GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-09 12:03:28 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\0000005b ST3120814A rev.2AAA Running: fwqs7w2n.exe; Driver: C:\DOCUME~1\arm\USTAWI~1\Temp\kfloqaod.sys ---- System - GMER 1.0.15 ---- SSDT sphj.sys ZwCreateKey [0xF73E90E0] <-- ROOTKIT !!! SSDT sphj.sys ZwEnumerateKey [0xF7401DA4] <-- ROOTKIT !!! SSDT sphj.sys ZwEnumerateValueKey [0xF7402132] <-- ROOTKIT !!! SSDT sphj.sys ZwOpenKey [0xF73E90C0] <-- ROOTKIT !!! SSDT sphj.sys ZwQueryKey [0xF740220A] <-- ROOTKIT !!! SSDT sphj.sys ZwQueryValueKey [0xF740208A] <-- ROOTKIT !!! SSDT sphj.sys ZwSetValueKey [0xF740229C] <-- ROOTKIT !!! INT 0x62 ? 8676DBF8 INT 0x73 ? 863AABF8 INT 0x82 ? 8676DBF8 INT 0x83 ? 863AABF8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel + 816 8053D36A 4 Bytes CALL 866CB2CD ? sphj.sys Nie można odnaleźć określonego pliku. ! ? C:\WINDOWS\system32\drivers\wojqnp.sys Urządzenie podłączone do komputera nie działa. .text USBPORT.SYS!DllUnload F67358AC 5 Bytes JMP 863AA1D8 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73EA042] sphj.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73EA13E] sphj.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73EA0C0] sphj.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73EA800] sphj.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73EA6D6] sphj.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 867527D8 Device \Driver\Tcpip \Device\Ip 864F2C10 Device \Driver\usbohci \Device\USBPDO-0 864E91F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8676E1F8 Device \Driver\dmio \Device\DmControl\DmConfig 8676E1F8 Device \Driver\dmio \Device\DmControl\DmPnP 8676E1F8 Device \Driver\dmio \Device\DmControl\DmInfo 8676E1F8 Device \Driver\usbehci \Device\USBPDO-1 863A61F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{88FB2A9C-D612-4D61-935C-A51EF091A2A7} 858B91F8 Device \Driver\Tcpip \Device\Tcp 864F2C10 Device \Driver\Ftdisk \Device\HarddiskVolume1 867DC1F8 Device \Driver\usbstor \Device\00000064 8650A360 Device \Driver\Ftdisk \Device\HarddiskVolume2 867DC1F8 Device \Driver\Cdrom \Device\CdRom0 8639D500 Device \Driver\NetBT \Device\NetBt_Wins_Export 858B91F8 Device \Driver\NetBT \Device\NetbiosSmb 858B91F8 Device \Driver\nvata \Device\0000005b 8676D1F8 Device \Driver\nvata \Device\0000005c 8676D1F8 Device \Driver\Tcpip \Device\Udp 864F2C10 Device \Driver\Tcpip \Device\RawIp 864F2C10 Device \Driver\usbohci \Device\USBFDO-0 864E91F8 Device \Driver\usbehci \Device\USBFDO-1 863A61F8 Device \Driver\nvata \Device\NvAta0 8676D1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8576D1F8 Device \Driver\Tcpip \Device\IPMULTICAST 864F2C10 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8576D1F8 Device \Driver\Ftdisk \Device\FtControl 867DC1F8 Device \FileSystem\Cdfs \Cdfs 863CF500 ---- Threads - GMER 1.0.15 ---- Thread System [4:120] 866C986B Thread System [4:124] 866C99A9 Thread System [4:700] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys System [4.700] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED System [4.700] ZwDeleteValueKey SSDT 866CBE85 System [4.700] ZwEnumerateKey SSDT 866CBF9E System [4.700] ZwEnumerateValueKey SSDT 866CBDBB System [4.700] ZwOpenKey SSDT 866CBAF5 System [4.700] ZwOpenProcess SSDT 866CBB7D System [4.700] ZwOpenThread SSDT 866CC432 System [4.700] ZwProtectVirtualMemory SSDT 866CC609 System [4.700] ZwQueryDirectoryFile SSDT sphj.sys System [4.700] ZwQueryKey [0xF740220A] SSDT 866CB9A2 System [4.700] ZwQuerySystemInformation SSDT sphj.sys System [4.700] ZwQueryValueKey [0xF740208A] SSDT 866CC346 System [4.700] ZwReadVirtualMemory SSDT 866CBD48 System [4.700] ZwSetContextThread SSDT 866CC0DB System [4.700] ZwSetValueKey SSDT 866C9D8D System [4.700] ZwShutdownSystem SSDT 866CBCD5 System [4.700] ZwSuspendThread SSDT 866CBC62 System [4.700] ZwTerminateThread SSDT 866CC3BC System [4.700] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread System [4:976] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys System [4.976] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED System [4.976] ZwDeleteValueKey SSDT 866CBE85 System [4.976] ZwEnumerateKey SSDT 866CBF9E System [4.976] ZwEnumerateValueKey SSDT 866CBDBB System [4.976] ZwOpenKey SSDT 866CBAF5 System [4.976] ZwOpenProcess SSDT 866CBB7D System [4.976] ZwOpenThread SSDT 866CC432 System [4.976] ZwProtectVirtualMemory SSDT 866CC609 System [4.976] ZwQueryDirectoryFile SSDT sphj.sys System [4.976] ZwQueryKey [0xF740220A] SSDT 866CB9A2 System [4.976] ZwQuerySystemInformation SSDT sphj.sys System [4.976] ZwQueryValueKey [0xF740208A] SSDT 866CC346 System [4.976] ZwReadVirtualMemory SSDT 866CBD48 System [4.976] ZwSetContextThread SSDT 866CC0DB System [4.976] ZwSetValueKey SSDT 866C9D8D System [4.976] ZwShutdownSystem SSDT 866CBCD5 System [4.976] ZwSuspendThread SSDT 866CBC62 System [4.976] ZwTerminateThread SSDT 866CC3BC System [4.976] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread System [4:1548] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys System [4.1548] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED System [4.1548] ZwDeleteValueKey SSDT 866CBE85 System [4.1548] ZwEnumerateKey SSDT 866CBF9E System [4.1548] ZwEnumerateValueKey SSDT 866CBDBB System [4.1548] ZwOpenKey SSDT 866CBAF5 System [4.1548] ZwOpenProcess SSDT 866CBB7D System [4.1548] ZwOpenThread SSDT 866CC432 System [4.1548] ZwProtectVirtualMemory SSDT 866CC609 System [4.1548] ZwQueryDirectoryFile SSDT sphj.sys System [4.1548] ZwQueryKey [0xF740220A] SSDT 866CB9A2 System [4.1548] ZwQuerySystemInformation SSDT sphj.sys System [4.1548] ZwQueryValueKey [0xF740208A] SSDT 866CC346 System [4.1548] ZwReadVirtualMemory SSDT 866CBD48 System [4.1548] ZwSetContextThread SSDT 866CC0DB System [4.1548] ZwSetValueKey SSDT 866C9D8D System [4.1548] ZwShutdownSystem SSDT 866CBCD5 System [4.1548] ZwSuspendThread SSDT 866CBC62 System [4.1548] ZwTerminateThread SSDT 866CC3BC System [4.1548] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread System [4:1156] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys System [4.1156] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED System [4.1156] ZwDeleteValueKey SSDT 866CBE85 System [4.1156] ZwEnumerateKey SSDT 866CBF9E System [4.1156] ZwEnumerateValueKey SSDT 866CBDBB System [4.1156] ZwOpenKey SSDT 866CBAF5 System [4.1156] ZwOpenProcess SSDT 866CBB7D System [4.1156] ZwOpenThread SSDT 866CC432 System [4.1156] ZwProtectVirtualMemory SSDT 866CC609 System [4.1156] ZwQueryDirectoryFile SSDT sphj.sys System [4.1156] ZwQueryKey [0xF740220A] SSDT 866CB9A2 System [4.1156] ZwQuerySystemInformation SSDT sphj.sys System [4.1156] ZwQueryValueKey [0xF740208A] SSDT 866CC346 System [4.1156] ZwReadVirtualMemory SSDT 866CBD48 System [4.1156] ZwSetContextThread SSDT 866CC0DB System [4.1156] ZwSetValueKey SSDT 866C9D8D System [4.1156] ZwShutdownSystem SSDT 866CBCD5 System [4.1156] ZwSuspendThread SSDT 866CBC62 System [4.1156] ZwTerminateThread SSDT 866CC3BC System [4.1156] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread System [4:1160] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys System [4.1160] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED System [4.1160] ZwDeleteValueKey SSDT 866CBE85 System [4.1160] ZwEnumerateKey SSDT 866CBF9E System [4.1160] ZwEnumerateValueKey SSDT 866CBDBB System [4.1160] ZwOpenKey SSDT 866CBAF5 System [4.1160] ZwOpenProcess SSDT 866CBB7D System [4.1160] ZwOpenThread SSDT 866CC432 System [4.1160] ZwProtectVirtualMemory SSDT 866CC609 System [4.1160] ZwQueryDirectoryFile SSDT sphj.sys System [4.1160] ZwQueryKey [0xF740220A] SSDT 866CB9A2 System [4.1160] ZwQuerySystemInformation SSDT sphj.sys System [4.1160] ZwQueryValueKey [0xF740208A] SSDT 866CC346 System [4.1160] ZwReadVirtualMemory SSDT 866CBD48 System [4.1160] ZwSetContextThread SSDT 866CC0DB System [4.1160] ZwSetValueKey SSDT 866C9D8D System [4.1160] ZwShutdownSystem SSDT 866CBCD5 System [4.1160] ZwSuspendThread SSDT 866CBC62 System [4.1160] ZwTerminateThread SSDT 866CC3BC System [4.1160] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread System [4:1164] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys System [4.1164] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED System [4.1164] ZwDeleteValueKey SSDT 866CBE85 System [4.1164] ZwEnumerateKey SSDT 866CBF9E System [4.1164] ZwEnumerateValueKey SSDT 866CBDBB System [4.1164] ZwOpenKey SSDT 866CBAF5 System [4.1164] ZwOpenProcess SSDT 866CBB7D System [4.1164] ZwOpenThread SSDT 866CC432 System [4.1164] ZwProtectVirtualMemory SSDT 866CC609 System [4.1164] ZwQueryDirectoryFile SSDT sphj.sys System [4.1164] ZwQueryKey [0xF740220A] SSDT 866CB9A2 System [4.1164] ZwQuerySystemInformation SSDT sphj.sys System [4.1164] ZwQueryValueKey [0xF740208A] SSDT 866CC346 System [4.1164] ZwReadVirtualMemory SSDT 866CBD48 System [4.1164] ZwSetContextThread SSDT 866CC0DB System [4.1164] ZwSetValueKey SSDT 866C9D8D System [4.1164] ZwShutdownSystem SSDT 866CBCD5 System [4.1164] ZwSuspendThread SSDT 866CBC62 System [4.1164] ZwTerminateThread SSDT 866CC3BC System [4.1164] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread System [4:1168] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys System [4.1168] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED System [4.1168] ZwDeleteValueKey SSDT 866CBE85 System [4.1168] ZwEnumerateKey SSDT 866CBF9E System [4.1168] ZwEnumerateValueKey SSDT 866CBDBB System [4.1168] ZwOpenKey SSDT 866CBAF5 System [4.1168] ZwOpenProcess SSDT 866CBB7D System [4.1168] ZwOpenThread SSDT 866CC432 System [4.1168] ZwProtectVirtualMemory SSDT 866CC609 System [4.1168] ZwQueryDirectoryFile SSDT sphj.sys System [4.1168] ZwQueryKey [0xF740220A] SSDT 866CB9A2 System [4.1168] ZwQuerySystemInformation SSDT sphj.sys System [4.1168] ZwQueryValueKey [0xF740208A] SSDT 866CC346 System [4.1168] ZwReadVirtualMemory SSDT 866CBD48 System [4.1168] ZwSetContextThread SSDT 866CC0DB System [4.1168] ZwSetValueKey SSDT 866C9D8D System [4.1168] ZwShutdownSystem SSDT 866CBCD5 System [4.1168] ZwSuspendThread SSDT 866CBC62 System [4.1168] ZwTerminateThread SSDT 866CC3BC System [4.1168] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread System [4:1272] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys System [4.1272] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED System [4.1272] ZwDeleteValueKey SSDT 866CBE85 System [4.1272] ZwEnumerateKey SSDT 866CBF9E System [4.1272] ZwEnumerateValueKey SSDT 866CBDBB System [4.1272] ZwOpenKey SSDT 866CBAF5 System [4.1272] ZwOpenProcess SSDT 866CBB7D System [4.1272] ZwOpenThread SSDT 866CC432 System [4.1272] ZwProtectVirtualMemory SSDT 866CC609 System [4.1272] ZwQueryDirectoryFile SSDT sphj.sys System [4.1272] ZwQueryKey [0xF740220A] SSDT 866CB9A2 System [4.1272] ZwQuerySystemInformation SSDT sphj.sys System [4.1272] ZwQueryValueKey [0xF740208A] SSDT 866CC346 System [4.1272] ZwReadVirtualMemory SSDT 866CBD48 System [4.1272] ZwSetContextThread SSDT 866CC0DB System [4.1272] ZwSetValueKey SSDT 866C9D8D System [4.1272] ZwShutdownSystem SSDT 866CBCD5 System [4.1272] ZwSuspendThread SSDT 866CBC62 System [4.1272] ZwTerminateThread SSDT 866CC3BC System [4.1272] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread System [4:1400] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys System [4.1400] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED System [4.1400] ZwDeleteValueKey SSDT 866CBE85 System [4.1400] ZwEnumerateKey SSDT 866CBF9E System [4.1400] ZwEnumerateValueKey SSDT 866CBDBB System [4.1400] ZwOpenKey SSDT 866CBAF5 System [4.1400] ZwOpenProcess SSDT 866CBB7D System [4.1400] ZwOpenThread SSDT 866CC432 System [4.1400] ZwProtectVirtualMemory SSDT 866CC609 System [4.1400] ZwQueryDirectoryFile SSDT sphj.sys System [4.1400] ZwQueryKey [0xF740220A] SSDT 866CB9A2 System [4.1400] ZwQuerySystemInformation SSDT sphj.sys System [4.1400] ZwQueryValueKey [0xF740208A] SSDT 866CC346 System [4.1400] ZwReadVirtualMemory SSDT 866CBD48 System [4.1400] ZwSetContextThread SSDT 866CC0DB System [4.1400] ZwSetValueKey SSDT 866C9D8D System [4.1400] ZwShutdownSystem SSDT 866CBCD5 System [4.1400] ZwSuspendThread SSDT 866CBC62 System [4.1400] ZwTerminateThread SSDT 866CC3BC System [4.1400] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread System [4:1504] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys System [4.1504] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED System [4.1504] ZwDeleteValueKey SSDT 866CBE85 System [4.1504] ZwEnumerateKey SSDT 866CBF9E System [4.1504] ZwEnumerateValueKey SSDT 866CBDBB System [4.1504] ZwOpenKey SSDT 866CBAF5 System [4.1504] ZwOpenProcess SSDT 866CBB7D System [4.1504] ZwOpenThread SSDT 866CC432 System [4.1504] ZwProtectVirtualMemory SSDT 866CC609 System [4.1504] ZwQueryDirectoryFile SSDT sphj.sys System [4.1504] ZwQueryKey [0xF740220A] SSDT 866CB9A2 System [4.1504] ZwQuerySystemInformation SSDT sphj.sys System [4.1504] ZwQueryValueKey [0xF740208A] SSDT 866CC346 System [4.1504] ZwReadVirtualMemory SSDT 866CBD48 System [4.1504] ZwSetContextThread SSDT 866CC0DB System [4.1504] ZwSetValueKey SSDT 866C9D8D System [4.1504] ZwShutdownSystem SSDT 866CBCD5 System [4.1504] ZwSuspendThread SSDT 866CBC62 System [4.1504] ZwTerminateThread SSDT 866CC3BC System [4.1504] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread System [4:2124] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys System [4.2124] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED System [4.2124] ZwDeleteValueKey SSDT 866CBE85 System [4.2124] ZwEnumerateKey SSDT 866CBF9E System [4.2124] ZwEnumerateValueKey SSDT 866CBDBB System [4.2124] ZwOpenKey SSDT 866CBAF5 System [4.2124] ZwOpenProcess SSDT 866CBB7D System [4.2124] ZwOpenThread SSDT 866CC432 System [4.2124] ZwProtectVirtualMemory SSDT 866CC609 System [4.2124] ZwQueryDirectoryFile SSDT sphj.sys System [4.2124] ZwQueryKey [0xF740220A] SSDT 866CB9A2 System [4.2124] ZwQuerySystemInformation SSDT sphj.sys System [4.2124] ZwQueryValueKey [0xF740208A] SSDT 866CC346 System [4.2124] ZwReadVirtualMemory SSDT 866CBD48 System [4.2124] ZwSetContextThread SSDT 866CC0DB System [4.2124] ZwSetValueKey SSDT 866C9D8D System [4.2124] ZwShutdownSystem SSDT 866CBCD5 System [4.2124] ZwSuspendThread SSDT 866CBC62 System [4.2124] ZwTerminateThread SSDT 866CC3BC System [4.2124] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread System [4:2128] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys System [4.2128] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED System [4.2128] ZwDeleteValueKey SSDT 866CBE85 System [4.2128] ZwEnumerateKey SSDT 866CBF9E System [4.2128] ZwEnumerateValueKey SSDT 866CBDBB System [4.2128] ZwOpenKey SSDT 866CBAF5 System [4.2128] ZwOpenProcess SSDT 866CBB7D System [4.2128] ZwOpenThread SSDT 866CC432 System [4.2128] ZwProtectVirtualMemory SSDT 866CC609 System [4.2128] ZwQueryDirectoryFile SSDT sphj.sys System [4.2128] ZwQueryKey [0xF740220A] SSDT 866CB9A2 System [4.2128] ZwQuerySystemInformation SSDT sphj.sys System [4.2128] ZwQueryValueKey [0xF740208A] SSDT 866CC346 System [4.2128] ZwReadVirtualMemory SSDT 866CBD48 System [4.2128] ZwSetContextThread SSDT 866CC0DB System [4.2128] ZwSetValueKey SSDT 866C9D8D System [4.2128] ZwShutdownSystem SSDT 866CBCD5 System [4.2128] ZwSuspendThread SSDT 866CBC62 System [4.2128] ZwTerminateThread SSDT 866CC3BC System [4.2128] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread System [4:2132] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys System [4.2132] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED System [4.2132] ZwDeleteValueKey SSDT 866CBE85 System [4.2132] ZwEnumerateKey SSDT 866CBF9E System [4.2132] ZwEnumerateValueKey SSDT 866CBDBB System [4.2132] ZwOpenKey SSDT 866CBAF5 System [4.2132] ZwOpenProcess SSDT 866CBB7D System [4.2132] ZwOpenThread SSDT 866CC432 System [4.2132] ZwProtectVirtualMemory SSDT 866CC609 System [4.2132] ZwQueryDirectoryFile SSDT sphj.sys System [4.2132] ZwQueryKey [0xF740220A] SSDT 866CB9A2 System [4.2132] ZwQuerySystemInformation SSDT sphj.sys System [4.2132] ZwQueryValueKey [0xF740208A] SSDT 866CC346 System [4.2132] ZwReadVirtualMemory SSDT 866CBD48 System [4.2132] ZwSetContextThread SSDT 866CC0DB System [4.2132] ZwSetValueKey SSDT 866C9D8D System [4.2132] ZwShutdownSystem SSDT 866CBCD5 System [4.2132] ZwSuspendThread SSDT 866CBC62 System [4.2132] ZwTerminateThread SSDT 866CC3BC System [4.2132] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread System [4:2136] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys System [4.2136] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED System [4.2136] ZwDeleteValueKey SSDT 866CBE85 System [4.2136] ZwEnumerateKey SSDT 866CBF9E System [4.2136] ZwEnumerateValueKey SSDT 866CBDBB System [4.2136] ZwOpenKey SSDT 866CBAF5 System [4.2136] ZwOpenProcess SSDT 866CBB7D System [4.2136] ZwOpenThread SSDT 866CC432 System [4.2136] ZwProtectVirtualMemory SSDT 866CC609 System [4.2136] ZwQueryDirectoryFile SSDT sphj.sys System [4.2136] ZwQueryKey [0xF740220A] SSDT 866CB9A2 System [4.2136] ZwQuerySystemInformation SSDT sphj.sys System [4.2136] ZwQueryValueKey [0xF740208A] SSDT 866CC346 System [4.2136] ZwReadVirtualMemory SSDT 866CBD48 System [4.2136] ZwSetContextThread SSDT 866CC0DB System [4.2136] ZwSetValueKey SSDT 866C9D8D System [4.2136] ZwShutdownSystem SSDT 866CBCD5 System [4.2136] ZwSuspendThread SSDT 866CBC62 System [4.2136] ZwTerminateThread SSDT 866CC3BC System [4.2136] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread System [4:2140] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys System [4.2140] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED System [4.2140] ZwDeleteValueKey SSDT 866CBE85 System [4.2140] ZwEnumerateKey SSDT 866CBF9E System [4.2140] ZwEnumerateValueKey SSDT 866CBDBB System [4.2140] ZwOpenKey SSDT 866CBAF5 System [4.2140] ZwOpenProcess SSDT 866CBB7D System [4.2140] ZwOpenThread SSDT 866CC432 System [4.2140] ZwProtectVirtualMemory SSDT 866CC609 System [4.2140] ZwQueryDirectoryFile SSDT sphj.sys System [4.2140] ZwQueryKey [0xF740220A] SSDT 866CB9A2 System [4.2140] ZwQuerySystemInformation SSDT sphj.sys System [4.2140] ZwQueryValueKey [0xF740208A] SSDT 866CC346 System [4.2140] ZwReadVirtualMemory SSDT 866CBD48 System [4.2140] ZwSetContextThread SSDT 866CC0DB System [4.2140] ZwSetValueKey SSDT 866C9D8D System [4.2140] ZwShutdownSystem SSDT 866CBCD5 System [4.2140] ZwSuspendThread SSDT 866CBC62 System [4.2140] ZwTerminateThread SSDT 866CC3BC System [4.2140] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread System [4:6356] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys System [4.6356] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED System [4.6356] ZwDeleteValueKey SSDT 866CBE85 System [4.6356] ZwEnumerateKey SSDT 866CBF9E System [4.6356] ZwEnumerateValueKey SSDT 866CBDBB System [4.6356] ZwOpenKey SSDT 866CBAF5 System [4.6356] ZwOpenProcess SSDT 866CBB7D System [4.6356] ZwOpenThread SSDT 866CC432 System [4.6356] ZwProtectVirtualMemory SSDT 866CC609 System [4.6356] ZwQueryDirectoryFile SSDT sphj.sys System [4.6356] ZwQueryKey [0xF740220A] SSDT 866CB9A2 System [4.6356] ZwQuerySystemInformation SSDT sphj.sys System [4.6356] ZwQueryValueKey [0xF740208A] SSDT 866CC346 System [4.6356] ZwReadVirtualMemory SSDT 866CBD48 System [4.6356] ZwSetContextThread SSDT 866CC0DB System [4.6356] ZwSetValueKey SSDT 866C9D8D System [4.6356] ZwShutdownSystem SSDT 866CBCD5 System [4.6356] ZwSuspendThread SSDT 866CBC62 System [4.6356] ZwTerminateThread SSDT 866CC3BC System [4.6356] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread ctfmon.exe [280:260] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys ctfmon.exe [280.260] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED ctfmon.exe [280.260] ZwDeleteValueKey SSDT 866CBE85 ctfmon.exe [280.260] ZwEnumerateKey SSDT 866CBF9E ctfmon.exe [280.260] ZwEnumerateValueKey SSDT 866CBDBB ctfmon.exe [280.260] ZwOpenKey SSDT 866CBAF5 ctfmon.exe [280.260] ZwOpenProcess SSDT 866CBB7D ctfmon.exe [280.260] ZwOpenThread SSDT 866CC432 ctfmon.exe [280.260] ZwProtectVirtualMemory SSDT 866CC609 ctfmon.exe [280.260] ZwQueryDirectoryFile SSDT sphj.sys ctfmon.exe [280.260] ZwQueryKey [0xF740220A] SSDT 866CB9A2 ctfmon.exe [280.260] ZwQuerySystemInformation SSDT sphj.sys ctfmon.exe [280.260] ZwQueryValueKey [0xF740208A] SSDT 866CC346 ctfmon.exe [280.260] ZwReadVirtualMemory SSDT 866CBD48 ctfmon.exe [280.260] ZwSetContextThread SSDT 866CC0DB ctfmon.exe [280.260] ZwSetValueKey SSDT 866C9D8D ctfmon.exe [280.260] ZwShutdownSystem SSDT 866CBCD5 ctfmon.exe [280.260] ZwSuspendThread SSDT 866CBC62 ctfmon.exe [280.260] ZwTerminateThread SSDT 866CC3BC ctfmon.exe [280.260] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread nvsvc32.exe [292:296] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys nvsvc32.exe [292.296] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED nvsvc32.exe [292.296] ZwDeleteValueKey SSDT 866CBE85 nvsvc32.exe [292.296] ZwEnumerateKey SSDT 866CBF9E nvsvc32.exe [292.296] ZwEnumerateValueKey SSDT 866CBDBB nvsvc32.exe [292.296] ZwOpenKey SSDT 866CBAF5 nvsvc32.exe [292.296] ZwOpenProcess SSDT 866CBB7D nvsvc32.exe [292.296] ZwOpenThread SSDT 866CC432 nvsvc32.exe [292.296] ZwProtectVirtualMemory SSDT 866CC609 nvsvc32.exe [292.296] ZwQueryDirectoryFile SSDT sphj.sys nvsvc32.exe [292.296] ZwQueryKey [0xF740220A] SSDT 866CB9A2 nvsvc32.exe [292.296] ZwQuerySystemInformation SSDT sphj.sys nvsvc32.exe [292.296] ZwQueryValueKey [0xF740208A] SSDT 866CC346 nvsvc32.exe [292.296] ZwReadVirtualMemory SSDT 866CBD48 nvsvc32.exe [292.296] ZwSetContextThread SSDT 866CC0DB nvsvc32.exe [292.296] ZwSetValueKey SSDT 866C9D8D nvsvc32.exe [292.296] ZwShutdownSystem SSDT 866CBCD5 nvsvc32.exe [292.296] ZwSuspendThread SSDT 866CBC62 nvsvc32.exe [292.296] ZwTerminateThread SSDT 866CC3BC nvsvc32.exe [292.296] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread nvsvc32.exe [292:432] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys nvsvc32.exe [292.432] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED nvsvc32.exe [292.432] ZwDeleteValueKey SSDT 866CBE85 nvsvc32.exe [292.432] ZwEnumerateKey SSDT 866CBF9E nvsvc32.exe [292.432] ZwEnumerateValueKey SSDT 866CBDBB nvsvc32.exe [292.432] ZwOpenKey SSDT 866CBAF5 nvsvc32.exe [292.432] ZwOpenProcess SSDT 866CBB7D nvsvc32.exe [292.432] ZwOpenThread SSDT 866CC432 nvsvc32.exe [292.432] ZwProtectVirtualMemory SSDT 866CC609 nvsvc32.exe [292.432] ZwQueryDirectoryFile SSDT sphj.sys nvsvc32.exe [292.432] ZwQueryKey [0xF740220A] SSDT 866CB9A2 nvsvc32.exe [292.432] ZwQuerySystemInformation SSDT sphj.sys nvsvc32.exe [292.432] ZwQueryValueKey [0xF740208A] SSDT 866CC346 nvsvc32.exe [292.432] ZwReadVirtualMemory SSDT 866CBD48 nvsvc32.exe [292.432] ZwSetContextThread SSDT 866CC0DB nvsvc32.exe [292.432] ZwSetValueKey SSDT 866C9D8D nvsvc32.exe [292.432] ZwShutdownSystem SSDT 866CBCD5 nvsvc32.exe [292.432] ZwSuspendThread SSDT 866CBC62 nvsvc32.exe [292.432] ZwTerminateThread SSDT 866CC3BC nvsvc32.exe [292.432] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread nvsvc32.exe [292:436] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys nvsvc32.exe [292.436] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED nvsvc32.exe [292.436] ZwDeleteValueKey SSDT 866CBE85 nvsvc32.exe [292.436] ZwEnumerateKey SSDT 866CBF9E nvsvc32.exe [292.436] ZwEnumerateValueKey SSDT 866CBDBB nvsvc32.exe [292.436] ZwOpenKey SSDT 866CBAF5 nvsvc32.exe [292.436] ZwOpenProcess SSDT 866CBB7D nvsvc32.exe [292.436] ZwOpenThread SSDT 866CC432 nvsvc32.exe [292.436] ZwProtectVirtualMemory SSDT 866CC609 nvsvc32.exe [292.436] ZwQueryDirectoryFile SSDT sphj.sys nvsvc32.exe [292.436] ZwQueryKey [0xF740220A] SSDT 866CB9A2 nvsvc32.exe [292.436] ZwQuerySystemInformation SSDT sphj.sys nvsvc32.exe [292.436] ZwQueryValueKey [0xF740208A] SSDT 866CC346 nvsvc32.exe [292.436] ZwReadVirtualMemory SSDT 866CBD48 nvsvc32.exe [292.436] ZwSetContextThread SSDT 866CC0DB nvsvc32.exe [292.436] ZwSetValueKey SSDT 866C9D8D nvsvc32.exe [292.436] ZwShutdownSystem SSDT 866CBCD5 nvsvc32.exe [292.436] ZwSuspendThread SSDT 866CBC62 nvsvc32.exe [292.436] ZwTerminateThread SSDT 866CC3BC nvsvc32.exe [292.436] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread nvsvc32.exe [292:440] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys nvsvc32.exe [292.440] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED nvsvc32.exe [292.440] ZwDeleteValueKey SSDT 866CBE85 nvsvc32.exe [292.440] ZwEnumerateKey SSDT 866CBF9E nvsvc32.exe [292.440] ZwEnumerateValueKey SSDT 866CBDBB nvsvc32.exe [292.440] ZwOpenKey SSDT 866CBAF5 nvsvc32.exe [292.440] ZwOpenProcess SSDT 866CBB7D nvsvc32.exe [292.440] ZwOpenThread SSDT 866CC432 nvsvc32.exe [292.440] ZwProtectVirtualMemory SSDT 866CC609 nvsvc32.exe [292.440] ZwQueryDirectoryFile SSDT sphj.sys nvsvc32.exe [292.440] ZwQueryKey [0xF740220A] SSDT 866CB9A2 nvsvc32.exe [292.440] ZwQuerySystemInformation SSDT sphj.sys nvsvc32.exe [292.440] ZwQueryValueKey [0xF740208A] SSDT 866CC346 nvsvc32.exe [292.440] ZwReadVirtualMemory SSDT 866CBD48 nvsvc32.exe [292.440] ZwSetContextThread SSDT 866CC0DB nvsvc32.exe [292.440] ZwSetValueKey SSDT 866C9D8D nvsvc32.exe [292.440] ZwShutdownSystem SSDT 866CBCD5 nvsvc32.exe [292.440] ZwSuspendThread SSDT 866CBC62 nvsvc32.exe [292.440] ZwTerminateThread SSDT 866CC3BC nvsvc32.exe [292.440] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread nvsvc32.exe [292:444] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys nvsvc32.exe [292.444] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED nvsvc32.exe [292.444] ZwDeleteValueKey SSDT 866CBE85 nvsvc32.exe [292.444] ZwEnumerateKey SSDT 866CBF9E nvsvc32.exe [292.444] ZwEnumerateValueKey SSDT 866CBDBB nvsvc32.exe [292.444] ZwOpenKey SSDT 866CBAF5 nvsvc32.exe [292.444] ZwOpenProcess SSDT 866CBB7D nvsvc32.exe [292.444] ZwOpenThread SSDT 866CC432 nvsvc32.exe [292.444] ZwProtectVirtualMemory SSDT 866CC609 nvsvc32.exe [292.444] ZwQueryDirectoryFile SSDT sphj.sys nvsvc32.exe [292.444] ZwQueryKey [0xF740220A] SSDT 866CB9A2 nvsvc32.exe [292.444] ZwQuerySystemInformation SSDT sphj.sys nvsvc32.exe [292.444] ZwQueryValueKey [0xF740208A] SSDT 866CC346 nvsvc32.exe [292.444] ZwReadVirtualMemory SSDT 866CBD48 nvsvc32.exe [292.444] ZwSetContextThread SSDT 866CC0DB nvsvc32.exe [292.444] ZwSetValueKey SSDT 866C9D8D nvsvc32.exe [292.444] ZwShutdownSystem SSDT 866CBCD5 nvsvc32.exe [292.444] ZwSuspendThread SSDT 866CBC62 nvsvc32.exe [292.444] ZwTerminateThread SSDT 866CC3BC nvsvc32.exe [292.444] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread nvsvc32.exe [292:476] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys nvsvc32.exe [292.476] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED nvsvc32.exe [292.476] ZwDeleteValueKey SSDT 866CBE85 nvsvc32.exe [292.476] ZwEnumerateKey SSDT 866CBF9E nvsvc32.exe [292.476] ZwEnumerateValueKey SSDT 866CBDBB nvsvc32.exe [292.476] ZwOpenKey SSDT 866CBAF5 nvsvc32.exe [292.476] ZwOpenProcess SSDT 866CBB7D nvsvc32.exe [292.476] ZwOpenThread SSDT 866CC432 nvsvc32.exe [292.476] ZwProtectVirtualMemory SSDT 866CC609 nvsvc32.exe [292.476] ZwQueryDirectoryFile SSDT sphj.sys nvsvc32.exe [292.476] ZwQueryKey [0xF740220A] SSDT 866CB9A2 nvsvc32.exe [292.476] ZwQuerySystemInformation SSDT sphj.sys nvsvc32.exe [292.476] ZwQueryValueKey [0xF740208A] SSDT 866CC346 nvsvc32.exe [292.476] ZwReadVirtualMemory SSDT 866CBD48 nvsvc32.exe [292.476] ZwSetContextThread SSDT 866CC0DB nvsvc32.exe [292.476] ZwSetValueKey SSDT 866C9D8D nvsvc32.exe [292.476] ZwShutdownSystem SSDT 866CBCD5 nvsvc32.exe [292.476] ZwSuspendThread SSDT 866CBC62 nvsvc32.exe [292.476] ZwTerminateThread SSDT 866CC3BC nvsvc32.exe [292.476] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread nvsvc32.exe [292:480] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys nvsvc32.exe [292.480] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED nvsvc32.exe [292.480] ZwDeleteValueKey SSDT 866CBE85 nvsvc32.exe [292.480] ZwEnumerateKey SSDT 866CBF9E nvsvc32.exe [292.480] ZwEnumerateValueKey SSDT 866CBDBB nvsvc32.exe [292.480] ZwOpenKey SSDT 866CBAF5 nvsvc32.exe [292.480] ZwOpenProcess SSDT 866CBB7D nvsvc32.exe [292.480] ZwOpenThread SSDT 866CC432 nvsvc32.exe [292.480] ZwProtectVirtualMemory SSDT 866CC609 nvsvc32.exe [292.480] ZwQueryDirectoryFile SSDT sphj.sys nvsvc32.exe [292.480] ZwQueryKey [0xF740220A] SSDT 866CB9A2 nvsvc32.exe [292.480] ZwQuerySystemInformation SSDT sphj.sys nvsvc32.exe [292.480] ZwQueryValueKey [0xF740208A] SSDT 866CC346 nvsvc32.exe [292.480] ZwReadVirtualMemory SSDT 866CBD48 nvsvc32.exe [292.480] ZwSetContextThread SSDT 866CC0DB nvsvc32.exe [292.480] ZwSetValueKey SSDT 866C9D8D nvsvc32.exe [292.480] ZwShutdownSystem SSDT 866CBCD5 nvsvc32.exe [292.480] ZwSuspendThread SSDT 866CBC62 nvsvc32.exe [292.480] ZwTerminateThread SSDT 866CC3BC nvsvc32.exe [292.480] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread nvsvc32.exe [292:2420] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys nvsvc32.exe [292.2420] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED nvsvc32.exe [292.2420] ZwDeleteValueKey SSDT 866CBE85 nvsvc32.exe [292.2420] ZwEnumerateKey SSDT 866CBF9E nvsvc32.exe [292.2420] ZwEnumerateValueKey SSDT 866CBDBB nvsvc32.exe [292.2420] ZwOpenKey SSDT 866CBAF5 nvsvc32.exe [292.2420] ZwOpenProcess SSDT 866CBB7D nvsvc32.exe [292.2420] ZwOpenThread SSDT 866CC432 nvsvc32.exe [292.2420] ZwProtectVirtualMemory SSDT 866CC609 nvsvc32.exe [292.2420] ZwQueryDirectoryFile SSDT sphj.sys nvsvc32.exe [292.2420] ZwQueryKey [0xF740220A] SSDT 866CB9A2 nvsvc32.exe [292.2420] ZwQuerySystemInformation SSDT sphj.sys nvsvc32.exe [292.2420] ZwQueryValueKey [0xF740208A] SSDT 866CC346 nvsvc32.exe [292.2420] ZwReadVirtualMemory SSDT 866CBD48 nvsvc32.exe [292.2420] ZwSetContextThread SSDT 866CC0DB nvsvc32.exe [292.2420] ZwSetValueKey SSDT 866C9D8D nvsvc32.exe [292.2420] ZwShutdownSystem SSDT 866CBCD5 nvsvc32.exe [292.2420] ZwSuspendThread SSDT 866CBC62 nvsvc32.exe [292.2420] ZwTerminateThread SSDT 866CC3BC nvsvc32.exe [292.2420] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread nvsvc32.exe [292:2920] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys nvsvc32.exe [292.2920] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED nvsvc32.exe [292.2920] ZwDeleteValueKey SSDT 866CBE85 nvsvc32.exe [292.2920] ZwEnumerateKey SSDT 866CBF9E nvsvc32.exe [292.2920] ZwEnumerateValueKey SSDT 866CBDBB nvsvc32.exe [292.2920] ZwOpenKey SSDT 866CBAF5 nvsvc32.exe [292.2920] ZwOpenProcess SSDT 866CBB7D nvsvc32.exe [292.2920] ZwOpenThread SSDT 866CC432 nvsvc32.exe [292.2920] ZwProtectVirtualMemory SSDT 866CC609 nvsvc32.exe [292.2920] ZwQueryDirectoryFile SSDT sphj.sys nvsvc32.exe [292.2920] ZwQueryKey [0xF740220A] SSDT 866CB9A2 nvsvc32.exe [292.2920] ZwQuerySystemInformation SSDT sphj.sys nvsvc32.exe [292.2920] ZwQueryValueKey [0xF740208A] SSDT 866CC346 nvsvc32.exe [292.2920] ZwReadVirtualMemory SSDT 866CBD48 nvsvc32.exe [292.2920] ZwSetContextThread SSDT 866CC0DB nvsvc32.exe [292.2920] ZwSetValueKey SSDT 866C9D8D nvsvc32.exe [292.2920] ZwShutdownSystem SSDT 866CBCD5 nvsvc32.exe [292.2920] ZwSuspendThread SSDT 866CBC62 nvsvc32.exe [292.2920] ZwTerminateThread SSDT 866CC3BC nvsvc32.exe [292.2920] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread nvsvc32.exe [292:7704] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys nvsvc32.exe [292.7704] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED nvsvc32.exe [292.7704] ZwDeleteValueKey SSDT 866CBE85 nvsvc32.exe [292.7704] ZwEnumerateKey SSDT 866CBF9E nvsvc32.exe [292.7704] ZwEnumerateValueKey SSDT 866CBDBB nvsvc32.exe [292.7704] ZwOpenKey SSDT 866CBAF5 nvsvc32.exe [292.7704] ZwOpenProcess SSDT 866CBB7D nvsvc32.exe [292.7704] ZwOpenThread SSDT 866CC432 nvsvc32.exe [292.7704] ZwProtectVirtualMemory SSDT 866CC609 nvsvc32.exe [292.7704] ZwQueryDirectoryFile SSDT sphj.sys nvsvc32.exe [292.7704] ZwQueryKey [0xF740220A] SSDT 866CB9A2 nvsvc32.exe [292.7704] ZwQuerySystemInformation SSDT sphj.sys nvsvc32.exe [292.7704] ZwQueryValueKey [0xF740208A] SSDT 866CC346 nvsvc32.exe [292.7704] ZwReadVirtualMemory SSDT 866CBD48 nvsvc32.exe [292.7704] ZwSetContextThread SSDT 866CC0DB nvsvc32.exe [292.7704] ZwSetValueKey SSDT 866C9D8D nvsvc32.exe [292.7704] ZwShutdownSystem SSDT 866CBCD5 nvsvc32.exe [292.7704] ZwSuspendThread SSDT 866CBC62 nvsvc32.exe [292.7704] ZwTerminateThread SSDT 866CC3BC nvsvc32.exe [292.7704] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread nvsvc32.exe [292:2784] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys nvsvc32.exe [292.2784] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED nvsvc32.exe [292.2784] ZwDeleteValueKey SSDT 866CBE85 nvsvc32.exe [292.2784] ZwEnumerateKey SSDT 866CBF9E nvsvc32.exe [292.2784] ZwEnumerateValueKey SSDT 866CBDBB nvsvc32.exe [292.2784] ZwOpenKey SSDT 866CBAF5 nvsvc32.exe [292.2784] ZwOpenProcess SSDT 866CBB7D nvsvc32.exe [292.2784] ZwOpenThread SSDT 866CC432 nvsvc32.exe [292.2784] ZwProtectVirtualMemory SSDT 866CC609 nvsvc32.exe [292.2784] ZwQueryDirectoryFile SSDT sphj.sys nvsvc32.exe [292.2784] ZwQueryKey [0xF740220A] SSDT 866CB9A2 nvsvc32.exe [292.2784] ZwQuerySystemInformation SSDT sphj.sys nvsvc32.exe [292.2784] ZwQueryValueKey [0xF740208A] SSDT 866CC346 nvsvc32.exe [292.2784] ZwReadVirtualMemory SSDT 866CBD48 nvsvc32.exe [292.2784] ZwSetContextThread SSDT 866CC0DB nvsvc32.exe [292.2784] ZwSetValueKey SSDT 866C9D8D nvsvc32.exe [292.2784] ZwShutdownSystem SSDT 866CBCD5 nvsvc32.exe [292.2784] ZwSuspendThread SSDT 866CBC62 nvsvc32.exe [292.2784] ZwTerminateThread SSDT 866CC3BC nvsvc32.exe [292.2784] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread nvsvc32.exe [292:5848] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys nvsvc32.exe [292.5848] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED nvsvc32.exe [292.5848] ZwDeleteValueKey SSDT 866CBE85 nvsvc32.exe [292.5848] ZwEnumerateKey SSDT 866CBF9E nvsvc32.exe [292.5848] ZwEnumerateValueKey SSDT 866CBDBB nvsvc32.exe [292.5848] ZwOpenKey SSDT 866CBAF5 nvsvc32.exe [292.5848] ZwOpenProcess SSDT 866CBB7D nvsvc32.exe [292.5848] ZwOpenThread SSDT 866CC432 nvsvc32.exe [292.5848] ZwProtectVirtualMemory SSDT 866CC609 nvsvc32.exe [292.5848] ZwQueryDirectoryFile SSDT sphj.sys nvsvc32.exe [292.5848] ZwQueryKey [0xF740220A] SSDT 866CB9A2 nvsvc32.exe [292.5848] ZwQuerySystemInformation SSDT sphj.sys nvsvc32.exe [292.5848] ZwQueryValueKey [0xF740208A] SSDT 866CC346 nvsvc32.exe [292.5848] ZwReadVirtualMemory SSDT 866CBD48 nvsvc32.exe [292.5848] ZwSetContextThread SSDT 866CC0DB nvsvc32.exe [292.5848] ZwSetValueKey SSDT 866C9D8D nvsvc32.exe [292.5848] ZwShutdownSystem SSDT 866CBCD5 nvsvc32.exe [292.5848] ZwSuspendThread SSDT 866CBC62 nvsvc32.exe [292.5848] ZwTerminateThread SSDT 866CC3BC nvsvc32.exe [292.5848] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread nvsvc32.exe [292:1732] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys nvsvc32.exe [292.1732] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED nvsvc32.exe [292.1732] ZwDeleteValueKey SSDT 866CBE85 nvsvc32.exe [292.1732] ZwEnumerateKey SSDT 866CBF9E nvsvc32.exe [292.1732] ZwEnumerateValueKey SSDT 866CBDBB nvsvc32.exe [292.1732] ZwOpenKey SSDT 866CBAF5 nvsvc32.exe [292.1732] ZwOpenProcess SSDT 866CBB7D nvsvc32.exe [292.1732] ZwOpenThread SSDT 866CC432 nvsvc32.exe [292.1732] ZwProtectVirtualMemory SSDT 866CC609 nvsvc32.exe [292.1732] ZwQueryDirectoryFile SSDT sphj.sys nvsvc32.exe [292.1732] ZwQueryKey [0xF740220A] SSDT 866CB9A2 nvsvc32.exe [292.1732] ZwQuerySystemInformation SSDT sphj.sys nvsvc32.exe [292.1732] ZwQueryValueKey [0xF740208A] SSDT 866CC346 nvsvc32.exe [292.1732] ZwReadVirtualMemory SSDT 866CBD48 nvsvc32.exe [292.1732] ZwSetContextThread SSDT 866CC0DB nvsvc32.exe [292.1732] ZwSetValueKey SSDT 866C9D8D nvsvc32.exe [292.1732] ZwShutdownSystem SSDT 866CBCD5 nvsvc32.exe [292.1732] ZwSuspendThread SSDT 866CBC62 nvsvc32.exe [292.1732] ZwTerminateThread SSDT 866CC3BC nvsvc32.exe [292.1732] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread nvsvc32.exe [292:1860] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys nvsvc32.exe [292.1860] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED nvsvc32.exe [292.1860] ZwDeleteValueKey SSDT 866CBE85 nvsvc32.exe [292.1860] ZwEnumerateKey SSDT 866CBF9E nvsvc32.exe [292.1860] ZwEnumerateValueKey SSDT 866CBDBB nvsvc32.exe [292.1860] ZwOpenKey SSDT 866CBAF5 nvsvc32.exe [292.1860] ZwOpenProcess SSDT 866CBB7D nvsvc32.exe [292.1860] ZwOpenThread SSDT 866CC432 nvsvc32.exe [292.1860] ZwProtectVirtualMemory SSDT 866CC609 nvsvc32.exe [292.1860] ZwQueryDirectoryFile SSDT sphj.sys nvsvc32.exe [292.1860] ZwQueryKey [0xF740220A] SSDT 866CB9A2 nvsvc32.exe [292.1860] ZwQuerySystemInformation SSDT sphj.sys nvsvc32.exe [292.1860] ZwQueryValueKey [0xF740208A] SSDT 866CC346 nvsvc32.exe [292.1860] ZwReadVirtualMemory SSDT 866CBD48 nvsvc32.exe [292.1860] ZwSetContextThread SSDT 866CC0DB nvsvc32.exe [292.1860] ZwSetValueKey SSDT 866C9D8D nvsvc32.exe [292.1860] ZwShutdownSystem SSDT 866CBCD5 nvsvc32.exe [292.1860] ZwSuspendThread SSDT 866CBC62 nvsvc32.exe [292.1860] ZwTerminateThread SSDT 866CC3BC nvsvc32.exe [292.1860] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread nvsvc32.exe [292:2860] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys nvsvc32.exe [292.2860] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED nvsvc32.exe [292.2860] ZwDeleteValueKey SSDT 866CBE85 nvsvc32.exe [292.2860] ZwEnumerateKey SSDT 866CBF9E nvsvc32.exe [292.2860] ZwEnumerateValueKey SSDT 866CBDBB nvsvc32.exe [292.2860] ZwOpenKey SSDT 866CBAF5 nvsvc32.exe [292.2860] ZwOpenProcess SSDT 866CBB7D nvsvc32.exe [292.2860] ZwOpenThread SSDT 866CC432 nvsvc32.exe [292.2860] ZwProtectVirtualMemory SSDT 866CC609 nvsvc32.exe [292.2860] ZwQueryDirectoryFile SSDT sphj.sys nvsvc32.exe [292.2860] ZwQueryKey [0xF740220A] SSDT 866CB9A2 nvsvc32.exe [292.2860] ZwQuerySystemInformation SSDT sphj.sys nvsvc32.exe [292.2860] ZwQueryValueKey [0xF740208A] SSDT 866CC346 nvsvc32.exe [292.2860] ZwReadVirtualMemory SSDT 866CBD48 nvsvc32.exe [292.2860] ZwSetContextThread SSDT 866CC0DB nvsvc32.exe [292.2860] ZwSetValueKey SSDT 