GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-07-02 22:02:03 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000032 PLEXTOR_PX-128M5S rev.1.05 119,24GB Running: p68m5jx1.exe; Driver: C:\Users\Flow\AppData\Local\Temp\afndrkoc.sys ---- User code sections - GMER 2.2 ---- ? C:\Windows\SYSTEM32\iertutil.dll [2456] entry point in ".rdata" section 000000006e473570 ? C:\Windows\SYSTEM32\NTASN1.dll [3792] entry point in ".rdata" section 0000000066d2a020 ? C:\Windows\SYSTEM32\iertutil.dll [3792] entry point in ".rdata" section 000000006e473570 ? C:\Windows\SYSTEM32\dbgcore.DLL [5444] entry point in ".rdata" section 0000000064aac940 ? C:\Windows\system32\apphelp.dll [2024] entry point in ".rdata" section 000000006409f7c0 ? C:\Windows\system32\wbem\wbemsvc.dll [2024] entry point in ".rdata" section 0000000066638fc0 ? C:\Windows\SYSTEM32\iertutil.dll [2024] entry point in ".rdata" section 000000006e473570 ? C:\Windows\SYSTEM32\NTASN1.dll [2024] entry point in ".rdata" section 0000000066d2a020 ? C:\Windows\system32\ncryptsslp.dll [2024] entry point in ".rdata" section 00000000617504f0 ? C:\Windows\system32\apphelp.dll [6836] entry point in ".rdata" section 000000006409f7c0 ? C:\Windows\SYSTEM32\iertutil.dll [6836] entry point in ".rdata" section 000000006e473570 ? C:\Windows\system32\wbem\wbemsvc.dll [6836] entry point in ".rdata" section 0000000066638fc0 ? C:\Windows\SYSTEM32\NTASN1.dll [6836] entry point in ".rdata" section 0000000066d2a020 ? C:\Windows\system32\ncryptsslp.dll [6836] entry point in ".rdata" section 00000000617504f0 ? C:\Windows\system32\apphelp.dll [4452] entry point in ".rdata" section 000000006409f7c0 ? C:\Windows\SYSTEM32\iertutil.dll [4452] entry point in ".rdata" section 000000006e473570 ? C:\Windows\system32\apphelp.dll [7012] entry point in ".rdata" section 000000006409f7c0 ? C:\Windows\SYSTEM32\iertutil.dll [7012] entry point in ".rdata" section 000000006e473570 .text J:\CCleaner\CCleaner64.exe[7116] C:\Windows\System32\win32u.dll!NtUserShowScrollBar 00007ffab9341830 5 bytes JMP 00007ffa39360018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5888] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffabcc565c0 16 bytes {MOV RAX, 0x7ffab1f065b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffabcc56260 16 bytes {MOV RAX, 0x7ff67f3b4050; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffabcc56540 16 bytes {MOV RAX, 0x7ff67f3b40d0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffabcc56580 16 bytes {MOV RAX, 0x7ff67f3b44c0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffabcc565a0 16 bytes {MOV RAX, 0x7ff67f3b42b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffabcc565c0 16 bytes {MOV RAX, 0x7ff67f3b3f30; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffabcc56600 16 bytes {MOV RAX, 0x7ff67f3b3fa0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffabcc566a0 16 bytes {MOV RAX, 0x7ff67f3b4140; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ffabcc566c0 16 bytes {MOV RAX, 0x7ff67f3b4510; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffabcc56720 16 bytes {MOV RAX, 0x7ff67f3b4230; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffabcc56860 16 bytes {MOV RAX, 0x7ff67f3b4270; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffabcc56b60 16 bytes {MOV RAX, 0x7ff67f3b41b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffabcc583d0 16 bytes {MOV RAX, 0x7ff67f3b44f0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffabcc58490 16 bytes {MOV RAX, 0x7ff67f3b4490; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffabcc58730 16 bytes {MOV RAX, 0x7ff67f3b4290; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffabcc56260 16 bytes {MOV RAX, 0x7ff67f3b4050; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffabcc56540 16 bytes {MOV RAX, 0x7ff67f3b40d0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffabcc56580 16 bytes {MOV RAX, 0x7ff67f3b44c0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffabcc565a0 16 bytes {MOV RAX, 0x7ff67f3b42b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffabcc565c0 16 bytes {MOV RAX, 0x7ff67f3b3f30; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffabcc56600 16 bytes {MOV RAX, 0x7ff67f3b3fa0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffabcc566a0 16 bytes {MOV RAX, 0x7ff67f3b4140; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ffabcc566c0 16 bytes {MOV RAX, 0x7ff67f3b4510; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffabcc56720 16 bytes {MOV RAX, 