tcpip6_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\Tcpip_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\Tcpip_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\Tcpip6_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\Tcpip_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\Tcpip6_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\Tcpip6_{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}?\Device\Tcpip_{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}?\Device\Tcpip6_{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}?\Device\Tcpip_{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}?\Device\Tcpip_{52A43287-DC69-4390-90FB-9EFC9E14E289}?\Device\Tcpip_{DB7F0FF5-9F49-4FA2-A224-E6EF68CCB9E2}?\Device\Tcpip6_{52A43287-DC69-4390-90FB-9EFC9E14E289}?\Device\Tcpip6_{E76C9ABE-FEF2-41B5-B06E-EE86C69ACD5F}?\Device\Tcpip6_{5A43977F-3727-42AD-A38C-DF5253122092}?\Device\Tcpip_{78FB2D39-1B14-4516-AA65-063B118080FA}?\Device\Tcpip6_{78FB2D39-1B14-4516-AA65-063B118080FA}?\Device\Tcpip6_{098D27B8-41BE-4353-9EC5-C5699C7A631A}? Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Linkage@Route "Tcpip6" "{DB7F0FF5-9F49-4FA2-A224-E6EF68CCB9E2}"?"Tcpip6" "{162C3F96-22D1-4F29-AB59-E0597FDB98D2}"?"Tcpip" "{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}"?"Tcpip" "{162C3F96-22D1-4F29-AB59-E0597FDB98D2}"?"Tcpip6" "{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}"?"Tcpip" "{F6D8243B-7F71-4A36-906E-E6D7960E554B}"?"Tcpip6" "{F6D8243B-7F71-4A36-906E-E6D7960E554B}"?"Tcpip6" "{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}"?"Tcpip" "{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}"?"Tcpip6" "{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}"?"Tcpip" "{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}"?"Tcpip" "{52A43287-DC69-4390-90FB-9EFC9E14E289}"?"Tcpip" "{DB7F0FF5-9F49-4FA2-A224-E6EF68CCB9E2}"?"Tcpip6" "{52A43287-DC69-4390-90FB-9EFC9E14E289}"?"Tcpip6" "{E76C9ABE-FEF2-41B5-B06E-EE86C69ACD5F}"?"Tcpip6" "{5A43977F-3727-42AD-A38C-DF5253122092}"?"Tcpip" "{78FB2D39-1B14-4516-AA65-063B118080FA}"?"Tcpip6" "{78FB2D39-1B14-4516-AA65-063B118080FA}"?"Tcpip6" "{098D27B8-41BE-4353-9EC5-C5699C7A631A}"? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 10632 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 3359 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bcb40ed0-b329-4de9-aaa2-3fb4c5c46e2c}@LeaseObtainedTime 1485424942 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bcb40ed0-b329-4de9-aaa2-3fb4c5c46e2c}@T1 1485468142 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bcb40ed0-b329-4de9-aaa2-3fb4c5c46e2c}@T2 1485500542 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bcb40ed0-b329-4de9-aaa2-3fb4c5c46e2c}@LeaseTerminatesTime 1485511342 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Linkage@Export \Device\Tcpip6_{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\Tcpip6_{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\Tcpip6_{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\Tcpip6_{DB7F0FF5-9F49-4FA2-A224-E6EF68CCB9E2}?\Device\Tcpip6_{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}?\Device\Tcpip6_{52A43287-DC69-4390-90FB-9EFC9E14E289}?\Device\Tcpip6_{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}?\Device\Tcpip6_{E76C9ABE-FEF2-41B5-B06E-EE86C69ACD5F}?\Device\Tcpip6_{5A43977F-3727-42AD-A38C-DF5253122092}?\Device\Tcpip6_{78FB2D39-1B14-4516-AA65-063B118080FA}?\Device\Tcpip6_{098D27B8-41BE-4353-9EC5-C5699C7A631A}? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Linkage@Bind \Device\{F6D8243B-7F71-4A36-906E-E6D7960E554B}?\Device\{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\{162C3F96-22D1-4F29-AB59-E0597FDB98D2}?\Device\{DB7F0FF5-9F49-4FA2-A224-E6EF68CCB9E2}?\Device\{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}?\Device\{52A43287-DC69-4390-90FB-9EFC9E14E289}?\Device\{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}?\Device\{E76C9ABE-FEF2-41B5-B06E-EE86C69ACD5F}?\Device\{5A43977F-3727-42AD-A38C-DF5253122092}?\Device\{78FB2D39-1B14-4516-AA65-063B118080FA}?\Device\{098D27B8-41BE-4353-9EC5-C5699C7A631A}? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Linkage@Route "{F6D8243B-7F71-4A36-906E-E6D7960E554B}"?"{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}"?"{162C3F96-22D1-4F29-AB59-E0597FDB98D2}"?"{DB7F0FF5-9F49-4FA2-A224-E6EF68CCB9E2}"?"{4FFD002D-6B5E-4DB3-963D-4401D006AFA3}"?"{52A43287-DC69-4390-90FB-9EFC9E14E289}"?"{BCB40ED0-B329-4DE9-AAA2-3FB4C5C46E2C}"?"{E76C9ABE-FEF2-41B5-B06E-EE86C69ACD5F}"?"{5A43977F-3727-42AD-A38C-DF5253122092}"?"{78FB2D39-1B14-4516-AA65-063B118080FA}"?"{098D27B8-41BE-4353-9EC5-C5699C7A631A}"? Reg HKLM\SYSTEM\CurrentControlSet\Services\TCPIP6TUNNEL\Linkage@Export \Device\TCPIP6TUNNEL_{E76C9ABE-FEF2-41B5-B06E-EE86C69ACD5F}?\Device\TCPIP6TUNNEL_{5A43977F-3727-42AD-A38C-DF5253122092}?\Device\TCPIP6TUNNEL_{098D27B8-41BE-4353-9EC5-C5699C7A631A}? Reg HKLM\SYSTEM\CurrentControlSet\Services\TCPIP6TUNNEL\Linkage@Bind \Device\{E76C9ABE-FEF2-41B5-B06E-EE86C69ACD5F}?\Device\{5A43977F-3727-42AD-A38C-DF5253122092}?\Device\{098D27B8-41BE-4353-9EC5-C5699C7A631A}? Reg HKLM\SYSTEM\CurrentControlSet\Services\TCPIP6TUNNEL\Linkage@Route "{E76C9ABE-FEF2-41B5-B06E-EE86C69ACD5F}"?"{5A43977F-3727-42AD-A38C-DF5253122092}"?"{098D27B8-41BE-4353-9EC5-C5699C7A631A}"? Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xE2 0xB0 0x25 0xDB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xE2 0x18 0xEA 0x3C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xE2 0x48 0x61 0x79 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@GlobalAssocChangedCounter 376 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds KasperskyLab.Kis.UI.Toasts?Chrome.UserData.Profile1? Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@KasperskyLab.Kis.UI.Toasts 0xEC 0xD4 0xB1 0xA8 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Chrome.UserData.Profile1 0x44 0x3C 0xC5 0x98 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----