866C9D8D nvsvc32.exe [292.2860] ZwShutdownSystem SSDT 866CBCD5 nvsvc32.exe [292.2860] ZwSuspendThread SSDT 866CBC62 nvsvc32.exe [292.2860] ZwTerminateThread SSDT 866CC3BC nvsvc32.exe [292.2860] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread livubu.exe [512:524] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys livubu.exe [512.524] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED livubu.exe [512.524] ZwDeleteValueKey SSDT 866CBE85 livubu.exe [512.524] ZwEnumerateKey SSDT 866CBF9E livubu.exe [512.524] ZwEnumerateValueKey SSDT 866CBDBB livubu.exe [512.524] ZwOpenKey SSDT 866CBAF5 livubu.exe [512.524] ZwOpenProcess SSDT 866CBB7D livubu.exe [512.524] ZwOpenThread SSDT 866CC432 livubu.exe [512.524] ZwProtectVirtualMemory SSDT 866CC609 livubu.exe [512.524] ZwQueryDirectoryFile SSDT sphj.sys livubu.exe [512.524] ZwQueryKey [0xF740220A] SSDT 866CB9A2 livubu.exe [512.524] ZwQuerySystemInformation SSDT sphj.sys livubu.exe [512.524] ZwQueryValueKey [0xF740208A] SSDT 866CC346 livubu.exe [512.524] ZwReadVirtualMemory SSDT 866CBD48 livubu.exe [512.524] ZwSetContextThread SSDT 866CC0DB livubu.exe [512.524] ZwSetValueKey SSDT 866C9D8D livubu.exe [512.524] ZwShutdownSystem SSDT 866CBCD5 livubu.exe [512.524] ZwSuspendThread SSDT 866CBC62 livubu.exe [512.524] ZwTerminateThread SSDT 866CC3BC livubu.exe [512.524] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread livubu.exe [512:2704] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys livubu.exe [512.2704] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED livubu.exe [512.2704] ZwDeleteValueKey SSDT 866CBE85 livubu.exe [512.2704] ZwEnumerateKey SSDT 866CBF9E livubu.exe [512.2704] ZwEnumerateValueKey SSDT 866CBDBB livubu.exe [512.2704] ZwOpenKey SSDT 866CBAF5 livubu.exe [512.2704] ZwOpenProcess SSDT 866CBB7D livubu.exe [512.2704] ZwOpenThread SSDT 866CC432 livubu.exe [512.2704] ZwProtectVirtualMemory SSDT 866CC609 livubu.exe [512.2704] ZwQueryDirectoryFile SSDT sphj.sys livubu.exe [512.2704] ZwQueryKey [0xF740220A] SSDT 866CB9A2 livubu.exe [512.2704] ZwQuerySystemInformation SSDT sphj.sys livubu.exe [512.2704] ZwQueryValueKey [0xF740208A] SSDT 866CC346 livubu.exe [512.2704] ZwReadVirtualMemory SSDT 866CBD48 livubu.exe [512.2704] ZwSetContextThread SSDT 866CC0DB livubu.exe [512.2704] ZwSetValueKey SSDT 866C9D8D livubu.exe [512.2704] ZwShutdownSystem SSDT 866CBCD5 livubu.exe [512.2704] ZwSuspendThread SSDT 866CBC62 livubu.exe [512.2704] ZwTerminateThread SSDT 866CC3BC livubu.exe [512.2704] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread livubu.exe [512:2708] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys livubu.exe [512.2708] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED livubu.exe [512.2708] ZwDeleteValueKey SSDT 866CBE85 livubu.exe [512.2708] ZwEnumerateKey SSDT 866CBF9E livubu.exe [512.2708] ZwEnumerateValueKey SSDT 866CBDBB livubu.exe [512.2708] ZwOpenKey SSDT 866CBAF5 livubu.exe [512.2708] ZwOpenProcess SSDT 866CBB7D livubu.exe [512.2708] ZwOpenThread SSDT 866CC432 livubu.exe [512.2708] ZwProtectVirtualMemory SSDT 866CC609 livubu.exe [512.2708] ZwQueryDirectoryFile SSDT sphj.sys livubu.exe [512.2708] ZwQueryKey [0xF740220A] SSDT 866CB9A2 livubu.exe [512.2708] ZwQuerySystemInformation SSDT sphj.sys livubu.exe [512.2708] ZwQueryValueKey [0xF740208A] SSDT 866CC346 livubu.exe [512.2708] ZwReadVirtualMemory SSDT 866CBD48 livubu.exe [512.2708] ZwSetContextThread SSDT 866CC0DB livubu.exe [512.2708] ZwSetValueKey SSDT 866C9D8D livubu.exe [512.2708] ZwShutdownSystem SSDT 866CBCD5 livubu.exe [512.2708] ZwSuspendThread SSDT 866CBC62 livubu.exe [512.2708] ZwTerminateThread SSDT 866CC3BC livubu.exe [512.2708] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread livubu.exe [512:2712] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys livubu.exe [512.2712] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED livubu.exe [512.2712] ZwDeleteValueKey SSDT 866CBE85 livubu.exe [512.2712] ZwEnumerateKey SSDT 866CBF9E livubu.exe [512.2712] ZwEnumerateValueKey SSDT 866CBDBB livubu.exe [512.2712] ZwOpenKey SSDT 866CBAF5 livubu.exe [512.2712] ZwOpenProcess SSDT 866CBB7D livubu.exe [512.2712] ZwOpenThread SSDT 866CC432 livubu.exe [512.2712] ZwProtectVirtualMemory SSDT 866CC609 livubu.exe [512.2712] ZwQueryDirectoryFile SSDT sphj.sys livubu.exe [512.2712] ZwQueryKey [0xF740220A] SSDT 866CB9A2 livubu.exe [512.2712] ZwQuerySystemInformation SSDT sphj.sys livubu.exe [512.2712] ZwQueryValueKey [0xF740208A] SSDT 866CC346 livubu.exe [512.2712] ZwReadVirtualMemory SSDT 866CBD48 livubu.exe [512.2712] ZwSetContextThread SSDT 866CC0DB livubu.exe [512.2712] ZwSetValueKey SSDT 866C9D8D livubu.exe [512.2712] ZwShutdownSystem SSDT 866CBCD5 livubu.exe [512.2712] ZwSuspendThread SSDT 866CBC62 livubu.exe [512.2712] ZwTerminateThread SSDT 866CC3BC livubu.exe [512.2712] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread livubu.exe [512:2716] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys livubu.exe [512.2716] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED livubu.exe [512.2716] ZwDeleteValueKey SSDT 866CBE85 livubu.exe [512.2716] ZwEnumerateKey SSDT 866CBF9E livubu.exe [512.2716] ZwEnumerateValueKey SSDT 866CBDBB livubu.exe [512.2716] ZwOpenKey SSDT 866CBAF5 livubu.exe [512.2716] ZwOpenProcess SSDT 866CBB7D livubu.exe [512.2716] ZwOpenThread SSDT 866CC432 livubu.exe [512.2716] ZwProtectVirtualMemory SSDT 866CC609 livubu.exe [512.2716] ZwQueryDirectoryFile SSDT sphj.sys livubu.exe [512.2716] ZwQueryKey [0xF740220A] SSDT 866CB9A2 livubu.exe [512.2716] ZwQuerySystemInformation SSDT sphj.sys livubu.exe [512.2716] ZwQueryValueKey [0xF740208A] SSDT 866CC346 livubu.exe [512.2716] ZwReadVirtualMemory SSDT 866CBD48 livubu.exe [512.2716] ZwSetContextThread SSDT 866CC0DB livubu.exe [512.2716] ZwSetValueKey SSDT 866C9D8D livubu.exe [512.2716] ZwShutdownSystem SSDT 866CBCD5 livubu.exe [512.2716] ZwSuspendThread SSDT 866CBC62 livubu.exe [512.2716] ZwTerminateThread SSDT 866CC3BC livubu.exe [512.2716] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread livubu.exe [512:2736] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys livubu.exe [512.2736] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED livubu.exe [512.2736] ZwDeleteValueKey SSDT 866CBE85 livubu.exe [512.2736] ZwEnumerateKey SSDT 866CBF9E livubu.exe [512.2736] ZwEnumerateValueKey SSDT 866CBDBB livubu.exe [512.2736] ZwOpenKey SSDT 866CBAF5 livubu.exe [512.2736] ZwOpenProcess SSDT 866CBB7D livubu.exe [512.2736] ZwOpenThread SSDT 866CC432 livubu.exe [512.2736] ZwProtectVirtualMemory SSDT 866CC609 livubu.exe [512.2736] ZwQueryDirectoryFile SSDT sphj.sys livubu.exe [512.2736] ZwQueryKey [0xF740220A] SSDT 866CB9A2 livubu.exe [512.2736] ZwQuerySystemInformation SSDT sphj.sys livubu.exe [512.2736] ZwQueryValueKey [0xF740208A] SSDT 866CC346 livubu.exe [512.2736] ZwReadVirtualMemory SSDT 866CBD48 livubu.exe [512.2736] ZwSetContextThread SSDT 866CC0DB livubu.exe [512.2736] ZwSetValueKey SSDT 866C9D8D livubu.exe [512.2736] ZwShutdownSystem SSDT 866CBCD5 livubu.exe [512.2736] ZwSuspendThread SSDT 866CBC62 livubu.exe [512.2736] ZwTerminateThread SSDT 866CC3BC livubu.exe [512.2736] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread smss.exe [628:632] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys smss.exe [628.632] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED smss.exe [628.632] ZwDeleteValueKey SSDT 866CBE85 smss.exe [628.632] ZwEnumerateKey SSDT 866CBF9E smss.exe [628.632] ZwEnumerateValueKey SSDT 866CBDBB smss.exe [628.632] ZwOpenKey SSDT 866CBAF5 smss.exe [628.632] ZwOpenProcess SSDT 866CBB7D smss.exe [628.632] ZwOpenThread SSDT 866CC432 smss.exe [628.632] ZwProtectVirtualMemory SSDT 866CC609 smss.exe [628.632] ZwQueryDirectoryFile SSDT sphj.sys smss.exe [628.632] ZwQueryKey [0xF740220A] SSDT 866CB9A2 smss.exe [628.632] ZwQuerySystemInformation SSDT sphj.sys smss.exe [628.632] ZwQueryValueKey [0xF740208A] SSDT 866CC346 smss.exe [628.632] ZwReadVirtualMemory SSDT 866CBD48 smss.exe [628.632] ZwSetContextThread SSDT 866CC0DB smss.exe [628.632] ZwSetValueKey SSDT 866C9D8D smss.exe [628.632] ZwShutdownSystem SSDT 866CBCD5 smss.exe [628.632] ZwSuspendThread SSDT 866CBC62 smss.exe [628.632] ZwTerminateThread SSDT 866CC3BC smss.exe [628.632] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread smss.exe [628:644] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys smss.exe [628.644] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED smss.exe [628.644] ZwDeleteValueKey SSDT 866CBE85 smss.exe [628.644] ZwEnumerateKey SSDT 866CBF9E smss.exe [628.644] ZwEnumerateValueKey SSDT 866CBDBB smss.exe [628.644] ZwOpenKey SSDT 866CBAF5 smss.exe [628.644] ZwOpenProcess SSDT 866CBB7D smss.exe [628.644] ZwOpenThread SSDT 866CC432 smss.exe [628.644] ZwProtectVirtualMemory SSDT 866CC609 smss.exe [628.644] ZwQueryDirectoryFile SSDT sphj.sys smss.exe [628.644] ZwQueryKey [0xF740220A] SSDT 866CB9A2 smss.exe [628.644] ZwQuerySystemInformation SSDT sphj.sys smss.exe [628.644] ZwQueryValueKey [0xF740208A] SSDT 866CC346 smss.exe [628.644] ZwReadVirtualMemory SSDT 866CBD48 smss.exe [628.644] ZwSetContextThread SSDT 866CC0DB smss.exe [628.644] ZwSetValueKey SSDT 866C9D8D smss.exe [628.644] ZwShutdownSystem SSDT 866CBCD5 smss.exe [628.644] ZwSuspendThread SSDT 866CBC62 smss.exe [628.644] ZwTerminateThread SSDT 866CC3BC smss.exe [628.644] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread smss.exe [628:648] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys smss.exe [628.648] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED smss.exe [628.648] ZwDeleteValueKey SSDT 866CBE85 smss.exe [628.648] ZwEnumerateKey SSDT 866CBF9E smss.exe [628.648] ZwEnumerateValueKey SSDT 866CBDBB smss.exe [628.648] ZwOpenKey SSDT 866CBAF5 smss.exe [628.648] ZwOpenProcess SSDT 866CBB7D smss.exe [628.648] ZwOpenThread SSDT 866CC432 smss.exe [628.648] ZwProtectVirtualMemory SSDT 866CC609 smss.exe [628.648] ZwQueryDirectoryFile SSDT sphj.sys smss.exe [628.648] ZwQueryKey [0xF740220A] SSDT 866CB9A2 smss.exe [628.648] ZwQuerySystemInformation SSDT sphj.sys smss.exe [628.648] ZwQueryValueKey [0xF740208A] SSDT 866CC346 smss.exe [628.648] ZwReadVirtualMemory SSDT 866CBD48 smss.exe [628.648] ZwSetContextThread SSDT 866CC0DB smss.exe [628.648] ZwSetValueKey SSDT 866C9D8D smss.exe [628.648] ZwShutdownSystem SSDT 866CBCD5 smss.exe [628.648] ZwSuspendThread SSDT 866CBC62 smss.exe [628.648] ZwTerminateThread SSDT 866CC3BC smss.exe [628.648] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread csrss.exe [692:704] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys csrss.exe [692.704] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED csrss.exe [692.704] ZwDeleteValueKey SSDT 866CBE85 csrss.exe [692.704] ZwEnumerateKey SSDT 866CBF9E csrss.exe [692.704] ZwEnumerateValueKey SSDT 866CBDBB csrss.exe [692.704] ZwOpenKey SSDT 866CBAF5 csrss.exe [692.704] ZwOpenProcess SSDT 866CBB7D csrss.exe [692.704] ZwOpenThread SSDT 866CC432 csrss.exe [692.704] ZwProtectVirtualMemory SSDT 866CC609 csrss.exe [692.704] ZwQueryDirectoryFile SSDT sphj.sys csrss.exe [692.704] ZwQueryKey [0xF740220A] SSDT 866CB9A2 csrss.exe [692.704] ZwQuerySystemInformation SSDT sphj.sys csrss.exe [692.704] ZwQueryValueKey [0xF740208A] SSDT 866CC346 csrss.exe [692.704] ZwReadVirtualMemory SSDT 866CBD48 csrss.exe [692.704] ZwSetContextThread SSDT 866CC0DB csrss.exe [692.704] ZwSetValueKey SSDT 866C9D8D csrss.exe [692.704] ZwShutdownSystem SSDT 866CBCD5 csrss.exe [692.704] ZwSuspendThread SSDT 866CBC62 csrss.exe [692.704] ZwTerminateThread SSDT 866CC3BC csrss.exe [692.704] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread csrss.exe [692:708] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys csrss.exe [692.708] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED csrss.exe [692.708] ZwDeleteValueKey SSDT 866CBE85 csrss.exe [692.708] ZwEnumerateKey SSDT 866CBF9E csrss.exe [692.708] ZwEnumerateValueKey SSDT 866CBDBB csrss.exe [692.708] ZwOpenKey SSDT 866CBAF5 csrss.exe [692.708] ZwOpenProcess SSDT 866CBB7D csrss.exe [692.708] ZwOpenThread SSDT 866CC432 csrss.exe [692.708] ZwProtectVirtualMemory SSDT 866CC609 csrss.exe [692.708] ZwQueryDirectoryFile SSDT sphj.sys csrss.exe [692.708] ZwQueryKey [0xF740220A] SSDT 866CB9A2 csrss.exe [692.708] ZwQuerySystemInformation SSDT sphj.sys csrss.exe [692.708] ZwQueryValueKey [0xF740208A] SSDT 866CC346 csrss.exe [692.708] ZwReadVirtualMemory SSDT 866CBD48 csrss.exe [692.708] ZwSetContextThread SSDT 866CC0DB csrss.exe [692.708] ZwSetValueKey SSDT 866C9D8D csrss.exe [692.708] ZwShutdownSystem SSDT 866CBCD5 csrss.exe [692.708] ZwSuspendThread SSDT 866CBC62 csrss.exe [692.708] ZwTerminateThread SSDT 866CC3BC csrss.exe [692.708] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread csrss.exe [692:712] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys csrss.exe [692.712] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED csrss.exe [692.712] ZwDeleteValueKey SSDT 866CBE85 csrss.exe [692.712] ZwEnumerateKey SSDT 866CBF9E csrss.exe [692.712] ZwEnumerateValueKey SSDT 866CBDBB csrss.exe [692.712] ZwOpenKey SSDT 866CBAF5 csrss.exe [692.712] ZwOpenProcess SSDT 866CBB7D csrss.exe [692.712] ZwOpenThread SSDT 866CC432 csrss.exe [692.712] ZwProtectVirtualMemory SSDT 866CC609 csrss.exe [692.712] ZwQueryDirectoryFile SSDT sphj.sys csrss.exe [692.712] ZwQueryKey [0xF740220A] SSDT 866CB9A2 csrss.exe [692.712] ZwQuerySystemInformation SSDT sphj.sys csrss.exe [692.712] ZwQueryValueKey [0xF740208A] SSDT 866CC346 csrss.exe [692.712] ZwReadVirtualMemory SSDT 866CBD48 csrss.exe [692.712] ZwSetContextThread SSDT 866CC0DB csrss.exe [692.712] ZwSetValueKey SSDT 866C9D8D csrss.exe [692.712] ZwShutdownSystem SSDT 866CBCD5 csrss.exe [692.712] ZwSuspendThread SSDT 866CBC62 csrss.exe [692.712] ZwTerminateThread SSDT 866CC3BC csrss.exe [692.712] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread csrss.exe [692:716] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys csrss.exe [692.716] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED csrss.exe [692.716] ZwDeleteValueKey SSDT 866CBE85 csrss.exe [692.716] ZwEnumerateKey SSDT 866CBF9E csrss.exe [692.716] ZwEnumerateValueKey SSDT 866CBDBB csrss.exe [692.716] ZwOpenKey SSDT 866CBAF5 csrss.exe [692.716] ZwOpenProcess SSDT 866CBB7D csrss.exe [692.716] ZwOpenThread SSDT 866CC432 csrss.exe [692.716] ZwProtectVirtualMemory SSDT 866CC609 csrss.exe [692.716] ZwQueryDirectoryFile SSDT sphj.sys csrss.exe [692.716] ZwQueryKey [0xF740220A] SSDT 866CB9A2 csrss.exe [692.716] ZwQuerySystemInformation SSDT sphj.sys csrss.exe [692.716] ZwQueryValueKey [0xF740208A] SSDT 866CC346 csrss.exe [692.716] ZwReadVirtualMemory SSDT 866CBD48 csrss.exe [692.716] ZwSetContextThread SSDT 866CC0DB csrss.exe [692.716] ZwSetValueKey SSDT 866C9D8D csrss.exe [692.716] ZwShutdownSystem SSDT 866CBCD5 csrss.exe [692.716] ZwSuspendThread SSDT 866CBC62 csrss.exe [692.716] ZwTerminateThread SSDT 866CC3BC csrss.exe [692.716] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread csrss.exe [692:728] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys csrss.exe [692.728] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED csrss.exe [692.728] ZwDeleteValueKey SSDT 866CBE85 csrss.exe [692.728] ZwEnumerateKey SSDT 866CBF9E csrss.exe [692.728] ZwEnumerateValueKey SSDT 866CBDBB csrss.exe [692.728] ZwOpenKey SSDT 866CBAF5 csrss.exe [692.728] ZwOpenProcess SSDT 866CBB7D csrss.exe [692.728] ZwOpenThread SSDT 866CC432 csrss.exe [692.728] ZwProtectVirtualMemory SSDT 866CC609 csrss.exe [692.728] ZwQueryDirectoryFile SSDT sphj.sys csrss.exe [692.728] ZwQueryKey [0xF740220A] SSDT 866CB9A2 csrss.exe [692.728] ZwQuerySystemInformation SSDT sphj.sys csrss.exe [692.728] ZwQueryValueKey [0xF740208A] SSDT 866CC346 csrss.exe [692.728] ZwReadVirtualMemory SSDT 866CBD48 csrss.exe [692.728] ZwSetContextThread SSDT 866CC0DB csrss.exe [692.728] ZwSetValueKey SSDT 866C9D8D csrss.exe [692.728] ZwShutdownSystem SSDT 866CBCD5 csrss.exe [692.728] ZwSuspendThread SSDT 866CBC62 csrss.exe [692.728] ZwTerminateThread SSDT 866CC3BC csrss.exe [692.728] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread csrss.exe [692:732] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys csrss.exe [692.732] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED csrss.exe [692.732] ZwDeleteValueKey SSDT 866CBE85 csrss.exe [692.732] ZwEnumerateKey SSDT 866CBF9E csrss.exe [692.732] ZwEnumerateValueKey SSDT 866CBDBB csrss.exe [692.732] ZwOpenKey SSDT 866CBAF5 csrss.exe [692.732] ZwOpenProcess SSDT 866CBB7D csrss.exe [692.732] ZwOpenThread SSDT 866CC432 csrss.exe [692.732] ZwProtectVirtualMemory SSDT 866CC609 csrss.exe [692.732] ZwQueryDirectoryFile SSDT sphj.sys csrss.exe [692.732] ZwQueryKey [0xF740220A] SSDT 866CB9A2 csrss.exe [692.732] ZwQuerySystemInformation SSDT sphj.sys csrss.exe [692.732] ZwQueryValueKey [0xF740208A] SSDT 866CC346 csrss.exe [692.732] ZwReadVirtualMemory SSDT 866CBD48 csrss.exe [692.732] ZwSetContextThread SSDT 866CC0DB csrss.exe [692.732] ZwSetValueKey SSDT 866C9D8D csrss.exe [692.732] ZwShutdownSystem SSDT 866CBCD5 csrss.exe [692.732] ZwSuspendThread SSDT 866CBC62 csrss.exe [692.732] ZwTerminateThread SSDT 866CC3BC csrss.exe [692.732] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread csrss.exe [692:736] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys csrss.exe [692.736] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED csrss.exe [692.736] ZwDeleteValueKey SSDT 866CBE85 csrss.exe [692.736] ZwEnumerateKey SSDT 866CBF9E csrss.exe [692.736] ZwEnumerateValueKey SSDT 866CBDBB csrss.exe [692.736] ZwOpenKey SSDT 866CBAF5 csrss.exe [692.736] ZwOpenProcess SSDT 866CBB7D csrss.exe [692.736] ZwOpenThread SSDT 866CC432 csrss.exe [692.736] ZwProtectVirtualMemory SSDT 866CC609 csrss.exe [692.736] ZwQueryDirectoryFile SSDT sphj.sys csrss.exe [692.736] ZwQueryKey [0xF740220A] SSDT 866CB9A2 csrss.exe [692.736] ZwQuerySystemInformation SSDT sphj.sys csrss.exe [692.736] ZwQueryValueKey [0xF740208A] SSDT 866CC346 csrss.exe [692.736] ZwReadVirtualMemory SSDT 866CBD48 csrss.exe [692.736] ZwSetContextThread SSDT 866CC0DB csrss.exe [692.736] ZwSetValueKey SSDT 866C9D8D csrss.exe [692.736] ZwShutdownSystem SSDT 866CBCD5 csrss.exe [692.736] ZwSuspendThread SSDT 866CBC62 csrss.exe [692.736] ZwTerminateThread SSDT 866CC3BC csrss.exe [692.736] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread csrss.exe [692:784] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys csrss.exe [692.784] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED csrss.exe [692.784] ZwDeleteValueKey SSDT 866CBE85 csrss.exe [692.784] ZwEnumerateKey SSDT 866CBF9E csrss.exe [692.784] ZwEnumerateValueKey SSDT 866CBDBB csrss.exe [692.784] ZwOpenKey SSDT 866CBAF5 csrss.exe [692.784] ZwOpenProcess SSDT 866CBB7D csrss.exe [692.784] ZwOpenThread SSDT 866CC432 csrss.exe [692.784] ZwProtectVirtualMemory SSDT 866CC609 csrss.exe [692.784] ZwQueryDirectoryFile SSDT sphj.sys csrss.exe [692.784] ZwQueryKey [0xF740220A] SSDT 866CB9A2 csrss.exe [692.784] ZwQuerySystemInformation SSDT sphj.sys csrss.exe [692.784] ZwQueryValueKey [0xF740208A] SSDT 866CC346 csrss.exe [692.784] ZwReadVirtualMemory SSDT 866CBD48 csrss.exe [692.784] ZwSetContextThread SSDT 866CC0DB csrss.exe [692.784] ZwSetValueKey SSDT 866C9D8D csrss.exe [692.784] ZwShutdownSystem SSDT 866CBCD5 csrss.exe [692.784] ZwSuspendThread SSDT 866CBC62 csrss.exe [692.784] ZwTerminateThread SSDT 866CC3BC csrss.exe [692.784] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread csrss.exe [692:484] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys csrss.exe [692.484] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED csrss.exe [692.484] ZwDeleteValueKey SSDT 866CBE85 csrss.exe [692.484] ZwEnumerateKey SSDT 866CBF9E csrss.exe [692.484] ZwEnumerateValueKey SSDT 866CBDBB csrss.exe [692.484] ZwOpenKey SSDT 866CBAF5 csrss.exe [692.484] ZwOpenProcess SSDT 866CBB7D csrss.exe [692.484] ZwOpenThread SSDT 866CC432 csrss.exe [692.484] ZwProtectVirtualMemory SSDT 866CC609 csrss.exe [692.484] ZwQueryDirectoryFile SSDT sphj.sys csrss.exe [692.484] ZwQueryKey [0xF740220A] SSDT 866CB9A2 csrss.exe [692.484] ZwQuerySystemInformation SSDT sphj.sys csrss.exe [692.484] ZwQueryValueKey [0xF740208A] SSDT 866CC346 csrss.exe [692.484] ZwReadVirtualMemory SSDT 866CBD48 csrss.exe [692.484] ZwSetContextThread SSDT 866CC0DB csrss.exe [692.484] ZwSetValueKey SSDT 866C9D8D csrss.exe [692.484] ZwShutdownSystem SSDT 866CBCD5 csrss.exe [692.484] ZwSuspendThread SSDT 866CBC62 csrss.exe [692.484] ZwTerminateThread SSDT 866CC3BC csrss.exe [692.484] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread csrss.exe [692:496] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys csrss.exe [692.496] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED csrss.exe [692.496] ZwDeleteValueKey SSDT 866CBE85 csrss.exe [692.496] ZwEnumerateKey SSDT 866CBF9E csrss.exe [692.496] ZwEnumerateValueKey SSDT 866CBDBB csrss.exe [692.496] ZwOpenKey SSDT 866CBAF5 csrss.exe [692.496] ZwOpenProcess SSDT 866CBB7D csrss.exe [692.496] ZwOpenThread SSDT 866CC432 csrss.exe [692.496] ZwProtectVirtualMemory SSDT 866CC609 csrss.exe [692.496] ZwQueryDirectoryFile SSDT sphj.sys csrss.exe [692.496] ZwQueryKey [0xF740220A] SSDT 866CB9A2 csrss.exe [692.496] ZwQuerySystemInformation SSDT sphj.sys csrss.exe [692.496] ZwQueryValueKey [0xF740208A] SSDT 866CC346 csrss.exe [692.496] ZwReadVirtualMemory SSDT 866CBD48 csrss.exe [692.496] ZwSetContextThread SSDT 866CC0DB csrss.exe [692.496] ZwSetValueKey SSDT 866C9D8D csrss.exe [692.496] ZwShutdownSystem SSDT 866CBCD5 csrss.exe [692.496] ZwSuspendThread SSDT 866CBC62 csrss.exe [692.496] ZwTerminateThread SSDT 866CC3BC csrss.exe [692.496] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread csrss.exe [692:1476] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys csrss.exe [692.1476] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED csrss.exe [692.1476] ZwDeleteValueKey SSDT 866CBE85 csrss.exe [692.1476] ZwEnumerateKey SSDT 866CBF9E csrss.exe [692.1476] ZwEnumerateValueKey SSDT 866CBDBB csrss.exe [692.1476] ZwOpenKey SSDT 866CBAF5 csrss.exe [692.1476] ZwOpenProcess SSDT 866CBB7D csrss.exe [692.1476] ZwOpenThread SSDT 866CC432 csrss.exe [692.1476] ZwProtectVirtualMemory SSDT 866CC609 csrss.exe [692.1476] ZwQueryDirectoryFile SSDT sphj.sys csrss.exe [692.1476] ZwQueryKey [0xF740220A] SSDT 866CB9A2 csrss.exe [692.1476] ZwQuerySystemInformation SSDT sphj.sys csrss.exe [692.1476] ZwQueryValueKey [0xF740208A] SSDT 866CC346 csrss.exe [692.1476] ZwReadVirtualMemory SSDT 866CBD48 csrss.exe [692.1476] ZwSetContextThread SSDT 866CC0DB csrss.exe [692.1476] ZwSetValueKey SSDT 866C9D8D csrss.exe [692.1476] ZwShutdownSystem SSDT 866CBCD5 csrss.exe [692.1476] ZwSuspendThread SSDT 866CBC62 csrss.exe [692.1476] ZwTerminateThread SSDT 866CC3BC csrss.exe [692.1476] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:724] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.724] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.724] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.724] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.724] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.724] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.724] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.724] ZwOpenThread SSDT 866CC432 winlogon.exe [720.724] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.724] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.724] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.724] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.724] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.724] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.724] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.724] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.724] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.724] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.724] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.724] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:744] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.744] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.744] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.744] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.744] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.744] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.744] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.744] ZwOpenThread SSDT 866CC432 winlogon.exe [720.744] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.744] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.744] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.744] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.744] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.744] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.744] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.744] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.744] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.744] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.744] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.744] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:748] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.748] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.748] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.748] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.748] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.748] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.748] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.748] ZwOpenThread SSDT 866CC432 winlogon.exe [720.748] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.748] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.748] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.748] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.748] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.748] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.748] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.748] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.748] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.748] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.748] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.748] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:752] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.752] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.752] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.752] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.752] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.752] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.752] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.752] ZwOpenThread SSDT 866CC432 winlogon.exe [720.752] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.752] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.752] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.752] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.752] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.752] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.752] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.752] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.752] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.752] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.752] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.752] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:756] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.756] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.756] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.756] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.756] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.756] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.756] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.756] ZwOpenThread SSDT 866CC432 winlogon.exe [720.756] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.756] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.756] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.756] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.756] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.756] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.756] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.756] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.756] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.756] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.756] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.756] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:760] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.760] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.760] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.760] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.760] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.760] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.760] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.760] ZwOpenThread SSDT 866CC432 winlogon.exe [720.760] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.760] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.760] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.760] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.760] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.760] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.760] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.760] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.760] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.760] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.760] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.760] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:772] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.772] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.772] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.772] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.772] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.772] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.772] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.772] ZwOpenThread SSDT 866CC432 winlogon.exe [720.772] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.772] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.772] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.772] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.772] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.772] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.772] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.772] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.772] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.772] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.772] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.772] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:1064] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.1064] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.1064] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.1064] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.1064] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.1064] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.1064] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.1064] ZwOpenThread SSDT 866CC432 winlogon.exe [720.1064] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.1064] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.1064] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.1064] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.1064] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.1064] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.1064] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.1064] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.1064] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.1064] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.1064] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.1064] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:1068] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.1068] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.1068] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.1068] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.1068] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.1068] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.1068] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.1068] ZwOpenThread SSDT 866CC432 winlogon.exe [720.1068] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.1068] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.1068] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.1068] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.1068] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.1068] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.1068] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.1068] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.1068] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.1068] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.1068] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.1068] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:1072] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.1072] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.1072] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.1072] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.1072] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.1072] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.1072] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.1072] ZwOpenThread SSDT 866CC432 winlogon.exe [720.1072] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.1072] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.1072] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.1072] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.1072] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.1072] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.1072] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.1072] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.1072] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.1072] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.1072] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.1072] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:1076] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.1076] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.1076] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.1076] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.1076] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.1076] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.1076] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.1076] ZwOpenThread SSDT 866CC432 winlogon.exe [720.1076] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.1076] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.1076] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.1076] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.1076] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.1076] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.1076] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.1076] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.1076] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.1076] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.1076] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.1076] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:1244] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.1244] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.1244] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.1244] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.1244] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.1244] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.1244] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.1244] ZwOpenThread SSDT 866CC432 winlogon.exe [720.1244] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.1244] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.1244] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.1244] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.1244] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.1244] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.1244] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.1244] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.1244] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.1244] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.1244] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.1244] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:1248] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.1248] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.1248] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.1248] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.1248] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.1248] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.1248] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.1248] ZwOpenThread SSDT 866CC432 winlogon.exe [720.1248] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.1248] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.1248] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.1248] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.1248] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.1248] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.1248] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.1248] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.1248] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.1248] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.1248] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.1248] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:1256] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.1256] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.1256] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.1256] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.1256] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.1256] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.1256] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.1256] ZwOpenThread