0x7ff67f3b4230; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffabcc56860 16 bytes {MOV RAX, 0x7ff67f3b4270; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffabcc56b60 16 bytes {MOV RAX, 0x7ff67f3b41b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffabcc583d0 16 bytes {MOV RAX, 0x7ff67f3b44f0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffabcc58490 16 bytes {MOV RAX, 0x7ff67f3b4490; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffabcc58730 16 bytes {MOV RAX, 0x7ff67f3b4290; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffabcc56260 16 bytes {MOV RAX, 0x7ff67f3b4050; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffabcc56540 16 bytes {MOV RAX, 0x7ff67f3b40d0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffabcc56580 16 bytes {MOV RAX, 0x7ff67f3b44c0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffabcc565a0 16 bytes {MOV RAX, 0x7ff67f3b42b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffabcc565c0 16 bytes {MOV RAX, 0x7ff67f3b3f30; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffabcc56600 16 bytes {MOV RAX, 0x7ff67f3b3fa0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffabcc566a0 16 bytes {MOV RAX, 0x7ff67f3b4140; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ffabcc566c0 16 bytes {MOV RAX, 0x7ff67f3b4510; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffabcc56720 16 bytes {MOV RAX, 0x7ff67f3b4230; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffabcc56860 16 bytes {MOV RAX, 0x7ff67f3b4270; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffabcc56b60 16 bytes {MOV RAX, 0x7ff67f3b41b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffabcc583d0 16 bytes {MOV RAX, 0x7ff67f3b44f0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffabcc58490 16 bytes {MOV RAX, 0x7ff67f3b4490; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffabcc58730 16 bytes {MOV RAX, 0x7ff67f3b4290; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffabcc56260 16 bytes {MOV RAX, 0x7ff67f3b4050; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffabcc56540 16 bytes {MOV RAX, 0x7ff67f3b40d0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffabcc56580 16 bytes {MOV RAX, 0x7ff67f3b44c0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffabcc565a0 16 bytes {MOV RAX, 0x7ff67f3b42b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffabcc565c0 16 bytes {MOV RAX, 0x7ff67f3b3f30; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffabcc56600 16 bytes {MOV RAX, 0x7ff67f3b3fa0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffabcc566a0 16 bytes {MOV RAX, 0x7ff67f3b4140; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ffabcc566c0 16 bytes {MOV RAX, 0x7ff67f3b4510; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffabcc56720 16 bytes {MOV RAX, 0x7ff67f3b4230; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffabcc56860 16 bytes {MOV RAX, 0x7ff67f3b4270; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffabcc56b60 16 bytes {MOV RAX, 0x7ff67f3b41b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffabcc583d0 16 bytes {MOV RAX, 0x7ff67f3b44f0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffabcc58490 16 bytes {MOV RAX, 0x7ff67f3b4490; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffabcc58730 16 bytes {MOV RAX, 0x7ff67f3b4290; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffabcc56260 16 bytes {MOV RAX, 0x7ff67f3b4050; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffabcc56540 16 bytes {MOV RAX, 0x7ff67f3b40d0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffabcc56580 16 bytes {MOV RAX, 0x7ff67f3b44c0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffabcc565a0 16 bytes {MOV RAX, 0x7ff67f3b42b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffabcc565c0 16 bytes {MOV RAX, 0x7ff67f3b3f30; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffabcc56600 16 bytes {MOV RAX, 0x7ff67f3b3fa0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffabcc566a0 16 bytes {MOV RAX, 0x7ff67f3b4140; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ffabcc566c0 16 bytes {MOV RAX, 0x7ff67f3b4510; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffabcc56720 16 bytes {MOV RAX, 0x7ff67f3b4230; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffabcc56860 16 bytes {MOV RAX, 0x7ff67f3b4270; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffabcc56b60 16 bytes {MOV RAX, 0x7ff67f3b41b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffabcc583d0 16 bytes {MOV RAX, 0x7ff67f3b44f0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffabcc58490 16 bytes {MOV RAX, 0x7ff67f3b4490; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffabcc58730 16 bytes {MOV RAX, 0x7ff67f3b4290; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffabcc56260 16 bytes {MOV RAX, 0x7ff67f3b4050; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffabcc56540 16 bytes {MOV RAX, 0x7ff67f3b40d0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffabcc56580 16 bytes {MOV RAX, 0x7ff67f3b44c0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffabcc565a0 16 bytes {MOV RAX, 0x7ff67f3b42b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffabcc565c0 16 bytes {MOV RAX, 0x7ff67f3b3f30; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffabcc56600 16 bytes {MOV RAX, 0x7ff67f3b3fa0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffabcc566a0 16 bytes {MOV RAX, 0x7ff67f3b4140; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ffabcc566c0 16 bytes {MOV RAX, 0x7ff67f3b4510; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffabcc56720 16 bytes {MOV RAX, 0x7ff67f3b4230; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffabcc56860 16 bytes {MOV RAX, 0x7ff67f3b4270; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffabcc56b60 16 bytes {MOV RAX, 0x7ff67f3b41b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffabcc583d0 16 bytes {MOV RAX, 0x7ff67f3b44f0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffabcc58490 16 bytes {MOV RAX, 0x7ff67f3b4490; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffabcc58730 16 bytes {MOV RAX, 0x7ff67f3b4290; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffabcc56260 16 bytes {MOV RAX, 0x7ff67f3b4050; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffabcc56540 16 bytes {MOV RAX, 0x7ff67f3b40d0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffabcc56580 16 bytes {MOV RAX, 0x7ff67f3b44c0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffabcc565a0 16 bytes {MOV RAX, 0x7ff67f3b42b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffabcc565c0 16 bytes {MOV RAX, 0x7ff67f3b3f30; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffabcc56600 16 bytes {MOV RAX, 0x7ff67f3b3fa0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffabcc566a0 16 bytes {MOV RAX, 0x7ff67f3b4140; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ffabcc566c0 16 bytes {MOV RAX, 0x7ff67f3b4510; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffabcc56720 16 bytes {MOV RAX, 0x7ff67f3b4230; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffabcc56860 16 bytes {MOV RAX, 0x7ff67f3b4270; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffabcc56b60 16 bytes {MOV RAX, 0x7ff67f3b41b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffabcc583d0 16 bytes {MOV RAX, 0x7ff67f3b44f0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffabcc58490 16 bytes {MOV RAX, 0x7ff67f3b4490; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffabcc58730 16 bytes {MOV RAX, 0x7ff67f3b4290; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffabcc56260 16 bytes {MOV RAX, 0x7ff67f3b4050; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffabcc56540 16 bytes {MOV RAX, 0x7ff67f3b40d0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffabcc56580 16 bytes {MOV RAX, 0x7ff67f3b44c0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffabcc565a0 16 bytes {MOV RAX, 0x7ff67f3b42b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffabcc565c0 16 bytes {MOV RAX, 0x7ff67f3b3f30; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffabcc56600 16 bytes {MOV RAX, 0x7ff67f3b3fa0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffabcc566a0 16 bytes {MOV RAX, 0x7ff67f3b4140; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ffabcc566c0 16 bytes {MOV RAX, 0x7ff67f3b4510; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffabcc56720 16 bytes {MOV RAX, 0x7ff67f3b4230; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffabcc56860 16 bytes {MOV RAX, 0x7ff67f3b4270; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffabcc56b60 16 bytes {MOV RAX, 0x7ff67f3b41b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffabcc583d0 16 bytes {MOV RAX, 0x7ff67f3b44f0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffabcc58490 16 bytes {MOV RAX, 0x7ff67f3b4490; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffabcc58730 16 bytes {MOV RAX, 0x7ff67f3b4290; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffabcc56260 16 bytes {MOV RAX, 0x7ff67f3b4050; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffabcc56540 16 bytes {MOV RAX, 