SSDT 866CC432 winlogon.exe [720.1256] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.1256] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.1256] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.1256] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.1256] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.1256] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.1256] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.1256] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.1256] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.1256] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.1256] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.1256] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:1260] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.1260] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.1260] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.1260] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.1260] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.1260] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.1260] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.1260] ZwOpenThread SSDT 866CC432 winlogon.exe [720.1260] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.1260] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.1260] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.1260] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.1260] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.1260] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.1260] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.1260] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.1260] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.1260] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.1260] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.1260] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:620] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.620] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.620] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.620] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.620] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.620] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.620] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.620] ZwOpenThread SSDT 866CC432 winlogon.exe [720.620] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.620] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.620] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.620] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.620] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.620] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.620] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.620] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.620] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.620] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.620] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.620] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:640] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.640] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.640] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.640] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.640] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.640] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.640] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.640] ZwOpenThread SSDT 866CC432 winlogon.exe [720.640] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.640] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.640] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.640] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.640] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.640] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.640] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.640] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.640] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.640] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.640] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.640] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:1016] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.1016] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.1016] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.1016] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.1016] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.1016] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.1016] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.1016] ZwOpenThread SSDT 866CC432 winlogon.exe [720.1016] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.1016] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.1016] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.1016] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.1016] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.1016] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.1016] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.1016] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.1016] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.1016] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.1016] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.1016] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:1024] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.1024] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.1024] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.1024] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.1024] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.1024] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.1024] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.1024] ZwOpenThread SSDT 866CC432 winlogon.exe [720.1024] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.1024] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.1024] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.1024] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.1024] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.1024] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.1024] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.1024] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.1024] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.1024] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.1024] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.1024] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:996] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.996] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.996] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.996] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.996] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.996] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.996] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.996] ZwOpenThread SSDT 866CC432 winlogon.exe [720.996] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.996] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.996] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.996] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.996] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.996] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.996] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.996] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.996] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.996] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.996] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.996] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:240] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.240] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.240] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.240] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.240] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.240] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.240] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.240] ZwOpenThread SSDT 866CC432 winlogon.exe [720.240] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.240] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.240] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.240] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.240] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.240] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.240] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.240] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.240] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.240] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.240] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.240] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:3512] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.3512] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.3512] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.3512] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.3512] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.3512] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.3512] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.3512] ZwOpenThread SSDT 866CC432 winlogon.exe [720.3512] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.3512] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.3512] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.3512] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.3512] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.3512] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.3512] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.3512] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.3512] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.3512] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.3512] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.3512] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:2528] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.2528] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.2528] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.2528] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.2528] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.2528] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.2528] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.2528] ZwOpenThread SSDT 866CC432 winlogon.exe [720.2528] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.2528] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.2528] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.2528] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.2528] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.2528] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.2528] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.2528] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.2528] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.2528] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.2528] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.2528] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:2768] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.2768] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.2768] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.2768] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.2768] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.2768] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.2768] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.2768] ZwOpenThread SSDT 866CC432 winlogon.exe [720.2768] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.2768] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.2768] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.2768] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.2768] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.2768] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.2768] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.2768] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.2768] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.2768] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.2768] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.2768] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [720:5272] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys winlogon.exe [720.5272] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED winlogon.exe [720.5272] ZwDeleteValueKey SSDT 866CBE85 winlogon.exe [720.5272] ZwEnumerateKey SSDT 866CBF9E winlogon.exe [720.5272] ZwEnumerateValueKey SSDT 866CBDBB winlogon.exe [720.5272] ZwOpenKey SSDT 866CBAF5 winlogon.exe [720.5272] ZwOpenProcess SSDT 866CBB7D winlogon.exe [720.5272] ZwOpenThread SSDT 866CC432 winlogon.exe [720.5272] ZwProtectVirtualMemory SSDT 866CC609 winlogon.exe [720.5272] ZwQueryDirectoryFile SSDT sphj.sys winlogon.exe [720.5272] ZwQueryKey [0xF740220A] SSDT 866CB9A2 winlogon.exe [720.5272] ZwQuerySystemInformation SSDT sphj.sys winlogon.exe [720.5272] ZwQueryValueKey [0xF740208A] SSDT 866CC346 winlogon.exe [720.5272] ZwReadVirtualMemory SSDT 866CBD48 winlogon.exe [720.5272] ZwSetContextThread SSDT 866CC0DB winlogon.exe [720.5272] ZwSetValueKey SSDT 866C9D8D winlogon.exe [720.5272] ZwShutdownSystem SSDT 866CBCD5 winlogon.exe [720.5272] ZwSuspendThread SSDT 866CBC62 winlogon.exe [720.5272] ZwTerminateThread SSDT 866CC3BC winlogon.exe [720.5272] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread services.exe [764:788] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys services.exe [764.788] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED services.exe [764.788] ZwDeleteValueKey SSDT 866CBE85 services.exe [764.788] ZwEnumerateKey SSDT 866CBF9E services.exe [764.788] ZwEnumerateValueKey SSDT 866CBDBB services.exe [764.788] ZwOpenKey SSDT 866CBAF5 services.exe [764.788] ZwOpenProcess SSDT 866CBB7D services.exe [764.788] ZwOpenThread SSDT 866CC432 services.exe [764.788] ZwProtectVirtualMemory SSDT 866CC609 services.exe [764.788] ZwQueryDirectoryFile SSDT sphj.sys services.exe [764.788] ZwQueryKey [0xF740220A] SSDT 866CB9A2 services.exe [764.788] ZwQuerySystemInformation SSDT sphj.sys services.exe [764.788] ZwQueryValueKey [0xF740208A] SSDT 866CC346 services.exe [764.788] ZwReadVirtualMemory SSDT 866CBD48 services.exe [764.788] ZwSetContextThread SSDT 866CC0DB services.exe [764.788] ZwSetValueKey SSDT 866C9D8D services.exe [764.788] ZwShutdownSystem SSDT 866CBCD5 services.exe [764.788] ZwSuspendThread SSDT 866CBC62 services.exe [764.788] ZwTerminateThread SSDT 866CC3BC services.exe [764.788] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread services.exe [764:792] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys services.exe [764.792] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED services.exe [764.792] ZwDeleteValueKey SSDT 866CBE85 services.exe [764.792] ZwEnumerateKey SSDT 866CBF9E services.exe [764.792] ZwEnumerateValueKey SSDT 866CBDBB services.exe [764.792] ZwOpenKey SSDT 866CBAF5 services.exe [764.792] ZwOpenProcess SSDT 866CBB7D services.exe [764.792] ZwOpenThread SSDT 866CC432 services.exe [764.792] ZwProtectVirtualMemory SSDT 866CC609 services.exe [764.792] ZwQueryDirectoryFile SSDT sphj.sys services.exe [764.792] ZwQueryKey [0xF740220A] SSDT 866CB9A2 services.exe [764.792] ZwQuerySystemInformation SSDT sphj.sys services.exe [764.792] ZwQueryValueKey [0xF740208A] SSDT 866CC346 services.exe [764.792] ZwReadVirtualMemory SSDT 866CBD48 services.exe [764.792] ZwSetContextThread SSDT 866CC0DB services.exe [764.792] ZwSetValueKey SSDT 866C9D8D services.exe [764.792] ZwShutdownSystem SSDT 866CBCD5 services.exe [764.792] ZwSuspendThread SSDT 866CBC62 services.exe [764.792] ZwTerminateThread SSDT 866CC3BC services.exe [764.792] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread services.exe [764:796] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys services.exe [764.796] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED services.exe [764.796] ZwDeleteValueKey SSDT 866CBE85 services.exe [764.796] ZwEnumerateKey SSDT 866CBF9E services.exe [764.796] ZwEnumerateValueKey SSDT 866CBDBB services.exe [764.796] ZwOpenKey SSDT 866CBAF5 services.exe [764.796] ZwOpenProcess SSDT 866CBB7D services.exe [764.796] ZwOpenThread SSDT 866CC432 services.exe [764.796] ZwProtectVirtualMemory SSDT 866CC609 services.exe [764.796] ZwQueryDirectoryFile SSDT sphj.sys services.exe [764.796] ZwQueryKey [0xF740220A] SSDT 866CB9A2 services.exe [764.796] ZwQuerySystemInformation SSDT sphj.sys services.exe [764.796] ZwQueryValueKey [0xF740208A] SSDT 866CC346 services.exe [764.796] ZwReadVirtualMemory SSDT 866CBD48 services.exe [764.796] ZwSetContextThread SSDT 866CC0DB services.exe [764.796] ZwSetValueKey SSDT 866C9D8D services.exe [764.796] ZwShutdownSystem SSDT 866CBCD5 services.exe [764.796] ZwSuspendThread SSDT 866CBC62 services.exe [764.796] ZwTerminateThread SSDT 866CC3BC services.exe [764.796] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread services.exe [764:916] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys services.exe [764.916] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED services.exe [764.916] ZwDeleteValueKey SSDT 866CBE85 services.exe [764.916] ZwEnumerateKey SSDT 866CBF9E services.exe [764.916] ZwEnumerateValueKey SSDT 866CBDBB services.exe [764.916] ZwOpenKey SSDT 866CBAF5 services.exe [764.916] ZwOpenProcess SSDT 866CBB7D services.exe [764.916] ZwOpenThread SSDT 866CC432 services.exe [764.916] ZwProtectVirtualMemory SSDT 866CC609 services.exe [764.916] ZwQueryDirectoryFile SSDT sphj.sys services.exe [764.916] ZwQueryKey [0xF740220A] SSDT 866CB9A2 services.exe [764.916] ZwQuerySystemInformation SSDT sphj.sys services.exe [764.916] ZwQueryValueKey [0xF740208A] SSDT 866CC346 services.exe [764.916] ZwReadVirtualMemory SSDT 866CBD48 services.exe [764.916] ZwSetContextThread SSDT 866CC0DB services.exe [764.916] ZwSetValueKey SSDT 866C9D8D services.exe [764.916] ZwShutdownSystem SSDT 866CBCD5 services.exe [764.916] ZwSuspendThread SSDT 866CBC62 services.exe [764.916] ZwTerminateThread SSDT 866CC3BC services.exe [764.916] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread services.exe [764:924] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys services.exe [764.924] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED services.exe [764.924] ZwDeleteValueKey SSDT 866CBE85 services.exe [764.924] ZwEnumerateKey SSDT 866CBF9E services.exe [764.924] ZwEnumerateValueKey SSDT 866CBDBB services.exe [764.924] ZwOpenKey SSDT 866CBAF5 services.exe [764.924] ZwOpenProcess SSDT 866CBB7D services.exe [764.924] ZwOpenThread SSDT 866CC432 services.exe [764.924] ZwProtectVirtualMemory SSDT 866CC609 services.exe [764.924] ZwQueryDirectoryFile SSDT sphj.sys services.exe [764.924] ZwQueryKey [0xF740220A] SSDT 866CB9A2 services.exe [764.924] ZwQuerySystemInformation SSDT sphj.sys services.exe [764.924] ZwQueryValueKey [0xF740208A] SSDT 866CC346 services.exe [764.924] ZwReadVirtualMemory SSDT 866CBD48 services.exe [764.924] ZwSetContextThread SSDT 866CC0DB services.exe [764.924] ZwSetValueKey SSDT 866C9D8D services.exe [764.924] ZwShutdownSystem SSDT 866CBCD5 services.exe [764.924] ZwSuspendThread SSDT 866CBC62 services.exe [764.924] ZwTerminateThread SSDT 866CC3BC services.exe [764.924] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread services.exe [764:932] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys services.exe [764.932] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED services.exe [764.932] ZwDeleteValueKey SSDT 866CBE85 services.exe [764.932] ZwEnumerateKey SSDT 866CBF9E services.exe [764.932] ZwEnumerateValueKey SSDT 866CBDBB services.exe [764.932] ZwOpenKey SSDT 866CBAF5 services.exe [764.932] ZwOpenProcess SSDT 866CBB7D services.exe [764.932] ZwOpenThread SSDT 866CC432 services.exe [764.932] ZwProtectVirtualMemory SSDT 866CC609 services.exe [764.932] ZwQueryDirectoryFile SSDT sphj.sys services.exe [764.932] ZwQueryKey [0xF740220A] SSDT 866CB9A2 services.exe [764.932] ZwQuerySystemInformation SSDT sphj.sys services.exe [764.932] ZwQueryValueKey [0xF740208A] SSDT 866CC346 services.exe [764.932] ZwReadVirtualMemory SSDT 866CBD48 services.exe [764.932] ZwSetContextThread SSDT 866CC0DB services.exe [764.932] ZwSetValueKey SSDT 866C9D8D services.exe [764.932] ZwShutdownSystem SSDT 866CBCD5 services.exe [764.932] ZwSuspendThread SSDT 866CBC62 services.exe [764.932] ZwTerminateThread SSDT 866CC3BC services.exe [764.932] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread services.exe [764:1000] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys services.exe [764.1000] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED services.exe [764.1000] ZwDeleteValueKey SSDT 866CBE85 services.exe [764.1000] ZwEnumerateKey SSDT 866CBF9E services.exe [764.1000] ZwEnumerateValueKey SSDT 866CBDBB services.exe [764.1000] ZwOpenKey SSDT 866CBAF5 services.exe [764.1000] ZwOpenProcess SSDT 866CBB7D services.exe [764.1000] ZwOpenThread SSDT 866CC432 services.exe [764.1000] ZwProtectVirtualMemory SSDT 866CC609 services.exe [764.1000] ZwQueryDirectoryFile SSDT sphj.sys services.exe [764.1000] ZwQueryKey [0xF740220A] SSDT 866CB9A2 services.exe [764.1000] ZwQuerySystemInformation SSDT sphj.sys services.exe [764.1000] ZwQueryValueKey [0xF740208A] SSDT 866CC346 services.exe [764.1000] ZwReadVirtualMemory SSDT 866CBD48 services.exe [764.1000] ZwSetContextThread SSDT 866CC0DB services.exe [764.1000] ZwSetValueKey SSDT 866C9D8D services.exe [764.1000] ZwShutdownSystem SSDT 866CBCD5 services.exe [764.1000] ZwSuspendThread SSDT 866CBC62 services.exe [764.1000] ZwTerminateThread SSDT 866CC3BC services.exe [764.1000] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread services.exe [764:1060] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys services.exe [764.1060] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED services.exe [764.1060] ZwDeleteValueKey SSDT 866CBE85 services.exe [764.1060] ZwEnumerateKey SSDT 866CBF9E services.exe [764.1060] ZwEnumerateValueKey SSDT 866CBDBB services.exe [764.1060] ZwOpenKey SSDT 866CBAF5 services.exe [764.1060] ZwOpenProcess SSDT 866CBB7D services.exe [764.1060] ZwOpenThread SSDT 866CC432 services.exe [764.1060] ZwProtectVirtualMemory SSDT 866CC609 services.exe [764.1060] ZwQueryDirectoryFile SSDT sphj.sys services.exe [764.1060] ZwQueryKey [0xF740220A] SSDT 866CB9A2 services.exe [764.1060] ZwQuerySystemInformation SSDT sphj.sys services.exe [764.1060] ZwQueryValueKey [0xF740208A] SSDT 866CC346 services.exe [764.1060] ZwReadVirtualMemory SSDT 866CBD48 services.exe [764.1060] ZwSetContextThread SSDT 866CC0DB services.exe [764.1060] ZwSetValueKey SSDT 866C9D8D services.exe [764.1060] ZwShutdownSystem SSDT 866CBCD5 services.exe [764.1060] ZwSuspendThread SSDT 866CBC62 services.exe [764.1060] ZwTerminateThread SSDT 866CC3BC services.exe [764.1060] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread services.exe [764:1316] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys services.exe [764.1316] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED services.exe [764.1316] ZwDeleteValueKey SSDT 866CBE85 services.exe [764.1316] ZwEnumerateKey SSDT 866CBF9E services.exe [764.1316] ZwEnumerateValueKey SSDT 866CBDBB services.exe [764.1316] ZwOpenKey SSDT 866CBAF5 services.exe [764.1316] ZwOpenProcess SSDT 866CBB7D services.exe [764.1316] ZwOpenThread SSDT 866CC432 services.exe [764.1316] ZwProtectVirtualMemory SSDT 866CC609 services.exe [764.1316] ZwQueryDirectoryFile SSDT sphj.sys services.exe [764.1316] ZwQueryKey [0xF740220A] SSDT 866CB9A2 services.exe [764.1316] ZwQuerySystemInformation SSDT sphj.sys services.exe [764.1316] ZwQueryValueKey [0xF740208A] SSDT 866CC346 services.exe [764.1316] ZwReadVirtualMemory SSDT 866CBD48 services.exe [764.1316] ZwSetContextThread SSDT 866CC0DB services.exe [764.1316] ZwSetValueKey SSDT 866C9D8D services.exe [764.1316] ZwShutdownSystem SSDT 866CBCD5 services.exe [764.1316] ZwSuspendThread SSDT 866CBC62 services.exe [764.1316] ZwTerminateThread SSDT 866CC3BC services.exe [764.1316] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread services.exe [764:1324] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys services.exe [764.1324] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED services.exe [764.1324] ZwDeleteValueKey SSDT 866CBE85 services.exe [764.1324] ZwEnumerateKey SSDT 866CBF9E services.exe [764.1324] ZwEnumerateValueKey SSDT 866CBDBB services.exe [764.1324] ZwOpenKey SSDT 866CBAF5 services.exe [764.1324] ZwOpenProcess SSDT 866CBB7D services.exe [764.1324] ZwOpenThread SSDT 866CC432 services.exe [764.1324] ZwProtectVirtualMemory SSDT 866CC609 services.exe [764.1324] ZwQueryDirectoryFile SSDT sphj.sys services.exe [764.1324] ZwQueryKey [0xF740220A] SSDT 866CB9A2 services.exe [764.1324] ZwQuerySystemInformation SSDT sphj.sys services.exe [764.1324] ZwQueryValueKey [0xF740208A] SSDT 866CC346 services.exe [764.1324] ZwReadVirtualMemory SSDT 866CBD48 services.exe [764.1324] ZwSetContextThread SSDT 866CC0DB services.exe [764.1324] ZwSetValueKey SSDT 866C9D8D services.exe [764.1324] ZwShutdownSystem SSDT 866CBCD5 services.exe [764.1324] ZwSuspendThread SSDT 866CBC62 services.exe [764.1324] ZwTerminateThread SSDT 866CC3BC services.exe [764.1324] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread services.exe [764:1328] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys services.exe [764.1328] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED services.exe [764.1328] ZwDeleteValueKey SSDT 866CBE85 services.exe [764.1328] ZwEnumerateKey SSDT 866CBF9E services.exe [764.1328] ZwEnumerateValueKey SSDT 866CBDBB services.exe [764.1328] ZwOpenKey SSDT 866CBAF5 services.exe [764.1328] ZwOpenProcess SSDT 866CBB7D services.exe [764.1328] ZwOpenThread SSDT 866CC432 services.exe [764.1328] ZwProtectVirtualMemory SSDT 866CC609 services.exe [764.1328] ZwQueryDirectoryFile SSDT sphj.sys services.exe [764.1328] ZwQueryKey [0xF740220A] SSDT 866CB9A2 services.exe [764.1328] ZwQuerySystemInformation SSDT sphj.sys services.exe [764.1328] ZwQueryValueKey [0xF740208A] SSDT 866CC346 services.exe [764.1328] ZwReadVirtualMemory SSDT 866CBD48 services.exe [764.1328] ZwSetContextThread SSDT 866CC0DB services.exe [764.1328] ZwSetValueKey SSDT 866C9D8D services.exe [764.1328] ZwShutdownSystem SSDT 866CBCD5 services.exe [764.1328] ZwSuspendThread SSDT 866CBC62 services.exe [764.1328] ZwTerminateThread SSDT 866CC3BC services.exe [764.1328] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread services.exe [764:1584] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys services.exe [764.1584] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED services.exe [764.1584] ZwDeleteValueKey SSDT 866CBE85 services.exe [764.1584] ZwEnumerateKey SSDT 866CBF9E services.exe [764.1584] ZwEnumerateValueKey SSDT 866CBDBB services.exe [764.1584] ZwOpenKey SSDT 866CBAF5 services.exe [764.1584] ZwOpenProcess SSDT 866CBB7D services.exe [764.1584] ZwOpenThread SSDT 866CC432 services.exe [764.1584] ZwProtectVirtualMemory SSDT 866CC609 services.exe [764.1584] ZwQueryDirectoryFile SSDT sphj.sys services.exe [764.1584] ZwQueryKey [0xF740220A] SSDT 866CB9A2 services.exe [764.1584] ZwQuerySystemInformation SSDT sphj.sys services.exe [764.1584] ZwQueryValueKey [0xF740208A] SSDT 866CC346 services.exe [764.1584] ZwReadVirtualMemory SSDT 866CBD48 services.exe [764.1584] ZwSetContextThread SSDT 866CC0DB services.exe [764.1584] ZwSetValueKey SSDT 866C9D8D services.exe [764.1584] ZwShutdownSystem SSDT 866CBCD5 services.exe [764.1584] ZwSuspendThread SSDT 866CBC62 services.exe [764.1584] ZwTerminateThread SSDT 866CC3BC services.exe [764.1584] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread services.exe [764:1820] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys services.exe [764.1820] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED services.exe [764.1820] ZwDeleteValueKey SSDT 866CBE85 services.exe [764.1820] ZwEnumerateKey SSDT 866CBF9E services.exe [764.1820] ZwEnumerateValueKey SSDT 866CBDBB services.exe [764.1820] ZwOpenKey SSDT 866CBAF5 services.exe [764.1820] ZwOpenProcess SSDT 866CBB7D services.exe [764.1820] ZwOpenThread SSDT 866CC432 services.exe [764.1820] ZwProtectVirtualMemory SSDT 866CC609 services.exe [764.1820] ZwQueryDirectoryFile SSDT sphj.sys services.exe [764.1820] ZwQueryKey [0xF740220A] SSDT 866CB9A2 services.exe [764.1820] ZwQuerySystemInformation SSDT sphj.sys services.exe [764.1820] ZwQueryValueKey [0xF740208A] SSDT 866CC346 services.exe [764.1820] ZwReadVirtualMemory SSDT 866CBD48 services.exe [764.1820] ZwSetContextThread SSDT 866CC0DB services.exe [764.1820] ZwSetValueKey SSDT 866C9D8D services.exe [764.1820] ZwShutdownSystem SSDT 866CBCD5 services.exe [764.1820] ZwSuspendThread SSDT 866CBC62 services.exe [764.1820] ZwTerminateThread SSDT 866CC3BC services.exe [764.1820] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread services.exe [764:592] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys services.exe [764.592] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED services.exe [764.592] ZwDeleteValueKey SSDT 866CBE85 services.exe [764.592] ZwEnumerateKey SSDT 866CBF9E services.exe [764.592] ZwEnumerateValueKey SSDT 866CBDBB services.exe [764.592] ZwOpenKey SSDT 866CBAF5 services.exe [764.592] ZwOpenProcess SSDT 866CBB7D services.exe [764.592] ZwOpenThread SSDT 866CC432 services.exe [764.592] ZwProtectVirtualMemory SSDT 866CC609 services.exe [764.592] ZwQueryDirectoryFile SSDT sphj.sys services.exe [764.592] ZwQueryKey [0xF740220A] SSDT 866CB9A2 services.exe [764.592] ZwQuerySystemInformation SSDT sphj.sys services.exe [764.592] ZwQueryValueKey [0xF740208A] SSDT 866CC346 services.exe [764.592] ZwReadVirtualMemory SSDT 866CBD48 services.exe [764.592] ZwSetContextThread SSDT 866CC0DB services.exe [764.592] ZwSetValueKey SSDT 866C9D8D services.exe [764.592] ZwShutdownSystem SSDT 866CBCD5 services.exe [764.592] ZwSuspendThread SSDT 866CBC62 services.exe [764.592] ZwTerminateThread SSDT 866CC3BC services.exe [764.592] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread services.exe [764:424] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys services.exe [764.424] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED services.exe [764.424] ZwDeleteValueKey SSDT 866CBE85 services.exe [764.424] ZwEnumerateKey SSDT 866CBF9E services.exe [764.424] ZwEnumerateValueKey SSDT 866CBDBB services.exe [764.424] ZwOpenKey SSDT 866CBAF5 services.exe [764.424] ZwOpenProcess SSDT 866CBB7D services.exe [764.424] ZwOpenThread SSDT 866CC432 services.exe [764.424] ZwProtectVirtualMemory SSDT 866CC609 services.exe [764.424] ZwQueryDirectoryFile SSDT sphj.sys services.exe [764.424] ZwQueryKey [0xF740220A] SSDT 866CB9A2 services.exe [764.424] ZwQuerySystemInformation SSDT sphj.sys services.exe [764.424] ZwQueryValueKey [0xF740208A] SSDT 866CC346 services.exe [764.424] ZwReadVirtualMemory SSDT 866CBD48 services.exe [764.424] ZwSetContextThread SSDT 866CC0DB services.exe [764.424] ZwSetValueKey SSDT 866C9D8D services.exe [764.424] ZwShutdownSystem SSDT 866CBCD5 services.exe [764.424] ZwSuspendThread SSDT 866CBC62 services.exe [764.424] ZwTerminateThread SSDT 866CC3BC services.exe [764.424] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread services.exe [764:6660] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys services.exe [764.6660] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED services.exe [764.6660] ZwDeleteValueKey SSDT 866CBE85 services.exe [764.6660] ZwEnumerateKey SSDT 866CBF9E services.exe [764.6660] ZwEnumerateValueKey SSDT 866CBDBB services.exe [764.6660] ZwOpenKey SSDT 866CBAF5 services.exe [764.6660] ZwOpenProcess SSDT 866CBB7D services.exe [764.6660] ZwOpenThread SSDT 866CC432 services.exe [764.6660] ZwProtectVirtualMemory SSDT 866CC609 services.exe [764.6660] ZwQueryDirectoryFile SSDT sphj.sys services.exe [764.6660] ZwQueryKey [0xF740220A] SSDT 866CB9A2 services.exe [764.6660] ZwQuerySystemInformation SSDT sphj.sys services.exe [764.6660] ZwQueryValueKey [0xF740208A] SSDT 866CC346 services.exe [764.6660] ZwReadVirtualMemory SSDT 866CBD48 services.exe [764.6660] ZwSetContextThread SSDT 866CC0DB services.exe [764.6660] ZwSetValueKey SSDT 866C9D8D services.exe [764.6660] ZwShutdownSystem SSDT 866CBCD5 services.exe [764.6660] ZwSuspendThread SSDT 866CBC62 services.exe [764.6660] ZwTerminateThread SSDT 866CC3BC services.exe [764.6660] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread services.exe [764:7200] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys services.exe [764.7200] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED services.exe [764.7200] ZwDeleteValueKey SSDT 866CBE85 services.exe [764.7200] ZwEnumerateKey SSDT 866CBF9E services.exe [764.7200] ZwEnumerateValueKey SSDT 866CBDBB services.exe [764.7200] ZwOpenKey SSDT 866CBAF5 services.exe [764.7200] ZwOpenProcess SSDT 866CBB7D services.exe [764.7200] ZwOpenThread SSDT 866CC432 services.exe [764.7200] ZwProtectVirtualMemory SSDT 866CC609 services.exe [764.7200] ZwQueryDirectoryFile SSDT sphj.sys services.exe [764.7200] ZwQueryKey [0xF740220A] SSDT 866CB9A2 services.exe [764.7200] ZwQuerySystemInformation SSDT sphj.sys services.exe [764.7200] ZwQueryValueKey [0xF740208A] SSDT 866CC346 services.exe [764.7200] ZwReadVirtualMemory SSDT 866CBD48 services.exe [764.7200] ZwSetContextThread SSDT 866CC0DB services.exe [764.7200] ZwSetValueKey SSDT 866C9D8D services.exe [764.7200] ZwShutdownSystem SSDT 866CBCD5 services.exe [764.7200] ZwSuspendThread SSDT 866CBC62 services.exe [764.7200] ZwTerminateThread SSDT 866CC3BC services.exe [764.7200] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread services.exe [764:6784] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys services.exe [764.6784] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED services.exe [764.6784] ZwDeleteValueKey SSDT 866CBE85 services.exe [764.6784] ZwEnumerateKey SSDT 866CBF9E services.exe [764.6784] ZwEnumerateValueKey SSDT 866CBDBB services.exe [764.6784] ZwOpenKey SSDT 866CBAF5 services.exe [764.6784] ZwOpenProcess SSDT 866CBB7D services.exe [764.6784] ZwOpenThread SSDT 866CC432 services.exe [764.6784] ZwProtectVirtualMemory SSDT 866CC609 services.exe [764.6784] ZwQueryDirectoryFile SSDT sphj.sys services.exe [764.6784] ZwQueryKey [0xF740220A] SSDT 866CB9A2 services.exe [764.6784] ZwQuerySystemInformation SSDT sphj.sys services.exe [764.6784] ZwQueryValueKey [0xF740208A] SSDT 866CC346 services.exe [764.6784] ZwReadVirtualMemory SSDT 866CBD48 services.exe [764.6784] ZwSetContextThread SSDT 866CC0DB services.exe [764.6784] ZwSetValueKey SSDT 866C9D8D services.exe [764.6784] ZwShutdownSystem SSDT 866CBCD5 services.exe [764.6784] ZwSuspendThread SSDT 866CBC62 services.exe [764.6784] ZwTerminateThread SSDT 866CC3BC services.exe [764.6784] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread services.exe [764:2764] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys services.exe [764.2764] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED services.exe [764.2764] ZwDeleteValueKey SSDT 866CBE85 services.exe [764.2764] ZwEnumerateKey SSDT 866CBF9E services.exe [764.2764] ZwEnumerateValueKey SSDT 866CBDBB services.exe [764.2764] ZwOpenKey SSDT 866CBAF5 services.exe [764.2764] ZwOpenProcess SSDT 866CBB7D services.exe [764.2764] ZwOpenThread SSDT 866CC432 services.exe [764.2764] ZwProtectVirtualMemory SSDT 866CC609 services.exe [764.2764] ZwQueryDirectoryFile SSDT sphj.sys services.exe [764.2764] ZwQueryKey [0xF740220A] SSDT 866CB9A2 services.exe [764.2764] ZwQuerySystemInformation SSDT sphj.sys services.exe [764.2764] ZwQueryValueKey [0xF740208A] SSDT 866CC346 services.exe [764.2764] ZwReadVirtualMemory SSDT 866CBD48 services.exe [764.2764] ZwSetContextThread SSDT 866CC0DB services.exe [764.2764] ZwSetValueKey SSDT 866C9D8D services.exe [764.2764] ZwShutdownSystem SSDT 866CBCD5 services.exe [764.2764] ZwSuspendThread SSDT 866CBC62 services.exe [764.2764] ZwTerminateThread SSDT 866CC3BC services.exe [764.2764] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread services.exe [764:4312] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys services.exe [764.4312] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED services.exe [764.4312] ZwDeleteValueKey SSDT 866CBE85 services.exe [764.4312] ZwEnumerateKey SSDT 866CBF9E services.exe [764.4312] ZwEnumerateValueKey SSDT 866CBDBB services.exe [764.4312] ZwOpenKey SSDT 866CBAF5 services.exe [764.4312] ZwOpenProcess SSDT 866CBB7D services.exe [764.4312] ZwOpenThread SSDT 866CC432 services.exe [764.4312] ZwProtectVirtualMemory SSDT 866CC609 services.exe [764.4312] ZwQueryDirectoryFile SSDT sphj.sys services.exe [764.4312] ZwQueryKey [0xF740220A] SSDT 866CB9A2 services.exe [764.4312] ZwQuerySystemInformation SSDT sphj.sys services.exe [764.4312] ZwQueryValueKey [0xF740208A] SSDT 866CC346 services.exe [764.4312] ZwReadVirtualMemory SSDT 866CBD48 services.exe [764.4312] ZwSetContextThread SSDT 866CC0DB services.exe [764.4312] ZwSetValueKey SSDT 866C9D8D services.exe [764.4312] ZwShutdownSystem SSDT 866CBCD5 services.exe [764.4312] ZwSuspendThread SSDT 866CBC62 services.exe [764.4312] ZwTerminateThread SSDT 866CC3BC services.exe [764.4312] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread services.exe [764:2752] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys services.exe [764.2752] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED services.exe [764.2752] ZwDeleteValueKey SSDT 866CBE85 services.exe [764.2752] ZwEnumerateKey SSDT 866CBF9E services.exe [764.2752] ZwEnumerateValueKey SSDT 866CBDBB services.exe [764.2752] ZwOpenKey SSDT 866CBAF5 services.exe [764.2752] ZwOpenProcess SSDT 866CBB7D services.exe [764.2752] ZwOpenThread SSDT 866CC432 services.exe [764.2752] ZwProtectVirtualMemory SSDT 866CC609 services.exe [764.2752] ZwQueryDirectoryFile SSDT sphj.sys services.exe [764.2752] ZwQueryKey [0xF740220A] SSDT 866CB9A2 services.exe [764.2752] ZwQuerySystemInformation SSDT sphj.sys services.exe [764.2752] ZwQueryValueKey [0xF740208A] SSDT 866CC346 services.exe [764.2752] ZwReadVirtualMemory SSDT 866CBD48 services.exe [764.2752] ZwSetContextThread SSDT 866CC0DB services.exe [764.2752] ZwSetValueKey SSDT 866C9D8D services.exe [764.2752] ZwShutdownSystem SSDT 866CBCD5 services.exe [764.2752] ZwSuspendThread SSDT 866CBC62 services.exe [764.2752] ZwTerminateThread SSDT 866CC3BC services.exe [764.2752] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread services.exe [764:7052] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys services.exe [764.7052] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED services.exe [764.7052] ZwDeleteValueKey SSDT 866CBE85 services.exe [764.7052] ZwEnumerateKey SSDT 866CBF9E services.exe [764.7052] ZwEnumerateValueKey SSDT 866CBDBB services.exe [764.7052] ZwOpenKey SSDT 866CBAF5 services.exe [764.7052] ZwOpenProcess SSDT 866CBB7D services.exe [764.7052] ZwOpenThread SSDT 866CC432 services.exe [764.7052] ZwProtectVirtualMemory SSDT 866CC609 services.exe [764.7052] ZwQueryDirectoryFile SSDT sphj.sys services.exe [764.7052] ZwQueryKey [0xF740220A] SSDT 866CB9A2 services.exe [764.7052] ZwQuerySystemInformation SSDT sphj.sys services.exe [764.7052] ZwQueryValueKey [0xF740208A] SSDT 866CC346 services.exe [764.7052] ZwReadVirtualMemory SSDT 866CBD48 services.exe [764.7052] ZwSetContextThread SSDT 866CC0DB services.exe [764.7052] ZwSetValueKey SSDT 866C9D8D services.exe [764.7052] ZwShutdownSystem SSDT 866CBCD5 services.exe [764.7052] ZwSuspendThread SSDT 866CBC62 services.exe [764.7052] ZwTerminateThread SSDT 866CC3BC services.exe [764.7052] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [776:800] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys lsass.exe [776.800] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED lsass.exe [776.800] ZwDeleteValueKey SSDT 866CBE85 lsass.exe [776.800] ZwEnumerateKey SSDT 866CBF9E lsass.exe [776.800] ZwEnumerateValueKey SSDT 866CBDBB lsass.exe [776.800] ZwOpenKey SSDT 866CBAF5 lsass.exe [776.800] ZwOpenProcess SSDT 866CBB7D lsass.exe [776.800] ZwOpenThread SSDT 866CC432 lsass.exe [776.800] ZwProtectVirtualMemory SSDT 866CC609 lsass.exe [776.800] ZwQueryDirectoryFile SSDT sphj.sys lsass.exe [776.800] ZwQueryKey [0xF740220A] SSDT 866CB9A2 lsass.exe [776.800] ZwQuerySystemInformation SSDT sphj.sys lsass.exe [776.800] ZwQueryValueKey [0xF740208A] SSDT 866CC346 lsass.exe [776.800] ZwReadVirtualMemory SSDT 866CBD48 lsass.exe [776.800] ZwSetContextThread SSDT 866CC0DB lsass.exe [776.800] ZwSetValueKey SSDT 866C9D8D lsass.exe [776.800] ZwShutdownSystem SSDT 866CBCD5 lsass.exe [776.800] ZwSuspendThread SSDT 866CBC62 lsass.exe [776.800] ZwTerminateThread SSDT 866CC3BC lsass.exe [776.800] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [776:804] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys lsass.exe [776.804] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED lsass.exe [776.804] ZwDeleteValueKey SSDT 866CBE85 lsass.exe [776.804] ZwEnumerateKey SSDT 866CBF9E lsass.exe [776.804] ZwEnumerateValueKey SSDT 866CBDBB lsass.exe [776.804] ZwOpenKey SSDT 866CBAF5 lsass.exe [776.804] ZwOpenProcess SSDT 866CBB7D lsass.exe [776.804] ZwOpenThread SSDT 866CC432 lsass.exe [776.804] ZwProtectVirtualMemory SSDT 866CC609 lsass.exe [776.804] ZwQueryDirectoryFile SSDT sphj.sys lsass.exe [776.804] ZwQueryKey [0xF740220A] SSDT 866CB9A2 lsass.exe [776.804] ZwQuerySystemInformation SSDT sphj.sys lsass.exe [776.804] ZwQueryValueKey [0xF740208A] SSDT 866CC346 lsass.exe [776.804] ZwReadVirtualMemory SSDT 866CBD48 lsass.exe [776.804] ZwSetContextThread SSDT 866CC0DB lsass.exe [776.804] ZwSetValueKey SSDT 866C9D8D lsass.exe [776.804] ZwShutdownSystem SSDT 866CBCD5 lsass.exe [776.804] ZwSuspendThread SSDT 866CBC62 lsass.exe [776.804] ZwTerminateThread SSDT 866CC3BC lsass.exe [776.804] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [776:808] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys lsass.exe [776.808] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED lsass.exe [776.808] ZwDeleteValueKey SSDT 866CBE85 lsass.exe [776.808] ZwEnumerateKey SSDT 866CBF9E lsass.exe [776.808] ZwEnumerateValueKey SSDT 866CBDBB lsass.exe [776.808] ZwOpenKey SSDT 866CBAF5 lsass.exe [776.808] ZwOpenProcess SSDT 866CBB7D lsass.exe [776.808] ZwOpenThread SSDT 866CC432 lsass.exe [776.808] ZwProtectVirtualMemory SSDT 866CC609 lsass.exe [776.808] ZwQueryDirectoryFile SSDT sphj.sys lsass.exe [776.808] ZwQueryKey [0xF740220A] SSDT 866CB9A2 lsass.exe [776.808] ZwQuerySystemInformation SSDT sphj.sys lsass.exe [776.808] ZwQueryValueKey [0xF740208A] SSDT 866CC346 lsass.exe [776.808] ZwReadVirtualMemory SSDT 866CBD48 lsass.exe [776.808] ZwSetContextThread SSDT 866CC0DB lsass.exe [776.808] ZwSetValueKey SSDT 866C9D8D lsass.exe [776.808] ZwShutdownSystem SSDT 866CBCD5 lsass.exe [776.808] ZwSuspendThread SSDT 866CBC62 lsass.exe [776.808] ZwTerminateThread SSDT 866CC3BC lsass.exe [776.808] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [776:812] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys lsass.exe [776.812] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED lsass.exe [776.812] ZwDeleteValueKey SSDT 866CBE85 lsass.exe [776.812] ZwEnumerateKey SSDT 866CBF9E lsass.exe [776.812] ZwEnumerateValueKey SSDT 866CBDBB lsass.exe [776.812] ZwOpenKey SSDT 866CBAF5 lsass.exe [776.812] ZwOpenProcess SSDT 866CBB7D lsass.exe [776.812] ZwOpenThread SSDT 866CC432 lsass.exe [776.812] ZwProtectVirtualMemory SSDT 866CC609 lsass.exe [776.812] ZwQueryDirectoryFile SSDT sphj.sys lsass.exe [776.812] ZwQueryKey [0xF740220A] SSDT 866CB9A2 lsass.exe [776.812] ZwQuerySystemInformation SSDT sphj.sys lsass.exe [776.812] ZwQueryValueKey [0xF740208A] SSDT 866CC346 lsass.exe [776.812] ZwReadVirtualMemory SSDT 866CBD48 lsass.exe [776.812] ZwSetContextThread SSDT 866CC0DB lsass.exe [776.812] ZwSetValueKey SSDT 866C9D8D lsass.exe [776.812] ZwShutdownSystem SSDT 866CBCD5 lsass.exe [776.812] ZwSuspendThread SSDT 866CBC62 lsass.exe [776.812] ZwTerminateThread SSDT 866CC3BC lsass.exe [776.812] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [776:816] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys lsass.exe [776.816] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED lsass.exe [776.816] ZwDeleteValueKey SSDT 866CBE85 lsass.exe [776.816] ZwEnumerateKey SSDT 866CBF9E lsass.exe [776.816] ZwEnumerateValueKey SSDT 866CBDBB lsass.exe [776.816] ZwOpenKey SSDT 866CBAF5 lsass.exe [776.816] ZwOpenProcess SSDT 866CBB7D lsass.exe [776.816] ZwOpenThread SSDT 866CC432 lsass.exe [776.816] ZwProtectVirtualMemory SSDT 866CC609 lsass.exe [776.816] ZwQueryDirectoryFile SSDT sphj.sys lsass.exe [776.816] ZwQueryKey [0xF740220A] SSDT 866CB9A2 lsass.exe [776.816] ZwQuerySystemInformation SSDT sphj.sys lsass.exe [776.816] ZwQueryValueKey [0xF740208A] SSDT 866CC346 lsass.exe [776.816] ZwReadVirtualMemory SSDT 866CBD48 lsass.exe [776.816] ZwSetContextThread SSDT 866CC0DB lsass.exe [776.816] ZwSetValueKey SSDT 866C9D8D lsass.exe [776.816] ZwShutdownSystem SSDT 866CBCD5 lsass.exe [776.816] ZwSuspendThread SSDT 866CBC62 lsass.exe [776.816] ZwTerminateThread SSDT 866CC3BC lsass.exe [776.816] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [776:832] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys lsass.exe [776.832] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED lsass.exe [776.832] ZwDeleteValueKey SSDT 866CBE85 lsass.exe [776.832] ZwEnumerateKey SSDT 866CBF9E lsass.exe [776.832] ZwEnumerateValueKey SSDT 866CBDBB lsass.exe [776.832] ZwOpenKey SSDT 866CBAF5 lsass.exe [776.832] ZwOpenProcess SSDT 866CBB7D lsass.exe [776.832] ZwOpenThread SSDT 866CC432 lsass.exe [776.832] ZwProtectVirtualMemory SSDT 866CC609 lsass.exe [776.832] ZwQueryDirectoryFile SSDT sphj.sys lsass.exe [776.832] ZwQueryKey [0xF740220A] SSDT 866CB9A2 lsass.exe [776.832] ZwQuerySystemInformation SSDT sphj.sys lsass.exe [776.832] ZwQueryValueKey [0xF740208A] SSDT 866CC346 lsass.exe [776.832] ZwReadVirtualMemory SSDT 866CBD48 lsass.exe [776.832] ZwSetContextThread SSDT 866CC0DB lsass.exe [776.832] ZwSetValueKey SSDT 866C9D8D lsass.exe [776.832] ZwShutdownSystem SSDT 866CBCD5 lsass.exe [776.832] ZwSuspendThread SSDT 866CBC62 lsass.exe [776.832] ZwTerminateThread SSDT 866CC3BC lsass.exe [776.832] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [776:848] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys lsass.exe [776.848] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED lsass.exe [776.848] ZwDeleteValueKey SSDT 866CBE85 lsass.exe [776.848] ZwEnumerateKey SSDT 866CBF9E lsass.exe [776.848] ZwEnumerateValueKey SSDT 866CBDBB lsass.exe [776.848] ZwOpenKey SSDT 866CBAF5 lsass.exe [776.848] ZwOpenProcess SSDT 866CBB7D lsass.exe [776.848] ZwOpenThread SSDT 866CC432 lsass.exe [776.848] ZwProtectVirtualMemory SSDT 866CC609 lsass.exe [776.848] ZwQueryDirectoryFile SSDT sphj.sys lsass.exe [776.848] ZwQueryKey [0xF740220A] SSDT 866CB9A2 lsass.exe [776.848] ZwQuerySystemInformation SSDT sphj.sys lsass.exe [776.848] ZwQueryValueKey [0xF740208A] SSDT 866CC346 lsass.exe [776.848] ZwReadVirtualMemory SSDT 866CBD48 lsass.exe [776.848] ZwSetContextThread SSDT 866CC0DB lsass.exe [776.848] ZwSetValueKey SSDT 866C9D8D lsass.exe [776.848] ZwShutdownSystem SSDT 866CBCD5 lsass.exe [776.848] ZwSuspendThread SSDT 866CBC62 lsass.exe [776.848] ZwTerminateThread SSDT 866CC3BC lsass.exe [776.848] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [776:852] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys lsass.exe [776.852] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED lsass.exe [776.852] ZwDeleteValueKey SSDT 866CBE85 lsass.exe [776.852] ZwEnumerateKey SSDT 866CBF9E lsass.exe [776.852] ZwEnumerateValueKey SSDT 866CBDBB lsass.exe [776.852] ZwOpenKey SSDT 866CBAF5 lsass.exe [776.852] ZwOpenProcess SSDT 866CBB7D lsass.exe [776.852] ZwOpenThread SSDT 866CC432 lsass.exe [776.852] ZwProtectVirtualMemory SSDT 866CC609 lsass.exe [776.852] ZwQueryDirectoryFile SSDT sphj.sys lsass.exe [776.852] ZwQueryKey [0xF740220A] SSDT 866CB9A2 lsass.exe [776.852] ZwQuerySystemInformation SSDT sphj.sys lsass.exe [776.852] ZwQueryValueKey [0xF740208A] SSDT 866CC346 lsass.exe [776.852] ZwReadVirtualMemory SSDT 866CBD48 lsass.exe [776.852] ZwSetContextThread SSDT 866CC0DB lsass.exe [776.852] ZwSetValueKey SSDT 866C9D8D lsass.exe [776.852] ZwShutdownSystem SSDT 866CBCD5 lsass.exe [776.852] ZwSuspendThread SSDT 866CBC62 lsass.exe [776.852] ZwTerminateThread SSDT 866CC3BC lsass.exe [776.852] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [776:860] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys lsass.exe [776.860] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED lsass.exe [776.860] ZwDeleteValueKey SSDT 866CBE85 lsass.exe [776.860] ZwEnumerateKey SSDT 866CBF9E lsass.exe [776.860] ZwEnumerateValueKey SSDT 866CBDBB lsass.exe [776.860] ZwOpenKey SSDT 866CBAF5 lsass.exe [776.860] ZwOpenProcess SSDT 866CBB7D lsass.exe [776.860] ZwOpenThread SSDT 866CC432 lsass.exe [776.860] ZwProtectVirtualMemory SSDT 866CC609 lsass.exe [776.860] ZwQueryDirectoryFile SSDT sphj.sys lsass.exe [776.860] ZwQueryKey [0xF740220A] SSDT 866CB9A2 lsass.exe [776.860] ZwQuerySystemInformation SSDT sphj.sys lsass.exe [776.860] ZwQueryValueKey [0xF740208A] SSDT 866CC346 lsass.exe [776.860] ZwReadVirtualMemory SSDT 866CBD48 lsass.exe [776.860] ZwSetContextThread SSDT 866CC0DB lsass.exe [776.860] ZwSetValueKey SSDT 866C9D8D lsass.exe [776.860] ZwShutdownSystem SSDT 866CBCD5 lsass.exe [776.860] ZwSuspendThread SSDT 866CBC62 lsass.exe [776.860] ZwTerminateThread SSDT 866CC3BC lsass.exe [776.860] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [776:880] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys lsass.exe [776.880] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED lsass.exe [776.880] ZwDeleteValueKey SSDT 866CBE85 lsass.exe [776.880] ZwEnumerateKey SSDT 866CBF9E lsass.exe [776.880] ZwEnumerateValueKey SSDT 866CBDBB lsass.exe [776.880] ZwOpenKey SSDT 866CBAF5 lsass.exe [776.880] ZwOpenProcess SSDT 866CBB7D lsass.exe [776.880] ZwOpenThread SSDT 866CC432 lsass.exe [776.880] ZwProtectVirtualMemory SSDT 866CC609 lsass.exe [776.880] ZwQueryDirectoryFile SSDT sphj.sys lsass.exe [776.880] ZwQueryKey [0xF740220A] SSDT 866CB9A2 lsass.exe [776.880] ZwQuerySystemInformation SSDT sphj.sys lsass.exe [776.880] ZwQueryValueKey [0xF740208A] SSDT 866CC346 lsass.exe [776.880] ZwReadVirtualMemory SSDT 866CBD48 lsass.exe [776.880] ZwSetContextThread SSDT 866CC0DB lsass.exe [776.880] ZwSetValueKey SSDT 866C9D8D lsass.exe [776.880] ZwShutdownSystem SSDT 866CBCD5 lsass.exe [776.880] ZwSuspendThread SSDT 866CBC62 lsass.exe [776.880] ZwTerminateThread SSDT 866CC3BC lsass.exe [776.880] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [776:884] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys lsass.exe [776.884] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED lsass.exe [776.884] ZwDeleteValueKey SSDT 866CBE85 lsass.exe [776.884] ZwEnumerateKey SSDT 866CBF9E lsass.exe [776.884] ZwEnumerateValueKey SSDT 866CBDBB lsass.exe [776.884] ZwOpenKey SSDT 866CBAF5 lsass.exe [776.884] ZwOpenProcess SSDT 866CBB7D lsass.exe [776.884] ZwOpenThread SSDT 866CC432 lsass.exe [776.884] ZwProtectVirtualMemory SSDT 866CC609 lsass.exe [776.884] ZwQueryDirectoryFile SSDT sphj.sys lsass.exe [776.884] ZwQueryKey [0xF740220A] SSDT 866CB9A2 lsass.exe [776.884] ZwQuerySystemInformation SSDT sphj.sys lsass.exe [776.884] ZwQueryValueKey [0xF740208A] SSDT 866CC346 lsass.exe [776.884] ZwReadVirtualMemory SSDT 866CBD48 lsass.exe [776.884] ZwSetContextThread SSDT 866CC0DB lsass.exe [776.884] ZwSetValueKey SSDT 866C9D8D lsass.exe [776.884] ZwShutdownSystem SSDT 866CBCD5 lsass.exe [776.884] ZwSuspendThread SSDT 866CBC62 lsass.exe [776.884] ZwTerminateThread SSDT 866CC3BC lsass.exe [776.884] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [776:904] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys lsass.exe [776.904] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED lsass.exe [776.904] ZwDeleteValueKey SSDT 866CBE85 lsass.exe [776.904] ZwEnumerateKey SSDT 866CBF9E lsass.exe [776.904] ZwEnumerateValueKey SSDT 866CBDBB lsass.exe [776.904] ZwOpenKey SSDT 866CBAF5 lsass.exe [776.904] ZwOpenProcess SSDT 866CBB7D lsass.exe [776.904] ZwOpenThread SSDT 866CC432 lsass.exe [776.904] ZwProtectVirtualMemory SSDT 866CC609 lsass.exe [776.904] ZwQueryDirectoryFile SSDT sphj.sys lsass.exe [776.904] ZwQueryKey [0xF740220A] SSDT 866CB9A2 lsass.exe [776.904] ZwQuerySystemInformation SSDT sphj.sys lsass.exe [776.904] ZwQueryValueKey [0xF740208A] SSDT 866CC346 lsass.exe [776.904] ZwReadVirtualMemory SSDT 866CBD48 lsass.exe [776.904] ZwSetContextThread SSDT 866CC0DB lsass.exe [776.904] ZwSetValueKey SSDT 866C9D8D lsass.exe [776.904] ZwShutdownSystem SSDT 866CBCD5 lsass.exe [776.904] ZwSuspendThread SSDT 866CBC62 lsass.exe [776.904] ZwTerminateThread SSDT 866CC3BC lsass.exe [776.904] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [776:936] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys lsass.exe [776.936] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED lsass.exe [776.936] ZwDeleteValueKey SSDT 866CBE85 lsass.exe [776.936] ZwEnumerateKey SSDT 866CBF9E lsass.exe [776.936] ZwEnumerateValueKey SSDT 866CBDBB lsass.exe [776.936] ZwOpenKey SSDT 866CBAF5 lsass.exe [776.936] ZwOpenProcess SSDT 866CBB7D lsass.exe [776.936] ZwOpenThread SSDT 866CC432 lsass.exe [776.936] ZwProtectVirtualMemory SSDT 866CC609 lsass.exe [776.936] ZwQueryDirectoryFile SSDT sphj.sys lsass.exe [776.936] ZwQueryKey [0xF740220A] SSDT 866CB9A2 lsass.exe [776.936] ZwQuerySystemInformation SSDT sphj.sys lsass.exe [776.936] ZwQueryValueKey [0xF740208A] SSDT 866CC346 lsass.exe [776.936] ZwReadVirtualMemory SSDT 866CBD48 lsass.exe [776.936] ZwSetContextThread SSDT 866CC0DB lsass.exe [776.936] ZwSetValueKey SSDT 866C9D8D lsass.exe [776.936] ZwShutdownSystem SSDT 866CBCD5 lsass.exe [776.936] ZwSuspendThread SSDT 866CBC62 lsass.exe [776.936] ZwTerminateThread SSDT 866CC3BC lsass.exe [776.936] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [776:1536] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys lsass.exe [776.1536] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED lsass.exe [776.1536] ZwDeleteValueKey SSDT 866CBE85 lsass.exe [776.1536] ZwEnumerateKey SSDT 866CBF9E lsass.exe [776.1536] ZwEnumerateValueKey SSDT 866CBDBB lsass.exe [776.1536] ZwOpenKey SSDT 866CBAF5 lsass.exe [776.1536] ZwOpenProcess SSDT 866CBB7D lsass.exe [776.1536] ZwOpenThread SSDT 866CC432 lsass.exe [776.1536] ZwProtectVirtualMemory SSDT 866CC609 lsass.exe [776.1536] ZwQueryDirectoryFile SSDT sphj.sys lsass.exe [776.1536] ZwQueryKey [0xF740220A] SSDT 866CB9A2 lsass.exe [776.1536] ZwQuerySystemInformation SSDT sphj.sys lsass.exe [776.1536] ZwQueryValueKey [0xF740208A] SSDT 866CC346 lsass.exe [776.1536] ZwReadVirtualMemory SSDT 866CBD48 lsass.exe [776.1536] ZwSetContextThread SSDT 866CC0DB lsass.exe [776.1536] ZwSetValueKey SSDT 866C9D8D lsass.exe [776.1536] ZwShutdownSystem SSDT 866CBCD5 lsass.exe [776.1536] ZwSuspendThread SSDT 866CBC62 lsass.exe [776.1536] ZwTerminateThread SSDT 866CC3BC lsass.exe [776.1536] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [776:1652] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys lsass.exe [776.1652] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED lsass.exe [776.1652] ZwDeleteValueKey SSDT 866CBE85 lsass.exe [776.1652] ZwEnumerateKey SSDT 866CBF9E lsass.exe [776.1652] ZwEnumerateValueKey SSDT 866CBDBB lsass.exe [776.1652] ZwOpenKey SSDT 866CBAF5 lsass.exe [776.1652] ZwOpenProcess SSDT 866CBB7D lsass.exe [776.1652] ZwOpenThread SSDT 866CC432 lsass.exe [776.1652] ZwProtectVirtualMemory SSDT 866CC609 lsass.exe [776.1652] ZwQueryDirectoryFile SSDT sphj.sys lsass.exe [776.1652] ZwQueryKey [0xF740220A] SSDT 866CB9A2 lsass.exe [776.1652] ZwQuerySystemInformation SSDT sphj.sys lsass.exe [776.1652] ZwQueryValueKey [0xF740208A] SSDT 866CC346 lsass.exe [776.1652] ZwReadVirtualMemory SSDT 866CBD48 lsass.exe [776.1652] ZwSetContextThread SSDT 866CC0DB lsass.exe [776.1652] ZwSetValueKey SSDT 866C9D8D lsass.exe [776.1652] ZwShutdownSystem SSDT 866CBCD5 lsass.exe [776.1652] ZwSuspendThread SSDT 866CBC62 lsass.exe [776.1652] ZwTerminateThread SSDT 866CC3BC lsass.exe [776.1652] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [776:1656] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys lsass.exe [776.1656] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED lsass.exe [776.1656] ZwDeleteValueKey SSDT 866CBE85 lsass.exe [776.1656] ZwEnumerateKey SSDT 866CBF9E lsass.exe [776.1656] ZwEnumerateValueKey SSDT 866CBDBB lsass.exe [776.1656] ZwOpenKey SSDT 866CBAF5 lsass.exe [776.1656] ZwOpenProcess SSDT 866CBB7D lsass.exe [776.1656] ZwOpenThread SSDT 866CC432 lsass.exe [776.1656] ZwProtectVirtualMemory SSDT 866CC609 lsass.exe [776.1656] ZwQueryDirectoryFile SSDT sphj.sys lsass.exe [776.1656] ZwQueryKey [0xF740220A] SSDT 866CB9A2 lsass.exe [776.1656] ZwQuerySystemInformation SSDT sphj.sys lsass.exe [776.1656] ZwQueryValueKey [0xF740208A] SSDT 866CC346 lsass.exe [776.1656] ZwReadVirtualMemory SSDT 866CBD48 lsass.exe [776.1656] ZwSetContextThread SSDT 866CC0DB lsass.exe [776.1656] ZwSetValueKey SSDT 866C9D8D lsass.exe [776.1656] ZwShutdownSystem SSDT 866CBCD5 lsass.exe [776.1656] ZwSuspendThread SSDT 866CBC62 lsass.exe [776.1656] ZwTerminateThread SSDT 866CC3BC lsass.exe [776.1656] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [776:1664] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys lsass.exe [776.1664] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED lsass.exe [776.1664] ZwDeleteValueKey SSDT 866CBE85 lsass.exe [776.1664] ZwEnumerateKey SSDT 866CBF9E lsass.exe [776.1664] ZwEnumerateValueKey SSDT 866CBDBB lsass.exe [776.1664] ZwOpenKey SSDT 866CBAF5 lsass.exe [776.1664] ZwOpenProcess SSDT 866CBB7D lsass.exe [776.1664] ZwOpenThread SSDT 866CC432 lsass.exe [776.1664] ZwProtectVirtualMemory SSDT 866CC609 lsass.exe [776.1664] ZwQueryDirectoryFile SSDT sphj.sys lsass.exe [776.1664] ZwQueryKey [0xF740220A] SSDT 866CB9A2 lsass.exe [776.1664] ZwQuerySystemInformation SSDT sphj.sys lsass.exe [776.1664] ZwQueryValueKey [0xF740208A] SSDT 866CC346 lsass.exe [776.1664] ZwReadVirtualMemory SSDT 866CBD48 lsass.exe [776.1664] ZwSetContextThread SSDT 866CC0DB lsass.exe [776.1664] ZwSetValueKey SSDT 866C9D8D lsass.exe [776.1664] ZwShutdownSystem SSDT 866CBCD5 lsass.exe [776.1664] ZwSuspendThread SSDT 866CBC62 lsass.exe [776.1664] ZwTerminateThread SSDT 866CC3BC lsass.exe [776.1664] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [776:2564] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys lsass.exe [776.2564] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED lsass.exe [776.2564] ZwDeleteValueKey SSDT 866CBE85 lsass.exe [776.2564] ZwEnumerateKey SSDT 866CBF9E lsass.exe [776.2564] ZwEnumerateValueKey SSDT 866CBDBB lsass.exe [776.2564] ZwOpenKey SSDT 866CBAF5 lsass.exe [776.2564] ZwOpenProcess SSDT 866CBB7D lsass.exe [776.2564] ZwOpenThread SSDT 866CC432 lsass.exe [776.2564] ZwProtectVirtualMemory SSDT 866CC609 lsass.exe [776.2564] ZwQueryDirectoryFile SSDT sphj.sys lsass.exe [776.2564] ZwQueryKey [0xF740220A] SSDT 866CB9A2 lsass.exe [776.2564] ZwQuerySystemInformation SSDT sphj.sys lsass.exe [776.2564] ZwQueryValueKey [0xF740208A] SSDT 866CC346 lsass.exe [776.2564] ZwReadVirtualMemory SSDT 866CBD48 lsass.exe [776.2564] ZwSetContextThread SSDT 866CC0DB lsass.exe [776.2564] ZwSetValueKey SSDT 866C9D8D lsass.exe [776.2564] ZwShutdownSystem SSDT 866CBCD5 lsass.exe [776.2564] ZwSuspendThread SSDT 866CBC62 lsass.exe [776.2564] ZwTerminateThread SSDT 866CC3BC lsass.exe [776.2564] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [776:2156] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys lsass.exe [776.2156] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED lsass.exe [776.2156] ZwDeleteValueKey SSDT 866CBE85 lsass.exe [776.2156] ZwEnumerateKey SSDT 866CBF9E lsass.exe [776.2156] ZwEnumerateValueKey SSDT 866CBDBB lsass.exe [776.2156] ZwOpenKey SSDT 866CBAF5 lsass.exe [776.2156] ZwOpenProcess SSDT 866CBB7D lsass.exe [776.2156] ZwOpenThread SSDT 866CC432 lsass.exe [776.2156] ZwProtectVirtualMemory SSDT 866CC609 lsass.exe [776.2156] ZwQueryDirectoryFile SSDT sphj.sys lsass.exe [776.2156] ZwQueryKey [0xF740220A] SSDT 866CB9A2 lsass.exe [776.2156] ZwQuerySystemInformation SSDT sphj.sys lsass.exe [776.2156] ZwQueryValueKey [0xF740208A] SSDT 866CC346 lsass.exe [776.2156] ZwReadVirtualMemory SSDT 866CBD48 lsass.exe [776.2156] ZwSetContextThread SSDT 866CC0DB lsass.exe [776.2156] ZwSetValueKey SSDT 866C9D8D lsass.exe [776.2156] ZwShutdownSystem SSDT 866CBCD5 lsass.exe [776.2156] ZwSuspendThread SSDT 866CBC62 lsass.exe [776.2156] ZwTerminateThread SSDT 866CC3BC lsass.exe [776.2156] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [776:5240] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys lsass.exe [776.5240] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED lsass.exe [776.5240] ZwDeleteValueKey SSDT 866CBE85 lsass.exe [776.5240] ZwEnumerateKey SSDT 866CBF9E lsass.exe [776.5240] ZwEnumerateValueKey SSDT 866CBDBB lsass.exe [776.5240] ZwOpenKey SSDT 866CBAF5 lsass.exe [776.5240] ZwOpenProcess SSDT 866CBB7D lsass.exe [776.5240] ZwOpenThread SSDT 866CC432 lsass.exe [776.5240] ZwProtectVirtualMemory SSDT 866CC609 lsass.exe [776.5240] ZwQueryDirectoryFile SSDT sphj.sys lsass.exe [776.5240] ZwQueryKey [0xF740220A] SSDT 866CB9A2 lsass.exe [776.5240] ZwQuerySystemInformation SSDT sphj.sys lsass.exe [776.5240] ZwQueryValueKey [0xF740208A] SSDT 866CC346 lsass.exe [776.5240] ZwReadVirtualMemory SSDT 866CBD48 lsass.exe [776.5240] ZwSetContextThread SSDT 866CC0DB lsass.exe [776.5240] ZwSetValueKey SSDT 866C9D8D lsass.exe [776.5240] ZwShutdownSystem SSDT 866CBCD5 lsass.exe [776.5240] ZwSuspendThread SSDT 866CBC62 lsass.exe [776.5240] ZwTerminateThread SSDT 866CC3BC lsass.exe [776.5240] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread ati2evxx.exe [944:948] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys ati2evxx.exe [944.948] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED ati2evxx.exe [944.948] ZwDeleteValueKey SSDT 866CBE85 ati2evxx.exe [944.948] ZwEnumerateKey SSDT 866CBF9E ati2evxx.exe [944.948] ZwEnumerateValueKey SSDT 866CBDBB ati2evxx.exe [944.948] ZwOpenKey SSDT 866CBAF5 ati2evxx.exe [944.948] ZwOpenProcess SSDT 866CBB7D ati2evxx.exe [944.948] ZwOpenThread SSDT 866CC432 ati2evxx.exe [944.948] ZwProtectVirtualMemory SSDT 866CC609 ati2evxx.exe [944.948] ZwQueryDirectoryFile SSDT sphj.sys ati2evxx.exe [944.948] ZwQueryKey [0xF740220A] SSDT 866CB9A2 ati2evxx.exe [944.948] ZwQuerySystemInformation SSDT sphj.sys ati2evxx.exe [944.948] ZwQueryValueKey [0xF740208A] SSDT 866CC346 ati2evxx.exe [944.948] ZwReadVirtualMemory SSDT 866CBD48 ati2evxx.exe [944.948] ZwSetContextThread SSDT 866CC0DB ati2evxx.exe [944.948] ZwSetValueKey SSDT 866C9D8D ati2evxx.exe [944.948] ZwShutdownSystem SSDT 866CBCD5 ati2evxx.exe [944.948] ZwSuspendThread SSDT 866CBC62 ati2evxx.exe [944.948] ZwTerminateThread SSDT 866CC3BC ati2evxx.exe [944.948] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread ati2evxx.exe [944:952] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys ati2evxx.exe [944.952] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED ati2evxx.exe [944.952] ZwDeleteValueKey SSDT 866CBE85 ati2evxx.exe [944.952] ZwEnumerateKey SSDT 866CBF9E ati2evxx.exe [944.952] ZwEnumerateValueKey SSDT 866CBDBB ati2evxx.exe [944.952] ZwOpenKey SSDT 866CBAF5 ati2evxx.exe [944.952] ZwOpenProcess SSDT 866CBB7D ati2evxx.exe [944.952] ZwOpenThread SSDT 866CC432 ati2evxx.exe [944.952] ZwProtectVirtualMemory SSDT 866CC609 ati2evxx.exe [944.952] ZwQueryDirectoryFile SSDT sphj.sys ati2evxx.exe [944.952] ZwQueryKey [0xF740220A] SSDT 866CB9A2 ati2evxx.exe [944.952] ZwQuerySystemInformation SSDT sphj.sys ati2evxx.exe [944.952] ZwQueryValueKey [0xF740208A] SSDT 866CC346 ati2evxx.exe [944.952] ZwReadVirtualMemory SSDT 866CBD48 ati2evxx.exe [944.952] ZwSetContextThread SSDT 866CC0DB ati2evxx.exe [944.952] ZwSetValueKey SSDT 866C9D8D ati2evxx.exe [944.952] ZwShutdownSystem SSDT 866CBCD5 ati2evxx.exe [944.952] ZwSuspendThread SSDT 866CBC62 ati2evxx.exe [944.952] ZwTerminateThread SSDT 866CC3BC ati2evxx.exe [944.952] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread ati2evxx.exe [944:968] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys ati2evxx.exe [944.968] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED ati2evxx.exe [944.968] ZwDeleteValueKey SSDT 866CBE85 ati2evxx.exe [944.968] ZwEnumerateKey SSDT 866CBF9E ati2evxx.exe [944.968] ZwEnumerateValueKey SSDT 866CBDBB ati2evxx.exe [944.968] ZwOpenKey SSDT 866CBAF5 ati2evxx.exe [944.968] ZwOpenProcess SSDT 866CBB7D ati2evxx.exe [944.968] ZwOpenThread SSDT 866CC432 ati2evxx.exe [944.968] ZwProtectVirtualMemory SSDT 866CC609 ati2evxx.exe [944.968] ZwQueryDirectoryFile SSDT sphj.sys ati2evxx.exe [944.968] ZwQueryKey [0xF740220A] SSDT 866CB9A2 ati2evxx.exe [944.968] ZwQuerySystemInformation SSDT sphj.sys ati2evxx.exe [944.968] ZwQueryValueKey [0xF740208A] SSDT 866CC346 ati2evxx.exe [944.968] ZwReadVirtualMemory SSDT 866CBD48 ati2evxx.exe [944.968] ZwSetContextThread SSDT 866CC0DB ati2evxx.exe [944.968] ZwSetValueKey SSDT 866C9D8D ati2evxx.exe [944.968] ZwShutdownSystem SSDT 866CBCD5 ati2evxx.exe [944.968] ZwSuspendThread SSDT 866CBC62 ati2evxx.exe [944.968] ZwTerminateThread SSDT 866CC3BC ati2evxx.exe [944.968] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread ati2evxx.exe [944:980] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys ati2evxx.exe [944.980] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED ati2evxx.exe [944.980] ZwDeleteValueKey SSDT 866CBE85 ati2evxx.exe [944.980] ZwEnumerateKey SSDT 866CBF9E ati2evxx.exe [944.980] ZwEnumerateValueKey SSDT 866CBDBB ati2evxx.exe [944.980] ZwOpenKey SSDT 866CBAF5 ati2evxx.exe [944.980] ZwOpenProcess SSDT 866CBB7D ati2evxx.exe [944.980] ZwOpenThread SSDT 866CC432 ati2evxx.exe [944.980] ZwProtectVirtualMemory SSDT 866CC609 ati2evxx.exe [944.980] ZwQueryDirectoryFile SSDT sphj.sys ati2evxx.exe [944.980] ZwQueryKey [0xF740220A] SSDT 866CB9A2 ati2evxx.exe [944.980] ZwQuerySystemInformation SSDT sphj.sys ati2evxx.exe [944.980] ZwQueryValueKey [0xF740208A] SSDT 866CC346 ati2evxx.exe [944.980] ZwReadVirtualMemory SSDT 866CBD48 ati2evxx.exe [944.980] ZwSetContextThread SSDT 866CC0DB ati2evxx.exe [944.980] ZwSetValueKey SSDT 866C9D8D ati2evxx.exe [944.980] ZwShutdownSystem SSDT 866CBCD5 ati2evxx.exe [944.980] ZwSuspendThread SSDT 866CBC62 ati2evxx.exe [944.980] ZwTerminateThread SSDT 866CC3BC ati2evxx.exe [944.980] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [960:964] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [960.964] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [960.964] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [960.964] ZwEnumerateKey SSDT 866CBF9E svchost.exe [960.964] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [960.964] ZwOpenKey SSDT 866CBAF5 svchost.exe [960.964] ZwOpenProcess SSDT 866CBB7D svchost.exe [960.964] ZwOpenThread SSDT 866CC432 svchost.exe [960.964] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [960.964] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [960.964] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [960.964] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [960.964] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [960.964] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [960.964] ZwSetContextThread SSDT 866CC0DB svchost.exe [960.964] ZwSetValueKey SSDT 866C9D8D svchost.exe [960.964] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [960.964] ZwSuspendThread SSDT 866CBC62 svchost.exe [960.964] ZwTerminateThread SSDT 866CC3BC svchost.exe [960.964] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [960:988] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [960.988] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [960.988] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [960.988] ZwEnumerateKey SSDT 866CBF9E svchost.exe [960.988] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [960.988] ZwOpenKey SSDT 866CBAF5 svchost.exe [960.988] ZwOpenProcess SSDT 866CBB7D svchost.exe [960.988] ZwOpenThread SSDT 866CC432 svchost.exe [960.988] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [960.988] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [960.988] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [960.988] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [960.988] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [960.988] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [960.988] ZwSetContextThread SSDT 866CC0DB svchost.exe [960.988] ZwSetValueKey SSDT 866C9D8D svchost.exe [960.988] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [960.988] ZwSuspendThread SSDT 866CBC62 svchost.exe [960.988] ZwTerminateThread SSDT 866CC3BC svchost.exe [960.988] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [960:1020] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [960.1020] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [960.1020] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [960.1020] ZwEnumerateKey SSDT 866CBF9E svchost.exe [960.1020] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [960.1020] ZwOpenKey SSDT 866CBAF5 svchost.exe [960.1020] ZwOpenProcess SSDT 866CBB7D svchost.exe [960.1020] ZwOpenThread SSDT 866CC432 svchost.exe [960.1020] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [960.1020] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [960.1020] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [960.1020] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [960.1020] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [960.1020] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [960.1020] ZwSetContextThread SSDT 866CC0DB svchost.exe [960.1020] ZwSetValueKey SSDT 866C9D8D svchost.exe [960.1020] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [960.1020] ZwSuspendThread SSDT 866CBC62 svchost.exe [960.1020] ZwTerminateThread SSDT 866CC3BC svchost.exe [960.1020] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [960:1028] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [960.1028] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [960.1028] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [960.1028] ZwEnumerateKey SSDT 866CBF9E svchost.exe [960.1028] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [960.1028] ZwOpenKey SSDT 866CBAF5 svchost.exe [960.1028] ZwOpenProcess SSDT 866CBB7D svchost.exe [960.1028] ZwOpenThread SSDT 866CC432 svchost.exe [960.1028] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [960.1028] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [960.1028] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [960.1028] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [960.1028] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [960.1028] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [960.1028] ZwSetContextThread SSDT 866CC0DB svchost.exe [960.1028] ZwSetValueKey SSDT 866C9D8D svchost.exe [960.1028] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [960.1028] ZwSuspendThread SSDT 866CBC62 svchost.exe [960.1028] ZwTerminateThread SSDT 866CC3BC svchost.exe [960.1028] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [960:1032] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [960.1032] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [960.1032] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [960.1032] ZwEnumerateKey SSDT 866CBF9E svchost.exe [960.1032] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [960.1032] ZwOpenKey SSDT 866CBAF5 svchost.exe [960.1032] ZwOpenProcess SSDT 866CBB7D svchost.exe [960.1032] ZwOpenThread SSDT 866CC432 svchost.exe [960.1032] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [960.1032] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [960.1032] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [960.1032] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [960.1032] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [960.1032] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [960.1032] ZwSetContextThread SSDT 866CC0DB svchost.exe [960.1032] ZwSetValueKey SSDT 866C9D8D svchost.exe [960.1032] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [960.1032] ZwSuspendThread SSDT 866CBC62 svchost.exe [960.1032] ZwTerminateThread SSDT 866CC3BC svchost.exe [960.1032] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [960:1036] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [960.1036] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [960.1036] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [960.1036] ZwEnumerateKey SSDT 866CBF9E svchost.exe [960.1036] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [960.1036] ZwOpenKey SSDT 866CBAF5 svchost.exe [960.1036] ZwOpenProcess SSDT 866CBB7D svchost.exe [960.1036] ZwOpenThread SSDT 866CC432 svchost.exe [960.1036] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [960.1036] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [960.1036] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [960.1036] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [960.1036] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [960.1036] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [960.1036] ZwSetContextThread SSDT 866CC0DB svchost.exe [960.1036] ZwSetValueKey SSDT 866C9D8D svchost.exe [960.1036] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [960.1036] ZwSuspendThread SSDT 866CBC62 svchost.exe [960.1036] ZwTerminateThread SSDT 866CC3BC svchost.exe [960.1036] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [960:1044] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [960.1044] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [960.1044] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [960.1044] ZwEnumerateKey SSDT 866CBF9E svchost.exe [960.1044] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [960.1044] ZwOpenKey SSDT 866CBAF5 svchost.exe [960.1044] ZwOpenProcess SSDT 866CBB7D svchost.exe [960.1044] ZwOpenThread SSDT 866CC432 svchost.exe [960.1044] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [960.1044] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [960.1044] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [960.1044] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [960.1044] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [960.1044] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [960.1044] ZwSetContextThread SSDT 866CC0DB svchost.exe [960.1044] ZwSetValueKey SSDT 866C9D8D svchost.exe [960.1044] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [960.1044] ZwSuspendThread SSDT 866CBC62 svchost.exe [960.1044] ZwTerminateThread SSDT 866CC3BC svchost.exe [960.1044] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [960:656] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [960.656] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [960.656] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [960.656] ZwEnumerateKey SSDT 866CBF9E svchost.exe [960.656] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [960.656] ZwOpenKey SSDT 866CBAF5 svchost.exe [960.656] ZwOpenProcess SSDT 866CBB7D svchost.exe [960.656] ZwOpenThread SSDT 866CC432 svchost.exe [960.656] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [960.656] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [960.656] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [960.656] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [960.656] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [960.656] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [960.656] ZwSetContextThread SSDT 866CC0DB svchost.exe [960.656] ZwSetValueKey SSDT 866C9D8D svchost.exe [960.656] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [960.656] ZwSuspendThread SSDT 866CBC62 svchost.exe [960.656] ZwTerminateThread SSDT 866CC3BC svchost.exe [960.656] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [960:1148] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [960.1148] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [960.1148] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [960.1148] ZwEnumerateKey SSDT 866CBF9E svchost.exe [960.1148] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [960.1148] ZwOpenKey SSDT 866CBAF5 svchost.exe [960.1148] ZwOpenProcess SSDT 866CBB7D svchost.exe [960.1148] ZwOpenThread SSDT 866CC432 svchost.exe [960.1148] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [960.1148] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [960.1148] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [960.1148] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [960.1148] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [960.1148] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [960.1148] ZwSetContextThread SSDT 866CC0DB svchost.exe [960.1148] ZwSetValueKey SSDT 866C9D8D svchost.exe [960.1148] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [960.1148] ZwSuspendThread SSDT 866CBC62 svchost.exe [960.1148] ZwTerminateThread SSDT 866CC3BC svchost.exe [960.1148] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [960:1348] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [960.1348] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [960.1348] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [960.1348] ZwEnumerateKey SSDT 866CBF9E svchost.exe [960.1348] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [960.1348] ZwOpenKey SSDT 866CBAF5 svchost.exe [960.1348] ZwOpenProcess SSDT 866CBB7D svchost.exe [960.1348] ZwOpenThread SSDT 866CC432 svchost.exe [960.1348] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [960.1348] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [960.1348] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [960.1348] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [960.1348] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [960.1348] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [960.1348] ZwSetContextThread SSDT 866CC0DB svchost.exe [960.1348] ZwSetValueKey SSDT 866C9D8D svchost.exe [960.1348] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [960.1348] ZwSuspendThread SSDT 866CBC62 svchost.exe [960.1348] ZwTerminateThread SSDT 866CC3BC svchost.exe [960.1348] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [960:1420] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [960.1420] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [960.1420] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [960.1420] ZwEnumerateKey SSDT 866CBF9E svchost.exe [960.1420] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [960.1420] ZwOpenKey SSDT 866CBAF5 svchost.exe [960.1420] ZwOpenProcess SSDT 866CBB7D svchost.exe [960.1420] ZwOpenThread SSDT 866CC432 svchost.exe [960.1420] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [960.1420] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [960.1420] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [960.1420] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [960.1420] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [960.1420] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [960.1420] ZwSetContextThread SSDT 866CC0DB svchost.exe [960.1420] ZwSetValueKey SSDT 866C9D8D svchost.exe [960.1420] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [960.1420] ZwSuspendThread SSDT 866CBC62 svchost.exe [960.1420] ZwTerminateThread SSDT 866CC3BC svchost.exe [960.1420] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [960:1368] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [960.1368] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [960.1368] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [960.1368] ZwEnumerateKey SSDT 866CBF9E svchost.exe [960.1368] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [960.1368] ZwOpenKey SSDT 866CBAF5 svchost.exe [960.1368] ZwOpenProcess SSDT 866CBB7D svchost.exe [960.1368] ZwOpenThread SSDT 866CC432 svchost.exe [960.1368] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [960.1368] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [960.1368] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [960.1368] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [960.1368] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [960.1368] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [960.1368] ZwSetContextThread SSDT 866CC0DB svchost.exe [960.1368] ZwSetValueKey SSDT 866C9D8D svchost.exe [960.1368] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [960.1368] ZwSuspendThread SSDT 866CBC62 svchost.exe [960.1368] ZwTerminateThread SSDT 866CC3BC svchost.exe [960.1368] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [960:1456] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [960.1456] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [960.1456] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [960.1456] ZwEnumerateKey SSDT 866CBF9E svchost.exe [960.1456] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [960.1456] ZwOpenKey SSDT 866CBAF5 svchost.exe [960.1456] ZwOpenProcess SSDT 866CBB7D svchost.exe [960.1456] ZwOpenThread SSDT 866CC432 svchost.exe [960.1456] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [960.1456] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [960.1456] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [960.1456] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [960.1456] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [960.1456] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [960.1456] ZwSetContextThread SSDT 866CC0DB svchost.exe [960.1456] ZwSetValueKey SSDT 866C9D8D svchost.exe [960.1456] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [960.1456] ZwSuspendThread SSDT 866CBC62 svchost.exe [960.1456] ZwTerminateThread SSDT 866CC3BC svchost.exe [960.1456] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [960:1360] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [960.1360] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [960.1360] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [960.1360] ZwEnumerateKey SSDT 866CBF9E svchost.exe [960.1360] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [960.1360] ZwOpenKey SSDT 866CBAF5 svchost.exe [960.1360] ZwOpenProcess SSDT 866CBB7D svchost.exe [960.1360] ZwOpenThread SSDT 866CC432 svchost.exe [960.1360] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [960.1360] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [960.1360] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [960.1360] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [960.1360] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [960.1360] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [960.1360] ZwSetContextThread SSDT 866CC0DB svchost.exe [960.1360] ZwSetValueKey SSDT 866C9D8D svchost.exe [960.1360] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [960.1360] ZwSuspendThread SSDT 866CBC62 svchost.exe [960.1360] ZwTerminateThread SSDT 866CC3BC svchost.exe [960.1360] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [960:1512] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [960.1512] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [960.1512] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [960.1512] ZwEnumerateKey SSDT 866CBF9E svchost.exe [960.1512] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [960.1512] ZwOpenKey SSDT 866CBAF5 svchost.exe [960.1512] ZwOpenProcess SSDT 866CBB7D svchost.exe [960.1512] ZwOpenThread SSDT 866CC432 svchost.exe [960.1512] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [960.1512] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [960.1512] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [960.1512] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [960.1512] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [960.1512] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [960.1512] ZwSetContextThread SSDT 866CC0DB svchost.exe [960.1512] ZwSetValueKey SSDT 866C9D8D svchost.exe [960.1512] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [960.1512] ZwSuspendThread SSDT 866CBC62 svchost.exe [960.1512] ZwTerminateThread SSDT 866CC3BC svchost.exe [960.1512] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [960:1728] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [960.1728] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [960.1728] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [960.1728] ZwEnumerateKey SSDT 866CBF9E svchost.exe [960.1728] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [960.1728] ZwOpenKey SSDT 866CBAF5 svchost.exe [960.1728] ZwOpenProcess SSDT 866CBB7D svchost.exe [960.1728] ZwOpenThread SSDT 866CC432 svchost.exe [960.1728] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [960.1728] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [960.1728] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [960.1728] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [960.1728] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [960.1728] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [960.1728] ZwSetContextThread SSDT 866CC0DB svchost.exe [960.1728] ZwSetValueKey SSDT 866C9D8D svchost.exe [960.1728] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [960.1728] ZwSuspendThread SSDT 866CBC62 svchost.exe [960.1728] ZwTerminateThread SSDT 866CC3BC svchost.exe [960.1728] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [960:5688] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [960.5688] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [960.5688] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [960.5688] ZwEnumerateKey SSDT 866CBF9E svchost.exe [960.5688] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [960.5688] ZwOpenKey SSDT 866CBAF5 svchost.exe [960.5688] ZwOpenProcess SSDT 866CBB7D svchost.exe [960.5688] ZwOpenThread SSDT 866CC432 svchost.exe [960.5688] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [960.5688] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [960.5688] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [960.5688] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [960.5688] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [960.5688] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [960.5688] ZwSetContextThread SSDT 866CC0DB svchost.exe [960.5688] ZwSetValueKey SSDT 866C9D8D svchost.exe [960.5688] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [960.5688] ZwSuspendThread SSDT 866CBC62 svchost.exe [960.5688] ZwTerminateThread SSDT 866CC3BC svchost.exe [960.5688] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [960:4752] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [960.4752] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [960.4752] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [960.4752] ZwEnumerateKey SSDT 866CBF9E svchost.exe [960.4752] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [960.4752] ZwOpenKey SSDT 866CBAF5 svchost.exe [960.4752] ZwOpenProcess SSDT 866CBB7D svchost.exe [960.4752] ZwOpenThread SSDT 866CC432 svchost.exe [960.4752] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [960.4752] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [960.4752] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [960.4752] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [960.4752] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [960.4752] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [960.4752] ZwSetContextThread SSDT 866CC0DB svchost.exe [960.4752] ZwSetValueKey SSDT 866C9D8D svchost.exe [960.4752] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [960.4752] ZwSuspendThread SSDT 866CBC62 svchost.exe [960.4752] ZwTerminateThread SSDT 866CC3BC svchost.exe [960.4752] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1080:1084] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1080.1084] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1080.1084] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1080.1084] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1080.1084] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1080.1084] ZwOpenKey SSDT 866CBAF5 svchost.exe [1080.1084] ZwOpenProcess SSDT 866CBB7D svchost.exe [1080.1084] ZwOpenThread SSDT 866CC432 svchost.exe [1080.1084] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1080.1084] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1080.1084] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1080.1084] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1080.1084] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1080.1084] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1080.1084] ZwSetContextThread SSDT 866CC0DB svchost.exe [1080.1084] ZwSetValueKey SSDT 866C9D8D svchost.exe [1080.1084] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1080.1084] ZwSuspendThread SSDT 866CBC62 svchost.exe [1080.1084] ZwTerminateThread SSDT 866CC3BC svchost.exe [1080.1084] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1080:1088] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1080.1088] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1080.1088] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1080.1088] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1080.1088] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1080.1088] ZwOpenKey SSDT 866CBAF5 svchost.exe [1080.1088] ZwOpenProcess SSDT 866CBB7D svchost.exe [1080.1088] ZwOpenThread SSDT 866CC432 svchost.exe [1080.1088] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1080.1088] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1080.1088] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1080.1088] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1080.1088] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1080.1088] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1080.1088] ZwSetContextThread SSDT 866CC0DB svchost.exe [1080.1088] ZwSetValueKey SSDT 866C9D8D svchost.exe [1080.1088] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1080.1088] ZwSuspendThread SSDT 866CBC62 svchost.exe [1080.1088] ZwTerminateThread SSDT 866CC3BC svchost.exe [1080.1088] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1080:1092] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1080.1092] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1080.1092] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1080.1092] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1080.1092] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1080.1092] ZwOpenKey SSDT 866CBAF5 svchost.exe [1080.1092] ZwOpenProcess SSDT 866CBB7D svchost.exe [1080.1092] ZwOpenThread SSDT 866CC432 svchost.exe [1080.1092] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1080.1092] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1080.1092] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1080.1092] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1080.1092] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1080.1092] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1080.1092] ZwSetContextThread SSDT 866CC0DB svchost.exe [1080.1092] ZwSetValueKey SSDT 866C9D8D svchost.exe [1080.1092] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1080.1092] ZwSuspendThread SSDT 866CBC62 svchost.exe [1080.1092] ZwTerminateThread SSDT 866CC3BC svchost.exe [1080.1092] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1080:1096] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1080.1096] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1080.1096] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1080.1096] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1080.1096] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1080.1096] ZwOpenKey SSDT 866CBAF5 svchost.exe [1080.1096] ZwOpenProcess SSDT 866CBB7D svchost.exe [1080.1096] ZwOpenThread SSDT 866CC432 svchost.exe [1080.1096] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1080.1096] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1080.1096] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1080.1096] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1080.1096] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1080.1096] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1080.1096] ZwSetContextThread SSDT 866CC0DB svchost.exe [1080.1096] ZwSetValueKey SSDT 866C9D8D svchost.exe [1080.1096] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1080.1096] ZwSuspendThread SSDT 866CBC62 svchost.exe [1080.1096] ZwTerminateThread SSDT 866CC3BC svchost.exe [1080.1096] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1080:1100] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1080.1100] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1080.1100] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1080.1100] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1080.1100] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1080.1100] ZwOpenKey SSDT 866CBAF5 svchost.exe [1080.1100] ZwOpenProcess SSDT 866CBB7D svchost.exe [1080.1100] ZwOpenThread SSDT 866CC432 svchost.exe [1080.1100] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1080.1100] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1080.1100] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1080.1100] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1080.1100] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1080.1100] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1080.1100] ZwSetContextThread SSDT 866CC0DB svchost.exe [1080.1100] ZwSetValueKey SSDT 866C9D8D svchost.exe [1080.1100] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1080.1100] ZwSuspendThread SSDT 866CBC62 svchost.exe [1080.1100] ZwTerminateThread SSDT 866CC3BC svchost.exe [1080.1100] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1080:1112] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1080.1112] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1080.1112] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1080.1112] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1080.1112] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1080.1112] ZwOpenKey SSDT 866CBAF5 svchost.exe [1080.1112] ZwOpenProcess SSDT 866CBB7D svchost.exe [1080.1112] ZwOpenThread SSDT 866CC432 svchost.exe [1080.1112] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1080.1112] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1080.1112] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1080.1112] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1080.1112] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1080.1112] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1080.1112] ZwSetContextThread SSDT 866CC0DB svchost.exe [1080.1112] ZwSetValueKey SSDT 866C9D8D svchost.exe [1080.1112] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1080.1112] ZwSuspendThread SSDT 866CBC62 svchost.exe [1080.1112] ZwTerminateThread SSDT 866CC3BC svchost.exe [1080.1112] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1080:828] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1080.828] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1080.828] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1080.828] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1080.828] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1080.828] ZwOpenKey SSDT 866CBAF5 svchost.exe [1080.828] ZwOpenProcess SSDT 866CBB7D svchost.exe [1080.828] ZwOpenThread SSDT 866CC432 svchost.exe [1080.828] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1080.828] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1080.828] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1080.828] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1080.828] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1080.828] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1080.828] ZwSetContextThread SSDT 866CC0DB svchost.exe [1080.828] ZwSetValueKey SSDT 866C9D8D svchost.exe [1080.828] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1080.828] ZwSuspendThread SSDT 866CBC62 svchost.exe [1080.828] ZwTerminateThread SSDT 866CC3BC svchost.exe [1080.828] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1080:7248] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1080.7248] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1080.7248] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1080.7248] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1080.7248] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1080.7248] ZwOpenKey SSDT 866CBAF5 svchost.exe [1080.7248] ZwOpenProcess SSDT 866CBB7D svchost.exe [1080.7248] ZwOpenThread SSDT 866CC432 svchost.exe [1080.7248] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1080.7248] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1080.7248] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1080.7248] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1080.7248] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1080.7248] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1080.7248] ZwSetContextThread SSDT 866CC0DB svchost.exe [1080.7248] ZwSetValueKey SSDT 866C9D8D svchost.exe [1080.7248] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1080.7248] ZwSuspendThread SSDT 866CBC62 svchost.exe [1080.7248] ZwTerminateThread SSDT 866CC3BC svchost.exe [1080.7248] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1180] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1180] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1180] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1180] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1180] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1180] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1180] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1180] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1180] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1180] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1180] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1180] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1180] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1180] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1180] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1180] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1180] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1180] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1180] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1180] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1196] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1196] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1196] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1196] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1196] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1196] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1196] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1196] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1196] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1196] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1196] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1196] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1196] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1196] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1196] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1196] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1196] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1196] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1196] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1196] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1200] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1200] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1200] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1200] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1200] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1200] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1200] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1200] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1200] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1200] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1200] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1200] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1200] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1200] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1200] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1200] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1200] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1200] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1200] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1200] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1204] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1204] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1204] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1204] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1204] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1204] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1204] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1204] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1204] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1204] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1204] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1204] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1204] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1204] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1204] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1204] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1204] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1204] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1204] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1204] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1216] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1216] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1216] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1216] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1216] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1216] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1216] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1216] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1216] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1216] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1216] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1216] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1216] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1216] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1216] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1216] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1216] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1216] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1216] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1216] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1588] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1588] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1588] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1588] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1588] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1588] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1588] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1588] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1588] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1588] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1588] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1588] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1588] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1588] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1588] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1588] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1588] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1588] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1588] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1588] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1640] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1640] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1640] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1640] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1640] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1640] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1640] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1640] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1640] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1640] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1640] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1640] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1640] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1640] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1640] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1640] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1640] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1640] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1640] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1640] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1868] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1868] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1868] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1868] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1868] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1868] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1868] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1868] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1868] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1868] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1868] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1868] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1868] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1868] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1868] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1868] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1868] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1868] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1868] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1868] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1872] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1872] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1872] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1872] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1872] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1872] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1872] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1872] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1872] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1872] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1872] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1872] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1872] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1872] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1872] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1872] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1872] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1872] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1872] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1872] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1900] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1900] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1900] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1900] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1900] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1900] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1900] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1900] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1900] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1900] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1900] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1900] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1900] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1900] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1900] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1900] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1900] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1900] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1900] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1900] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1904] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1904] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1904] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1904] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1904] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1904] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1904] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1904] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1904] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1904] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1904] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1904] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1904] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1904] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1904] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1904] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1904] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1904] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1904] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1904] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1944] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1944] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1944] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1944] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1944] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1944] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1944] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1944] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1944] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1944] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1944] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1944] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1944] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1944] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1944] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1944] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1944] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1944] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1944] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1944] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1964] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1964] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1964] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1964] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1964] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1964] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1964] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1964] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1964] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1964] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1964] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1964] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1964] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1964] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1964] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1964] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1964] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1964] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1964] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1964] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1972] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1972] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1972] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1972] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1972] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1972] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1972] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1972] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1972] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1972] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1972] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1972] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1972] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1972] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1972] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1972] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1972] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1972] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1972] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1972] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1976] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1976] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1976] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1976] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1976] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1976] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1976] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1976] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1976] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1976] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1976] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1976] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1976] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1976] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1976] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1976] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1976] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1976] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1976] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1976] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1980] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1980] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1980] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1980] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1980] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1980] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1980] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1980] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1980] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1980] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1980] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1980] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1980] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1980] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1980] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1980] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1980] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1980] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1980] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1980] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1984] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1984] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1984] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1984] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1984] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1984] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1984] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1984] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1984] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1984] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1984] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1984] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1984] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1984] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1984] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1984] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1984] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1984] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1984] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1984] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:2000] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.2000] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.2000] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.2000] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.2000] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.2000] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.2000] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.2000] ZwOpenThread SSDT 866CC432 svchost.exe [1176.2000] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.2000] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.2000] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.2000] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.2000] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.2000] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.2000] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.2000] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.2000] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.2000] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.2000] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.2000] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:2004] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.2004] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.2004] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.2004] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.2004] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.2004] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.2004] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.2004] ZwOpenThread SSDT 866CC432 svchost.exe [1176.2004] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.2004] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.2004] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.2004] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.2004] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.2004] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.2004] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.2004] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.2004] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.2004] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.2004] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.2004] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1152] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1152] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1152] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1152] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1152] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1152] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1152] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1152] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1152] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1152] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1152] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1152] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1152] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1152] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1152] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1152] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1152] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1152] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1152] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1152] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1372] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1372] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1372] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1372] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1372] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1372] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1372] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1372] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1372] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1372] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1372] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1372] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1372] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1372] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1372] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1372] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1372] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1372] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1372] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1372] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1392] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1392] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1392] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1392] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1392] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1392] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1392] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1392] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1392] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1392] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1392] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1392] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1392] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1392] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1392] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1392] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1392] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1392] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1392] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1392] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1424] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1424] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1424] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1424] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1424] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1424] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1424] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1424] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1424] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1424] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1424] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1424] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1424] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1424] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1424] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1424] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1424] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1424] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1424] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1424] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1440] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1440] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1440] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1440] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1440] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1440] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1440] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1440] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1440] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1440] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1440] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1440] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1440] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1440] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1440] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1440] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1440] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1440] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1440] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1440] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1428] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1428] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1428] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1428] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1428] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1428] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1428] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1428] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1428] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1428] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1428] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1428] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1428] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1428] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1428] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1428] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1428] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1428] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1428] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1428] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1460] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1460] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1460] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1460] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1460] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1460] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1460] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1460] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1460] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1460] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1460] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1460] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1460] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1460] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1460] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1460] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1460] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1460] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1460] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1460] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1468] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1468] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1468] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1468] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1468] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1468] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1468] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1468] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1468] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1468] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1468] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1468] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1468] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1468] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1468] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1468] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1468] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1468] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1468] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1468] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1736] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1736] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1736] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1736] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1736] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1736] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1736] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1736] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1736] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1736] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1736] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1736] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1736] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1736] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1736] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1736] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1736] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1736] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1736] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1736] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1364] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1364] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1364] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1364] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1364] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1364] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1364] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1364] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1364] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1364] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1364] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1364] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1364] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1364] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1364] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1364] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1364] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1364] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1364] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1364] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1332] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1332] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1332] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1332] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1332] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1332] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1332] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1332] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1332] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1332] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1332] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1332] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1332] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1332] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1332] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1332] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1332] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1332] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1332] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1332] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1228] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1228] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1228] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1228] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1228] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1228] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1228] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1228] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1228] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1228] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1228] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1228] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1228] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1228] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1228] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1228] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1228] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1228] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1228] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1228] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1672] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1672] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1672] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1672] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1672] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1672] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1672] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1672] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1672] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1672] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1672] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1672] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1672] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1672] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1672] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1672] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1672] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1672] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1672] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1672] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:364] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.364] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.364] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.364] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.364] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.364] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.364] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.364] ZwOpenThread SSDT 866CC432 svchost.exe [1176.364] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.364] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.364] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.364] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.364] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.364] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.364] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.364] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.364] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.364] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.364] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.364] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:576] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.576] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.576] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.576] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.576] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.576] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.576] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.576] ZwOpenThread SSDT 866CC432 svchost.exe [1176.576] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.576] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.576] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.576] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.576] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.576] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.576] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.576] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.576] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.576] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.576] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.576] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:584] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.584] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.584] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.584] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.584] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.584] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.584] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.584] ZwOpenThread SSDT 866CC432 svchost.exe [1176.584] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.584] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.584] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.584] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.584] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.584] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.584] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.584] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.584] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.584] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.584] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.584] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:588] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.588] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.588] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.588] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.588] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.588] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.588] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.588] ZwOpenThread SSDT 866CC432 svchost.exe [1176.588] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.588] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.588] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.588] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.588] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.588] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.588] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.588] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.588] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.588] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.588] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.588] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:136] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.136] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.136] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.136] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.136] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.136] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.136] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.136] ZwOpenThread SSDT 866CC432 svchost.exe [1176.136] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.136] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.136] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.136] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.136] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.136] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.136] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.136] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.136] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.136] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.136] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.136] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:596] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.596] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.596] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.596] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.596] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.596] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.596] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.596] ZwOpenThread SSDT 866CC432 svchost.exe [1176.596] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.596] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.596] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.596] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.596] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.596] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.596] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.596] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.596] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.596] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.596] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.596] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1004] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1004] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1004] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1004] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1004] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1004] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1004] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1004] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1004] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1004] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1004] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1004] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1004] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1004] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1004] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1004] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1004] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1004] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1004] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1004] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1240] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1240] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1240] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1240] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1240] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1240] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1240] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1240] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1240] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1240] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1240] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1240] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1240] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1240] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1240] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1240] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1240] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1240] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1240] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1240] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1136] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1136] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1136] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1136] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1136] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1136] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1136] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1136] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1136] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1136] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1136] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1136] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1136] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1136] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1136] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1136] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1136] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1136] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1136] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1136] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:664] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.664] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.664] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.664] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.664] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.664] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.664] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.664] ZwOpenThread SSDT 866CC432 svchost.exe [1176.664] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.664] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.664] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.664] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.664] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.664] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.664] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.664] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.664] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.664] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.664] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.664] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1220] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1220] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1220] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1220] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1220] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1220] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1220] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1220] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1220] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1220] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1220] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1220] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1220] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1220] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1220] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1220] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1220] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1220] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1220] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1220] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1296] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1296] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1296] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1296] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1296] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1296] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1296] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1296] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1296] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1296] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1296] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1296] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1296] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1296] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1296] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1296] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1296] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1296] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1296] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1296] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1304] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1304] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1304] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1304] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1304] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1304] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1304] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1304] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1304] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1304] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1304] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1304] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1304] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1304] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1304] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1304] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1304] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1304] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1304] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1304] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1320] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1320] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1320] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1320] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1320] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1320] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1320] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1320] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1320] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1320] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1320] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1320] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1320] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1320] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1320] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1320] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1320] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1320] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1320] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1320] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1544] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1544] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1544] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1544] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1544] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1544] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1544] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1544] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1544] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1544] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1544] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1544] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1544] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1544] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1544] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1544] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1544] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1544] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1544] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1544] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1632] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1632] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1632] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1632] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1632] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1632] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1632] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1632] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1632] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1632] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1632] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1632] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1632] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1632] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1632] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1632] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1632] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1632] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1632] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1632] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1716] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1716] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1716] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1716] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1716] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1716] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1716] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1716] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1716] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1716] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1716] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1716] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1716] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1716] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1716] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1716] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1716] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1716] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1716] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1716] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1752] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1752] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1752] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1752] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1752] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1752] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1752] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1752] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1752] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1752] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1752] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1752] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1752] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1752] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1752] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1752] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1752] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1752] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1752] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1752] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1852] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1852] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1852] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1852] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1852] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1852] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1852] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1852] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1852] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1852] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1852] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1852] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1852] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1852] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1852] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1852] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1852] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1852] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1852] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1852] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1408] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1408] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1408] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1408] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1408] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1408] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1408] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1408] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1408] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1408] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1408] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1408] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1408] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1408] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1408] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1408] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1408] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1408] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1408] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1408] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1880] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1880] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1880] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1880] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1880] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1880] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1880] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1880] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1880] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1880] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1880] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1880] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1880] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1880] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1880] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1880] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1880] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1880] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1880] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1880] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:2096] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.2096] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.2096] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.2096] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.2096] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.2096] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.2096] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.2096] ZwOpenThread SSDT 866CC432 svchost.exe [1176.2096] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.2096] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.2096] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.2096] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.2096] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.2096] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.2096] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.2096] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.2096] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.2096] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.2096] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.2096] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:2100] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.2100] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.2100] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.2100] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.2100] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.2100] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.2100] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.2100] ZwOpenThread SSDT 866CC432 svchost.exe [1176.2100] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.2100] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.2100] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.2100] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.2100] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.2100] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.2100] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.2100] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.2100] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.2100] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.2100] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.2100] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:2104] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.2104] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.2104] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.2104] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.2104] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.2104] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.2104] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.2104] ZwOpenThread SSDT 866CC432 svchost.exe [1176.2104] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.2104] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.2104] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.2104] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.2104] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.2104] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.2104] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.2104] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.2104] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.2104] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.2104] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.2104] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:2312] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.2312] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.2312] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.2312] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.2312] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.2312] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.2312] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.2312] ZwOpenThread SSDT 866CC432 svchost.exe [1176.2312] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.2312] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.2312] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.2312] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.2312] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.2312] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.2312] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.2312] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.2312] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.2312] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.2312] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.2312] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:2472] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.2472] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.2472] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.2472] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.2472] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.2472] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.2472] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.2472] ZwOpenThread SSDT 866CC432 svchost.exe [1176.2472] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.2472] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.2472] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.2472] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.2472] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.2472] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.2472] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.2472] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.2472] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.2472] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.2472] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.2472] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:2844] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.2844] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.2844] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.2844] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.2844] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.2844] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.2844] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.2844] ZwOpenThread SSDT 866CC432 svchost.exe [1176.2844] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.2844] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.2844] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.2844] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.2844] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.2844] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.2844] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.2844] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.2844] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.2844] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.2844] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.2844] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:3248] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.3248] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.3248] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.3248] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.3248] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.3248] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.3248] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.3248] ZwOpenThread SSDT 866CC432 svchost.exe [1176.3248] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.3248] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.3248] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.3248] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.3248] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.3248] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.3248] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.3248] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.3248] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.3248] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.3248] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.3248] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:2812] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.2812] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.2812] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.2812] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.2812] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.2812] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.2812] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.2812] ZwOpenThread SSDT 866CC432 svchost.exe [1176.2812] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.2812] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.2812] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.2812] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.2812] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.2812] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.2812] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.2812] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.2812] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.2812] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.2812] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.2812] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:2324] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.2324] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.2324] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.2324] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.2324] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.2324] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.2324] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.2324] ZwOpenThread SSDT 866CC432 svchost.exe [1176.2324] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.2324] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.2324] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.2324] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.2324] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.2324] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.2324] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.2324] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.2324] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.2324] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.2324] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.2324] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:2792] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.2792] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.2792] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.2792] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.2792] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.2792] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.2792] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.2792] ZwOpenThread SSDT 866CC432 svchost.exe [1176.2792] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.2792] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.2792] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.2792] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.2792] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.2792] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.2792] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.2792] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.2792] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.2792] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.2792] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.2792] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1292] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1292] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1292] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1292] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1292] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1292] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1292] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1292] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1292] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1292] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1292] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1292] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1292] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1292] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1292] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1292] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1292] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1292] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1292] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1292] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:2468] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.2468] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.2468] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.2468] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.2468] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.2468] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.2468] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.2468] ZwOpenThread SSDT 866CC432 svchost.exe [1176.2468] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.2468] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.2468] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.2468] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.2468] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.2468] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.2468] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.2468] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.2468] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.2468] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.2468] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.2468] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:2548] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.2548] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.2548] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.2548] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.2548] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.2548] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.2548] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.2548] ZwOpenThread SSDT 866CC432 svchost.exe [1176.2548] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.2548] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.2548] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.2548] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.2548] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.2548] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.2548] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.2548] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.2548] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.2548] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.2548] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.2548] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:2988] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.2988] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.2988] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.2988] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.2988] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.2988] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.2988] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.2988] ZwOpenThread SSDT 866CC432 svchost.exe [1176.2988] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.2988] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.2988] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.2988] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.2988] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.2988] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.2988] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.2988] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.2988] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.2988] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.2988] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.2988] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:3868] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.3868] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.3868] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.3868] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.3868] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.3868] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.3868] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.3868] ZwOpenThread SSDT 866CC432 svchost.exe [1176.3868] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.3868] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.3868] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.3868] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.3868] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.3868] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.3868] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.3868] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.3868] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.3868] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.3868] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.3868] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:1784] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.1784] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.1784] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.1784] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.1784] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.1784] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.1784] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.1784] ZwOpenThread SSDT 866CC432 svchost.exe [1176.1784] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.1784] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.1784] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.1784] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.1784] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.1784] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.1784] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.1784] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.1784] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.1784] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.1784] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.1784] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:5804] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.5804] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.5804] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.5804] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.5804] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.5804] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.5804] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.5804] ZwOpenThread SSDT 866CC432 svchost.exe [1176.5804] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.5804] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.5804] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.5804] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.5804] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.5804] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.5804] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.5804] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.5804] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.5804] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.5804] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.5804] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:5956] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.5956] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.5956] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.5956] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.5956] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.5956] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.5956] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.5956] ZwOpenThread SSDT 866CC432 svchost.exe [1176.5956] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.5956] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.5956] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.5956] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.5956] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.5956] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.5956] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.5956] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.5956] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.5956] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.5956] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.5956] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:7236] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.7236] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.7236] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.7236] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.7236] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.7236] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.7236] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.7236] ZwOpenThread SSDT 866CC432 svchost.exe [1176.7236] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.7236] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.7236] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.7236] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.7236] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.7236] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.7236] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.7236] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.7236] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.7236] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.7236] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.7236] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:2452] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.2452] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.2452] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.2452] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.2452] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.2452] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.2452] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.2452] ZwOpenThread SSDT 866CC432 svchost.exe [1176.2452] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.2452] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.2452] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.2452] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.2452] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.2452] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.2452] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.2452] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.2452] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.2452] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.2452] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.2452] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1176:5784] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1176.5784] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1176.5784] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1176.5784] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1176.5784] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1176.5784] ZwOpenKey SSDT 866CBAF5 svchost.exe [1176.5784] ZwOpenProcess SSDT 866CBB7D svchost.exe [1176.5784] ZwOpenThread SSDT 866CC432 svchost.exe [1176.5784] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1176.5784] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1176.5784] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1176.5784] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1176.5784] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1176.5784] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1176.5784] ZwSetContextThread SSDT 866CC0DB svchost.exe [1176.5784] ZwSetValueKey SSDT 866C9D8D svchost.exe [1176.5784] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1176.5784] ZwSuspendThread SSDT 866CBC62 svchost.exe [1176.5784] ZwTerminateThread SSDT 866CC3BC svchost.exe [1176.5784] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1184:1208] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1184.1208] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1184.1208] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1184.1208] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1184.1208] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1184.1208] ZwOpenKey SSDT 866CBAF5 svchost.exe [1184.1208] ZwOpenProcess SSDT 866CBB7D svchost.exe [1184.1208] ZwOpenThread SSDT 866CC432 svchost.exe [1184.1208] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1184.1208] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1184.1208] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1184.1208] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1184.1208] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1184.1208] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1184.1208] ZwSetContextThread SSDT 866CC0DB svchost.exe [1184.1208] ZwSetValueKey SSDT 866C9D8D svchost.exe [1184.1208] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1184.1208] ZwSuspendThread SSDT 866CBC62 svchost.exe [1184.1208] ZwTerminateThread SSDT 866CC3BC svchost.exe [1184.1208] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1184:1264] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1184.1264] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1184.1264] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1184.1264] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1184.1264] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1184.1264] ZwOpenKey SSDT 866CBAF5 svchost.exe [1184.1264] ZwOpenProcess SSDT 866CBB7D svchost.exe [1184.1264] ZwOpenThread SSDT 866CC432 svchost.exe [1184.1264] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1184.1264] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1184.1264] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1184.1264] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1184.1264] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1184.1264] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1184.1264] ZwSetContextThread SSDT 866CC0DB svchost.exe [1184.1264] ZwSetValueKey SSDT 866C9D8D svchost.exe [1184.1264] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1184.1264] ZwSuspendThread SSDT 866CBC62 svchost.exe [1184.1264] ZwTerminateThread SSDT 866CC3BC svchost.exe [1184.1264] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1184:1280] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1184.1280] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1184.1280] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1184.1280] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1184.1280] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1184.1280] ZwOpenKey SSDT 866CBAF5 svchost.exe [1184.1280] ZwOpenProcess SSDT 866CBB7D svchost.exe [1184.1280] ZwOpenThread SSDT 866CC432 svchost.exe [1184.1280] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1184.1280] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1184.1280] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1184.1280] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1184.1280] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1184.1280] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1184.1280] ZwSetContextThread SSDT 866CC0DB svchost.exe [1184.1280] ZwSetValueKey SSDT 866C9D8D svchost.exe [1184.1280] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1184.1280] ZwSuspendThread SSDT 866CBC62 svchost.exe [1184.1280] ZwTerminateThread SSDT 866CC3BC svchost.exe [1184.1280] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1184:1236] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1184.1236] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1184.1236] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1184.1236] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1184.1236] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1184.1236] ZwOpenKey SSDT 866CBAF5 svchost.exe [1184.1236] ZwOpenProcess SSDT 866CBB7D svchost.exe [1184.1236] ZwOpenThread SSDT 866CC432 svchost.exe [1184.1236] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1184.1236] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1184.1236] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1184.1236] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1184.1236] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1184.1236] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1184.1236] ZwSetContextThread SSDT 866CC0DB svchost.exe [1184.1236] ZwSetValueKey SSDT 866C9D8D svchost.exe [1184.1236] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1184.1236] ZwSuspendThread SSDT 866CBC62 svchost.exe [1184.1236] ZwTerminateThread SSDT 866CC3BC svchost.exe [1184.1236] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1340:1344] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1340.1344] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1340.1344] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1340.1344] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1340.1344] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1340.1344] ZwOpenKey SSDT 866CBAF5 svchost.exe [1340.1344] ZwOpenProcess SSDT 866CBB7D svchost.exe [1340.1344] ZwOpenThread SSDT 866CC432 svchost.exe [1340.1344] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1340.1344] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1340.1344] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1340.1344] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1340.1344] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1340.1344] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1340.1344] ZwSetContextThread SSDT 866CC0DB svchost.exe [1340.1344] ZwSetValueKey SSDT 866C9D8D svchost.exe [1340.1344] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1340.1344] ZwSuspendThread SSDT 866CBC62 svchost.exe [1340.1344] ZwTerminateThread SSDT 866CC3BC svchost.exe [1340.1344] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1340:1564] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1340.1564] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1340.1564] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1340.1564] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1340.1564] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1340.1564] ZwOpenKey