0x7ff67f3b40d0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffabcc56580 16 bytes {MOV RAX, 0x7ff67f3b44c0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffabcc565a0 16 bytes {MOV RAX, 0x7ff67f3b42b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffabcc565c0 16 bytes {MOV RAX, 0x7ff67f3b3f30; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffabcc56600 16 bytes {MOV RAX, 0x7ff67f3b3fa0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffabcc566a0 16 bytes {MOV RAX, 0x7ff67f3b4140; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ffabcc566c0 16 bytes {MOV RAX, 0x7ff67f3b4510; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffabcc56720 16 bytes {MOV RAX, 0x7ff67f3b4230; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffabcc56860 16 bytes {MOV RAX, 0x7ff67f3b4270; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffabcc56b60 16 bytes {MOV RAX, 0x7ff67f3b41b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffabcc583d0 16 bytes {MOV RAX, 0x7ff67f3b44f0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffabcc58490 16 bytes {MOV RAX, 0x7ff67f3b4490; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffabcc58730 16 bytes {MOV RAX, 0x7ff67f3b4290; JMP RAX} ? C:\Windows\system32\apphelp.dll [904] entry point in ".rdata" section 000000006409f7c0 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffabb41002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5016] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffa8f073428] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffabb41002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5028] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffa8f073428] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffabb41002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6400] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffa8f073428] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffabb41002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6320] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffa8f073428] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffabb41002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffa8f073428] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffabb41002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[320] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffa8f073428] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffabb41002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[944] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffa8f073428] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffabb41002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6700] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffa8f073428] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffabb41002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffabb41006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffaba67002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6880] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffa8f073428] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\chrome_child.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [600:724] ffffb31fa23a6c20 Thread C:\Windows\Explorer.EXE [2092:4580] 00007ffab61f20e0 Thread C:\Windows\Explorer.EXE [2092:5344] 00007ffa97f020e0 ---- Services - GMER 2.2 ---- Service C:\Windows\system32\drivers\hitmanpro37.sys (*** hidden *** ) [MANUAL] hitmanpro37 <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1286363877 Reg HKLM\SYSTEM\CurrentControlSet\Services\hitmanpro37 Reg HKLM\SYSTEM\CurrentControlSet\Services\hitmanpro37@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\hitmanpro37@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\hitmanpro37@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\hitmanpro37@ImagePath \??\C:\Windows\system32\drivers\hitmanpro37.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\hitmanpro37@DisplayName HitmanPro 3.7 Support Driver Reg HKLM\SYSTEM\CurrentControlSet\Services\hitmanpro37 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x09 0xE2 0x0F 0x8B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x09 0x4A 0xD4 0xEC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x09 0x7A 0x4B 0x29 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{29DD8E82-DD0E-4849-BEF3-BC67B35F49D9}@LastAccessedTime 0x70 0xCF 0x8D 0x70 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{29DD8E82-DD0E-4849-BEF3-BC67B35F49D9}@LaunchCount 4 ---- EOF - GMER 2.2 ----