SSDT 866CBAF5 svchost.exe [1340.1564] ZwOpenProcess SSDT 866CBB7D svchost.exe [1340.1564] ZwOpenThread SSDT 866CC432 svchost.exe [1340.1564] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1340.1564] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1340.1564] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1340.1564] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1340.1564] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1340.1564] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1340.1564] ZwSetContextThread SSDT 866CC0DB svchost.exe [1340.1564] ZwSetValueKey SSDT 866C9D8D svchost.exe [1340.1564] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1340.1564] ZwSuspendThread SSDT 866CBC62 svchost.exe [1340.1564] ZwTerminateThread SSDT 866CC3BC svchost.exe [1340.1564] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1340:1568] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1340.1568] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1340.1568] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1340.1568] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1340.1568] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1340.1568] ZwOpenKey SSDT 866CBAF5 svchost.exe [1340.1568] ZwOpenProcess SSDT 866CBB7D svchost.exe [1340.1568] ZwOpenThread SSDT 866CC432 svchost.exe [1340.1568] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1340.1568] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1340.1568] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1340.1568] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1340.1568] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1340.1568] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1340.1568] ZwSetContextThread SSDT 866CC0DB svchost.exe [1340.1568] ZwSetValueKey SSDT 866C9D8D svchost.exe [1340.1568] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1340.1568] ZwSuspendThread SSDT 866CBC62 svchost.exe [1340.1568] ZwTerminateThread SSDT 866CC3BC svchost.exe [1340.1568] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1340:1572] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1340.1572] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1340.1572] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1340.1572] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1340.1572] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1340.1572] ZwOpenKey SSDT 866CBAF5 svchost.exe [1340.1572] ZwOpenProcess SSDT 866CBB7D svchost.exe [1340.1572] ZwOpenThread SSDT 866CC432 svchost.exe [1340.1572] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1340.1572] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1340.1572] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1340.1572] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1340.1572] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1340.1572] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1340.1572] ZwSetContextThread SSDT 866CC0DB svchost.exe [1340.1572] ZwSetValueKey SSDT 866C9D8D svchost.exe [1340.1572] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1340.1572] ZwSuspendThread SSDT 866CBC62 svchost.exe [1340.1572] ZwTerminateThread SSDT 866CC3BC svchost.exe [1340.1572] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1340:1576] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1340.1576] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1340.1576] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1340.1576] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1340.1576] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1340.1576] ZwOpenKey SSDT 866CBAF5 svchost.exe [1340.1576] ZwOpenProcess SSDT 866CBB7D svchost.exe [1340.1576] ZwOpenThread SSDT 866CC432 svchost.exe [1340.1576] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1340.1576] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1340.1576] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1340.1576] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1340.1576] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1340.1576] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1340.1576] ZwSetContextThread SSDT 866CC0DB svchost.exe [1340.1576] ZwSetValueKey SSDT 866C9D8D svchost.exe [1340.1576] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1340.1576] ZwSuspendThread SSDT 866CBC62 svchost.exe [1340.1576] ZwTerminateThread SSDT 866CC3BC svchost.exe [1340.1576] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread LSSrvc.exe [1432:1416] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys LSSrvc.exe [1432.1416] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED LSSrvc.exe [1432.1416] ZwDeleteValueKey SSDT 866CBE85 LSSrvc.exe [1432.1416] ZwEnumerateKey SSDT 866CBF9E LSSrvc.exe [1432.1416] ZwEnumerateValueKey SSDT 866CBDBB LSSrvc.exe [1432.1416] ZwOpenKey SSDT 866CBAF5 LSSrvc.exe [1432.1416] ZwOpenProcess SSDT 866CBB7D LSSrvc.exe [1432.1416] ZwOpenThread SSDT 866CC432 LSSrvc.exe [1432.1416] ZwProtectVirtualMemory SSDT 866CC609 LSSrvc.exe [1432.1416] ZwQueryDirectoryFile SSDT sphj.sys LSSrvc.exe [1432.1416] ZwQueryKey [0xF740220A] SSDT 866CB9A2 LSSrvc.exe [1432.1416] ZwQuerySystemInformation SSDT sphj.sys LSSrvc.exe [1432.1416] ZwQueryValueKey [0xF740208A] SSDT 866CC346 LSSrvc.exe [1432.1416] ZwReadVirtualMemory SSDT 866CBD48 LSSrvc.exe [1432.1416] ZwSetContextThread SSDT 866CC0DB LSSrvc.exe [1432.1416] ZwSetValueKey SSDT 866C9D8D LSSrvc.exe [1432.1416] ZwShutdownSystem SSDT 866CBCD5 LSSrvc.exe [1432.1416] ZwSuspendThread SSDT 866CBC62 LSSrvc.exe [1432.1416] ZwTerminateThread SSDT 866CC3BC LSSrvc.exe [1432.1416] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread LSSrvc.exe [1432:1472] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys LSSrvc.exe [1432.1472] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED LSSrvc.exe [1432.1472] ZwDeleteValueKey SSDT 866CBE85 LSSrvc.exe [1432.1472] ZwEnumerateKey SSDT 866CBF9E LSSrvc.exe [1432.1472] ZwEnumerateValueKey SSDT 866CBDBB LSSrvc.exe [1432.1472] ZwOpenKey SSDT 866CBAF5 LSSrvc.exe [1432.1472] ZwOpenProcess SSDT 866CBB7D LSSrvc.exe [1432.1472] ZwOpenThread SSDT 866CC432 LSSrvc.exe [1432.1472] ZwProtectVirtualMemory SSDT 866CC609 LSSrvc.exe [1432.1472] ZwQueryDirectoryFile SSDT sphj.sys LSSrvc.exe [1432.1472] ZwQueryKey [0xF740220A] SSDT 866CB9A2 LSSrvc.exe [1432.1472] ZwQuerySystemInformation SSDT sphj.sys LSSrvc.exe [1432.1472] ZwQueryValueKey [0xF740208A] SSDT 866CC346 LSSrvc.exe [1432.1472] ZwReadVirtualMemory SSDT 866CBD48 LSSrvc.exe [1432.1472] ZwSetContextThread SSDT 866CC0DB LSSrvc.exe [1432.1472] ZwSetValueKey SSDT 866C9D8D LSSrvc.exe [1432.1472] ZwShutdownSystem SSDT 866CBCD5 LSSrvc.exe [1432.1472] ZwSuspendThread SSDT 866CBC62 LSSrvc.exe [1432.1472] ZwTerminateThread SSDT 866CC3BC LSSrvc.exe [1432.1472] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread ati2evxx.exe [1492:1496] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys ati2evxx.exe [1492.1496] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED ati2evxx.exe [1492.1496] ZwDeleteValueKey SSDT 866CBE85 ati2evxx.exe [1492.1496] ZwEnumerateKey SSDT 866CBF9E ati2evxx.exe [1492.1496] ZwEnumerateValueKey SSDT 866CBDBB ati2evxx.exe [1492.1496] ZwOpenKey SSDT 866CBAF5 ati2evxx.exe [1492.1496] ZwOpenProcess SSDT 866CBB7D ati2evxx.exe [1492.1496] ZwOpenThread SSDT 866CC432 ati2evxx.exe [1492.1496] ZwProtectVirtualMemory SSDT 866CC609 ati2evxx.exe [1492.1496] ZwQueryDirectoryFile SSDT sphj.sys ati2evxx.exe [1492.1496] ZwQueryKey [0xF740220A] SSDT 866CB9A2 ati2evxx.exe [1492.1496] ZwQuerySystemInformation SSDT sphj.sys ati2evxx.exe [1492.1496] ZwQueryValueKey [0xF740208A] SSDT 866CC346 ati2evxx.exe [1492.1496] ZwReadVirtualMemory SSDT 866CBD48 ati2evxx.exe [1492.1496] ZwSetContextThread SSDT 866CC0DB ati2evxx.exe [1492.1496] ZwSetValueKey SSDT 866C9D8D ati2evxx.exe [1492.1496] ZwShutdownSystem SSDT 866CBCD5 ati2evxx.exe [1492.1496] ZwSuspendThread SSDT 866CBC62 ati2evxx.exe [1492.1496] ZwTerminateThread SSDT 866CC3BC ati2evxx.exe [1492.1496] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread ati2evxx.exe [1492:1676] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys ati2evxx.exe [1492.1676] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED ati2evxx.exe [1492.1676] ZwDeleteValueKey SSDT 866CBE85 ati2evxx.exe [1492.1676] ZwEnumerateKey SSDT 866CBF9E ati2evxx.exe [1492.1676] ZwEnumerateValueKey SSDT 866CBDBB ati2evxx.exe [1492.1676] ZwOpenKey SSDT 866CBAF5 ati2evxx.exe [1492.1676] ZwOpenProcess SSDT 866CBB7D ati2evxx.exe [1492.1676] ZwOpenThread SSDT 866CC432 ati2evxx.exe [1492.1676] ZwProtectVirtualMemory SSDT 866CC609 ati2evxx.exe [1492.1676] ZwQueryDirectoryFile SSDT sphj.sys ati2evxx.exe [1492.1676] ZwQueryKey [0xF740220A] SSDT 866CB9A2 ati2evxx.exe [1492.1676] ZwQuerySystemInformation SSDT sphj.sys ati2evxx.exe [1492.1676] ZwQueryValueKey [0xF740208A] SSDT 866CC346 ati2evxx.exe [1492.1676] ZwReadVirtualMemory SSDT 866CBD48 ati2evxx.exe [1492.1676] ZwSetContextThread SSDT 866CC0DB ati2evxx.exe [1492.1676] ZwSetValueKey SSDT 866C9D8D ati2evxx.exe [1492.1676] ZwShutdownSystem SSDT 866CBCD5 ati2evxx.exe [1492.1676] ZwSuspendThread SSDT 866CBC62 ati2evxx.exe [1492.1676] ZwTerminateThread SSDT 866CC3BC ati2evxx.exe [1492.1676] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread ati2evxx.exe [1492:1680] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys ati2evxx.exe [1492.1680] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED ati2evxx.exe [1492.1680] ZwDeleteValueKey SSDT 866CBE85 ati2evxx.exe [1492.1680] ZwEnumerateKey SSDT 866CBF9E ati2evxx.exe [1492.1680] ZwEnumerateValueKey SSDT 866CBDBB ati2evxx.exe [1492.1680] ZwOpenKey SSDT 866CBAF5 ati2evxx.exe [1492.1680] ZwOpenProcess SSDT 866CBB7D ati2evxx.exe [1492.1680] ZwOpenThread SSDT 866CC432 ati2evxx.exe [1492.1680] ZwProtectVirtualMemory SSDT 866CC609 ati2evxx.exe [1492.1680] ZwQueryDirectoryFile SSDT sphj.sys ati2evxx.exe [1492.1680] ZwQueryKey [0xF740220A] SSDT 866CB9A2 ati2evxx.exe [1492.1680] ZwQuerySystemInformation SSDT sphj.sys ati2evxx.exe [1492.1680] ZwQueryValueKey [0xF740208A] SSDT 866CC346 ati2evxx.exe [1492.1680] ZwReadVirtualMemory SSDT 866CBD48 ati2evxx.exe [1492.1680] ZwSetContextThread SSDT 866CC0DB ati2evxx.exe [1492.1680] ZwSetValueKey SSDT 866C9D8D ati2evxx.exe [1492.1680] ZwShutdownSystem SSDT 866CBCD5 ati2evxx.exe [1492.1680] ZwSuspendThread SSDT 866CBC62 ati2evxx.exe [1492.1680] ZwTerminateThread SSDT 866CC3BC ati2evxx.exe [1492.1680] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread ati2evxx.exe [1492:316] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys ati2evxx.exe [1492.316] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED ati2evxx.exe [1492.316] ZwDeleteValueKey SSDT 866CBE85 ati2evxx.exe [1492.316] ZwEnumerateKey SSDT 866CBF9E ati2evxx.exe [1492.316] ZwEnumerateValueKey SSDT 866CBDBB ati2evxx.exe [1492.316] ZwOpenKey SSDT 866CBAF5 ati2evxx.exe [1492.316] ZwOpenProcess SSDT 866CBB7D ati2evxx.exe [1492.316] ZwOpenThread SSDT 866CC432 ati2evxx.exe [1492.316] ZwProtectVirtualMemory SSDT 866CC609 ati2evxx.exe [1492.316] ZwQueryDirectoryFile SSDT sphj.sys ati2evxx.exe [1492.316] ZwQueryKey [0xF740220A] SSDT 866CB9A2 ati2evxx.exe [1492.316] ZwQuerySystemInformation SSDT sphj.sys ati2evxx.exe [1492.316] ZwQueryValueKey [0xF740208A] SSDT 866CC346 ati2evxx.exe [1492.316] ZwReadVirtualMemory SSDT 866CBD48 ati2evxx.exe [1492.316] ZwSetContextThread SSDT 866CC0DB ati2evxx.exe [1492.316] ZwSetValueKey SSDT 866C9D8D ati2evxx.exe [1492.316] ZwShutdownSystem SSDT 866CBCD5 ati2evxx.exe [1492.316] ZwSuspendThread SSDT 866CBC62 ati2evxx.exe [1492.316] ZwTerminateThread SSDT 866CC3BC ati2evxx.exe [1492.316] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1692:1696] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1692.1696] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1692.1696] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1692.1696] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1692.1696] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1692.1696] ZwOpenKey SSDT 866CBAF5 svchost.exe [1692.1696] ZwOpenProcess SSDT 866CBB7D svchost.exe [1692.1696] ZwOpenThread SSDT 866CC432 svchost.exe [1692.1696] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1692.1696] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1692.1696] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1692.1696] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1692.1696] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1692.1696] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1692.1696] ZwSetContextThread SSDT 866CC0DB svchost.exe [1692.1696] ZwSetValueKey SSDT 866C9D8D svchost.exe [1692.1696] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1692.1696] ZwSuspendThread SSDT 866CBC62 svchost.exe [1692.1696] ZwTerminateThread SSDT 866CC3BC svchost.exe [1692.1696] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1692:1776] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1692.1776] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1692.1776] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1692.1776] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1692.1776] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1692.1776] ZwOpenKey SSDT 866CBAF5 svchost.exe [1692.1776] ZwOpenProcess SSDT 866CBB7D svchost.exe [1692.1776] ZwOpenThread SSDT 866CC432 svchost.exe [1692.1776] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1692.1776] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1692.1776] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1692.1776] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1692.1776] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1692.1776] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1692.1776] ZwSetContextThread SSDT 866CC0DB svchost.exe [1692.1776] ZwSetValueKey SSDT 866C9D8D svchost.exe [1692.1776] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1692.1776] ZwSuspendThread SSDT 866CBC62 svchost.exe [1692.1776] ZwTerminateThread SSDT 866CC3BC svchost.exe [1692.1776] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1692:1780] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1692.1780] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1692.1780] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1692.1780] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1692.1780] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1692.1780] ZwOpenKey SSDT 866CBAF5 svchost.exe [1692.1780] ZwOpenProcess SSDT 866CBB7D svchost.exe [1692.1780] ZwOpenThread SSDT 866CC432 svchost.exe [1692.1780] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1692.1780] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1692.1780] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1692.1780] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1692.1780] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1692.1780] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1692.1780] ZwSetContextThread SSDT 866CC0DB svchost.exe [1692.1780] ZwSetValueKey SSDT 866C9D8D svchost.exe [1692.1780] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1692.1780] ZwSuspendThread SSDT 866CBC62 svchost.exe [1692.1780] ZwTerminateThread SSDT 866CC3BC svchost.exe [1692.1780] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1692:6672] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1692.6672] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1692.6672] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1692.6672] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1692.6672] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1692.6672] ZwOpenKey SSDT 866CBAF5 svchost.exe [1692.6672] ZwOpenProcess SSDT 866CBB7D svchost.exe [1692.6672] ZwOpenThread SSDT 866CC432 svchost.exe [1692.6672] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1692.6672] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1692.6672] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1692.6672] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1692.6672] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1692.6672] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1692.6672] ZwSetContextThread SSDT 866CC0DB svchost.exe [1692.6672] ZwSetValueKey SSDT 866C9D8D svchost.exe [1692.6672] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1692.6672] ZwSuspendThread SSDT 866CBC62 svchost.exe [1692.6672] ZwTerminateThread SSDT 866CC3BC svchost.exe [1692.6672] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1692:820] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1692.820] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1692.820] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1692.820] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1692.820] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1692.820] ZwOpenKey SSDT 866CBAF5 svchost.exe [1692.820] ZwOpenProcess SSDT 866CBB7D svchost.exe [1692.820] ZwOpenThread SSDT 866CC432 svchost.exe [1692.820] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1692.820] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1692.820] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1692.820] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1692.820] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1692.820] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1692.820] ZwSetContextThread SSDT 866CC0DB svchost.exe [1692.820] ZwSetValueKey SSDT 866C9D8D svchost.exe [1692.820] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1692.820] ZwSuspendThread SSDT 866CBC62 svchost.exe [1692.820] ZwTerminateThread SSDT 866CC3BC svchost.exe [1692.820] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1700:1704] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1700.1704] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1700.1704] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1700.1704] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1700.1704] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1700.1704] ZwOpenKey SSDT 866CBAF5 svchost.exe [1700.1704] ZwOpenProcess SSDT 866CBB7D svchost.exe [1700.1704] ZwOpenThread SSDT 866CC432 svchost.exe [1700.1704] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1700.1704] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1700.1704] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1700.1704] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1700.1704] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1700.1704] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1700.1704] ZwSetContextThread SSDT 866CC0DB svchost.exe [1700.1704] ZwSetValueKey SSDT 866C9D8D svchost.exe [1700.1704] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1700.1704] ZwSuspendThread SSDT 866CBC62 svchost.exe [1700.1704] ZwTerminateThread SSDT 866CC3BC svchost.exe [1700.1704] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1700:1960] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1700.1960] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1700.1960] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1700.1960] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1700.1960] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1700.1960] ZwOpenKey SSDT 866CBAF5 svchost.exe [1700.1960] ZwOpenProcess SSDT 866CBB7D svchost.exe [1700.1960] ZwOpenThread SSDT 866CC432 svchost.exe [1700.1960] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1700.1960] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1700.1960] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1700.1960] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1700.1960] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1700.1960] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1700.1960] ZwSetContextThread SSDT 866CC0DB svchost.exe [1700.1960] ZwSetValueKey SSDT 866C9D8D svchost.exe [1700.1960] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1700.1960] ZwSuspendThread SSDT 866CBC62 svchost.exe [1700.1960] ZwTerminateThread SSDT 866CC3BC svchost.exe [1700.1960] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1700:308] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1700.308] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1700.308] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1700.308] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1700.308] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1700.308] ZwOpenKey SSDT 866CBAF5 svchost.exe [1700.308] ZwOpenProcess SSDT 866CBB7D svchost.exe [1700.308] ZwOpenThread SSDT 866CC432 svchost.exe [1700.308] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1700.308] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1700.308] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1700.308] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1700.308] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1700.308] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1700.308] ZwSetContextThread SSDT 866CC0DB svchost.exe [1700.308] ZwSetValueKey SSDT 866C9D8D svchost.exe [1700.308] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1700.308] ZwSuspendThread SSDT 866CBC62 svchost.exe [1700.308] ZwTerminateThread SSDT 866CC3BC svchost.exe [1700.308] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1700:3520] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1700.3520] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1700.3520] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1700.3520] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1700.3520] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1700.3520] ZwOpenKey SSDT 866CBAF5 svchost.exe [1700.3520] ZwOpenProcess SSDT 866CBB7D svchost.exe [1700.3520] ZwOpenThread SSDT 866CC432 svchost.exe [1700.3520] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1700.3520] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1700.3520] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1700.3520] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1700.3520] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1700.3520] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1700.3520] ZwSetContextThread SSDT 866CC0DB svchost.exe [1700.3520] ZwSetValueKey SSDT 866C9D8D svchost.exe [1700.3520] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1700.3520] ZwSuspendThread SSDT 866CBC62 svchost.exe [1700.3520] ZwTerminateThread SSDT 866CC3BC svchost.exe [1700.3520] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1700:3584] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1700.3584] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1700.3584] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1700.3584] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1700.3584] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1700.3584] ZwOpenKey SSDT 866CBAF5 svchost.exe [1700.3584] ZwOpenProcess SSDT 866CBB7D svchost.exe [1700.3584] ZwOpenThread SSDT 866CC432 svchost.exe [1700.3584] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1700.3584] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1700.3584] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1700.3584] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1700.3584] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1700.3584] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1700.3584] ZwSetContextThread SSDT 866CC0DB svchost.exe [1700.3584] ZwSetValueKey SSDT 866C9D8D svchost.exe [1700.3584] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1700.3584] ZwSuspendThread SSDT 866CBC62 svchost.exe [1700.3584] ZwTerminateThread SSDT 866CC3BC svchost.exe [1700.3584] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread explorer.exe [1788:1792] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys explorer.exe [1788.1792] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED explorer.exe [1788.1792] ZwDeleteValueKey SSDT 866CBE85 explorer.exe [1788.1792] ZwEnumerateKey SSDT 866CBF9E explorer.exe [1788.1792] ZwEnumerateValueKey SSDT 866CBDBB explorer.exe [1788.1792] ZwOpenKey SSDT 866CBAF5 explorer.exe [1788.1792] ZwOpenProcess SSDT 866CBB7D explorer.exe [1788.1792] ZwOpenThread SSDT 866CC432 explorer.exe [1788.1792] ZwProtectVirtualMemory SSDT 866CC609 explorer.exe [1788.1792] ZwQueryDirectoryFile SSDT sphj.sys explorer.exe [1788.1792] ZwQueryKey [0xF740220A] SSDT 866CB9A2 explorer.exe [1788.1792] ZwQuerySystemInformation SSDT sphj.sys explorer.exe [1788.1792] ZwQueryValueKey [0xF740208A] SSDT 866CC346 explorer.exe [1788.1792] ZwReadVirtualMemory SSDT 866CBD48 explorer.exe [1788.1792] ZwSetContextThread SSDT 866CC0DB explorer.exe [1788.1792] ZwSetValueKey SSDT 866C9D8D explorer.exe [1788.1792] ZwShutdownSystem SSDT 866CBCD5 explorer.exe [1788.1792] ZwSuspendThread SSDT 866CBC62 explorer.exe [1788.1792] ZwTerminateThread SSDT 866CC3BC explorer.exe [1788.1792] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread explorer.exe [1788:1940] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys explorer.exe [1788.1940] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED explorer.exe [1788.1940] ZwDeleteValueKey SSDT 866CBE85 explorer.exe [1788.1940] ZwEnumerateKey SSDT 866CBF9E explorer.exe [1788.1940] ZwEnumerateValueKey SSDT 866CBDBB explorer.exe [1788.1940] ZwOpenKey SSDT 866CBAF5 explorer.exe [1788.1940] ZwOpenProcess SSDT 866CBB7D explorer.exe [1788.1940] ZwOpenThread SSDT 866CC432 explorer.exe [1788.1940] ZwProtectVirtualMemory SSDT 866CC609 explorer.exe [1788.1940] ZwQueryDirectoryFile SSDT sphj.sys explorer.exe [1788.1940] ZwQueryKey [0xF740220A] SSDT 866CB9A2 explorer.exe [1788.1940] ZwQuerySystemInformation SSDT sphj.sys explorer.exe [1788.1940] ZwQueryValueKey [0xF740208A] SSDT 866CC346 explorer.exe [1788.1940] ZwReadVirtualMemory SSDT 866CBD48 explorer.exe [1788.1940] ZwSetContextThread SSDT 866CC0DB explorer.exe [1788.1940] ZwSetValueKey SSDT 866C9D8D explorer.exe [1788.1940] ZwShutdownSystem SSDT 866CBCD5 explorer.exe [1788.1940] ZwSuspendThread SSDT 866CBC62 explorer.exe [1788.1940] ZwTerminateThread SSDT 866CC3BC explorer.exe [1788.1940] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread explorer.exe [1788:1948] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys explorer.exe [1788.1948] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED explorer.exe [1788.1948] ZwDeleteValueKey SSDT 866CBE85 explorer.exe [1788.1948] ZwEnumerateKey SSDT 866CBF9E explorer.exe [1788.1948] ZwEnumerateValueKey SSDT 866CBDBB explorer.exe [1788.1948] ZwOpenKey SSDT 866CBAF5 explorer.exe [1788.1948] ZwOpenProcess SSDT 866CBB7D explorer.exe [1788.1948] ZwOpenThread SSDT 866CC432 explorer.exe [1788.1948] ZwProtectVirtualMemory SSDT 866CC609 explorer.exe [1788.1948] ZwQueryDirectoryFile SSDT sphj.sys explorer.exe [1788.1948] ZwQueryKey [0xF740220A] SSDT 866CB9A2 explorer.exe [1788.1948] ZwQuerySystemInformation SSDT sphj.sys explorer.exe [1788.1948] ZwQueryValueKey [0xF740208A] SSDT 866CC346 explorer.exe [1788.1948] ZwReadVirtualMemory SSDT 866CBD48 explorer.exe [1788.1948] ZwSetContextThread SSDT 866CC0DB explorer.exe [1788.1948] ZwSetValueKey SSDT 866C9D8D explorer.exe [1788.1948] ZwShutdownSystem SSDT 866CBCD5 explorer.exe [1788.1948] ZwSuspendThread SSDT 866CBC62 explorer.exe [1788.1948] ZwTerminateThread SSDT 866CC3BC explorer.exe [1788.1948] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread explorer.exe [1788:1956] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys explorer.exe [1788.1956] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED explorer.exe [1788.1956] ZwDeleteValueKey SSDT 866CBE85 explorer.exe [1788.1956] ZwEnumerateKey SSDT 866CBF9E explorer.exe [1788.1956] ZwEnumerateValueKey SSDT 866CBDBB explorer.exe [1788.1956] ZwOpenKey SSDT 866CBAF5 explorer.exe [1788.1956] ZwOpenProcess SSDT 866CBB7D explorer.exe [1788.1956] ZwOpenThread SSDT 866CC432 explorer.exe [1788.1956] ZwProtectVirtualMemory SSDT 866CC609 explorer.exe [1788.1956] ZwQueryDirectoryFile SSDT sphj.sys explorer.exe [1788.1956] ZwQueryKey [0xF740220A] SSDT 866CB9A2 explorer.exe [1788.1956] ZwQuerySystemInformation SSDT sphj.sys explorer.exe [1788.1956] ZwQueryValueKey [0xF740208A] SSDT 866CC346 explorer.exe [1788.1956] ZwReadVirtualMemory SSDT 866CBD48 explorer.exe [1788.1956] ZwSetContextThread SSDT 866CC0DB explorer.exe [1788.1956] ZwSetValueKey SSDT 866C9D8D explorer.exe [1788.1956] ZwShutdownSystem SSDT 866CBCD5 explorer.exe [1788.1956] ZwSuspendThread SSDT 866CBC62 explorer.exe [1788.1956] ZwTerminateThread SSDT 866CC3BC explorer.exe [1788.1956] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread explorer.exe [1788:2040] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys explorer.exe [1788.2040] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED explorer.exe [1788.2040] ZwDeleteValueKey SSDT 866CBE85 explorer.exe [1788.2040] ZwEnumerateKey SSDT 866CBF9E explorer.exe [1788.2040] ZwEnumerateValueKey SSDT 866CBDBB explorer.exe [1788.2040] ZwOpenKey SSDT 866CBAF5 explorer.exe [1788.2040] ZwOpenProcess SSDT 866CBB7D explorer.exe [1788.2040] ZwOpenThread SSDT 866CC432 explorer.exe [1788.2040] ZwProtectVirtualMemory SSDT 866CC609 explorer.exe [1788.2040] ZwQueryDirectoryFile SSDT sphj.sys explorer.exe [1788.2040] ZwQueryKey [0xF740220A] SSDT 866CB9A2 explorer.exe [1788.2040] ZwQuerySystemInformation SSDT sphj.sys explorer.exe [1788.2040] ZwQueryValueKey [0xF740208A] SSDT 866CC346 explorer.exe [1788.2040] ZwReadVirtualMemory SSDT 866CBD48 explorer.exe [1788.2040] ZwSetContextThread SSDT 866CC0DB explorer.exe [1788.2040] ZwSetValueKey SSDT 866C9D8D explorer.exe [1788.2040] ZwShutdownSystem SSDT 866CBCD5 explorer.exe [1788.2040] ZwSuspendThread SSDT 866CBC62 explorer.exe [1788.2040] ZwTerminateThread SSDT 866CC3BC explorer.exe [1788.2040] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread explorer.exe [1788:116] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys explorer.exe [1788.116] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED explorer.exe [1788.116] ZwDeleteValueKey SSDT 866CBE85 explorer.exe [1788.116] ZwEnumerateKey SSDT 866CBF9E explorer.exe [1788.116] ZwEnumerateValueKey SSDT 866CBDBB explorer.exe [1788.116] ZwOpenKey SSDT 866CBAF5 explorer.exe [1788.116] ZwOpenProcess SSDT 866CBB7D explorer.exe [1788.116] ZwOpenThread SSDT 866CC432 explorer.exe [1788.116] ZwProtectVirtualMemory SSDT 866CC609 explorer.exe [1788.116] ZwQueryDirectoryFile SSDT sphj.sys explorer.exe [1788.116] ZwQueryKey [0xF740220A] SSDT 866CB9A2 explorer.exe [1788.116] ZwQuerySystemInformation SSDT sphj.sys explorer.exe [1788.116] ZwQueryValueKey [0xF740208A] SSDT 866CC346 explorer.exe [1788.116] ZwReadVirtualMemory SSDT 866CBD48 explorer.exe [1788.116] ZwSetContextThread SSDT 866CC0DB explorer.exe [1788.116] ZwSetValueKey SSDT 866C9D8D explorer.exe [1788.116] ZwShutdownSystem SSDT 866CBCD5 explorer.exe [1788.116] ZwSuspendThread SSDT 866CBC62 explorer.exe [1788.116] ZwTerminateThread SSDT 866CC3BC explorer.exe [1788.116] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread explorer.exe [1788:824] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys explorer.exe [1788.824] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED explorer.exe [1788.824] ZwDeleteValueKey SSDT 866CBE85 explorer.exe [1788.824] ZwEnumerateKey SSDT 866CBF9E explorer.exe [1788.824] ZwEnumerateValueKey SSDT 866CBDBB explorer.exe [1788.824] ZwOpenKey SSDT 866CBAF5 explorer.exe [1788.824] ZwOpenProcess SSDT 866CBB7D explorer.exe [1788.824] ZwOpenThread SSDT 866CC432 explorer.exe [1788.824] ZwProtectVirtualMemory SSDT 866CC609 explorer.exe [1788.824] ZwQueryDirectoryFile SSDT sphj.sys explorer.exe [1788.824] ZwQueryKey [0xF740220A] SSDT 866CB9A2 explorer.exe [1788.824] ZwQuerySystemInformation SSDT sphj.sys explorer.exe [1788.824] ZwQueryValueKey [0xF740208A] SSDT 866CC346 explorer.exe [1788.824] ZwReadVirtualMemory SSDT 866CBD48 explorer.exe [1788.824] ZwSetContextThread SSDT 866CC0DB explorer.exe [1788.824] ZwSetValueKey SSDT 866C9D8D explorer.exe [1788.824] ZwShutdownSystem SSDT 866CBCD5 explorer.exe [1788.824] ZwSuspendThread SSDT 866CBC62 explorer.exe [1788.824] ZwTerminateThread SSDT 866CC3BC explorer.exe [1788.824] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread explorer.exe [1788:1116] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys explorer.exe [1788.1116] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED explorer.exe [1788.1116] ZwDeleteValueKey SSDT 866CBE85 explorer.exe [1788.1116] ZwEnumerateKey SSDT 866CBF9E explorer.exe [1788.1116] ZwEnumerateValueKey SSDT 866CBDBB explorer.exe [1788.1116] ZwOpenKey SSDT 866CBAF5 explorer.exe [1788.1116] ZwOpenProcess SSDT 866CBB7D explorer.exe [1788.1116] ZwOpenThread SSDT 866CC432 explorer.exe [1788.1116] ZwProtectVirtualMemory SSDT 866CC609 explorer.exe [1788.1116] ZwQueryDirectoryFile SSDT sphj.sys explorer.exe [1788.1116] ZwQueryKey [0xF740220A] SSDT 866CB9A2 explorer.exe [1788.1116] ZwQuerySystemInformation SSDT sphj.sys explorer.exe [1788.1116] ZwQueryValueKey [0xF740208A] SSDT 866CC346 explorer.exe [1788.1116] ZwReadVirtualMemory SSDT 866CBD48 explorer.exe [1788.1116] ZwSetContextThread SSDT 866CC0DB explorer.exe [1788.1116] ZwSetValueKey SSDT 866C9D8D explorer.exe [1788.1116] ZwShutdownSystem SSDT 866CBCD5 explorer.exe [1788.1116] ZwSuspendThread SSDT 866CBC62 explorer.exe [1788.1116] ZwTerminateThread SSDT 866CC3BC explorer.exe [1788.1116] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread explorer.exe [1788:1120] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys explorer.exe [1788.1120] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED explorer.exe [1788.1120] ZwDeleteValueKey SSDT 866CBE85 explorer.exe [1788.1120] ZwEnumerateKey SSDT 866CBF9E explorer.exe [1788.1120] ZwEnumerateValueKey SSDT 866CBDBB explorer.exe [1788.1120] ZwOpenKey SSDT 866CBAF5 explorer.exe [1788.1120] ZwOpenProcess SSDT 866CBB7D explorer.exe [1788.1120] ZwOpenThread SSDT 866CC432 explorer.exe [1788.1120] ZwProtectVirtualMemory SSDT 866CC609 explorer.exe [1788.1120] ZwQueryDirectoryFile SSDT sphj.sys explorer.exe [1788.1120] ZwQueryKey [0xF740220A] SSDT 866CB9A2 explorer.exe [1788.1120] ZwQuerySystemInformation SSDT sphj.sys explorer.exe [1788.1120] ZwQueryValueKey [0xF740208A] SSDT 866CC346 explorer.exe [1788.1120] ZwReadVirtualMemory SSDT 866CBD48 explorer.exe [1788.1120] ZwSetContextThread SSDT 866CC0DB explorer.exe [1788.1120] ZwSetValueKey SSDT 866C9D8D explorer.exe [1788.1120] ZwShutdownSystem SSDT 866CBCD5 explorer.exe [1788.1120] ZwSuspendThread SSDT 866CBC62 explorer.exe [1788.1120] ZwTerminateThread SSDT 866CC3BC explorer.exe [1788.1120] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread explorer.exe [1788:1124] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys explorer.exe [1788.1124] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED explorer.exe [1788.1124] ZwDeleteValueKey SSDT 866CBE85 explorer.exe [1788.1124] ZwEnumerateKey SSDT 866CBF9E explorer.exe [1788.1124] ZwEnumerateValueKey SSDT 866CBDBB explorer.exe [1788.1124] ZwOpenKey SSDT 866CBAF5 explorer.exe [1788.1124] ZwOpenProcess SSDT 866CBB7D explorer.exe [1788.1124] ZwOpenThread SSDT 866CC432 explorer.exe [1788.1124] ZwProtectVirtualMemory SSDT 866CC609 explorer.exe [1788.1124] ZwQueryDirectoryFile SSDT sphj.sys explorer.exe [1788.1124] ZwQueryKey [0xF740220A] SSDT 866CB9A2 explorer.exe [1788.1124] ZwQuerySystemInformation SSDT sphj.sys explorer.exe [1788.1124] ZwQueryValueKey [0xF740208A] SSDT 866CC346 explorer.exe [1788.1124] ZwReadVirtualMemory SSDT 866CBD48 explorer.exe [1788.1124] ZwSetContextThread SSDT 866CC0DB explorer.exe [1788.1124] ZwSetValueKey SSDT 866C9D8D explorer.exe [1788.1124] ZwShutdownSystem SSDT 866CBCD5 explorer.exe [1788.1124] ZwSuspendThread SSDT 866CBC62 explorer.exe [1788.1124] ZwTerminateThread SSDT 866CC3BC explorer.exe [1788.1124] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread explorer.exe [1788:672] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys explorer.exe [1788.672] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED explorer.exe [1788.672] ZwDeleteValueKey SSDT 866CBE85 explorer.exe [1788.672] ZwEnumerateKey SSDT 866CBF9E explorer.exe [1788.672] ZwEnumerateValueKey SSDT 866CBDBB explorer.exe [1788.672] ZwOpenKey SSDT 866CBAF5 explorer.exe [1788.672] ZwOpenProcess SSDT 866CBB7D explorer.exe [1788.672] ZwOpenThread SSDT 866CC432 explorer.exe [1788.672] ZwProtectVirtualMemory SSDT 866CC609 explorer.exe [1788.672] ZwQueryDirectoryFile SSDT sphj.sys explorer.exe [1788.672] ZwQueryKey [0xF740220A] SSDT 866CB9A2 explorer.exe [1788.672] ZwQuerySystemInformation SSDT sphj.sys explorer.exe [1788.672] ZwQueryValueKey [0xF740208A] SSDT 866CC346 explorer.exe [1788.672] ZwReadVirtualMemory SSDT 866CBD48 explorer.exe [1788.672] ZwSetContextThread SSDT 866CC0DB explorer.exe [1788.672] ZwSetValueKey SSDT 866C9D8D explorer.exe [1788.672] ZwShutdownSystem SSDT 866CBCD5 explorer.exe [1788.672] ZwSuspendThread SSDT 866CBC62 explorer.exe [1788.672] ZwTerminateThread SSDT 866CC3BC explorer.exe [1788.672] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread explorer.exe [1788:2612] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys explorer.exe [1788.2612] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED explorer.exe [1788.2612] ZwDeleteValueKey SSDT 866CBE85 explorer.exe [1788.2612] ZwEnumerateKey SSDT 866CBF9E explorer.exe [1788.2612] ZwEnumerateValueKey SSDT 866CBDBB explorer.exe [1788.2612] ZwOpenKey SSDT 866CBAF5 explorer.exe [1788.2612] ZwOpenProcess SSDT 866CBB7D explorer.exe [1788.2612] ZwOpenThread SSDT 866CC432 explorer.exe [1788.2612] ZwProtectVirtualMemory SSDT 866CC609 explorer.exe [1788.2612] ZwQueryDirectoryFile SSDT sphj.sys explorer.exe [1788.2612] ZwQueryKey [0xF740220A] SSDT 866CB9A2 explorer.exe [1788.2612] ZwQuerySystemInformation SSDT sphj.sys explorer.exe [1788.2612] ZwQueryValueKey [0xF740208A] SSDT 866CC346 explorer.exe [1788.2612] ZwReadVirtualMemory SSDT 866CBD48 explorer.exe [1788.2612] ZwSetContextThread SSDT 866CC0DB explorer.exe [1788.2612] ZwSetValueKey SSDT 866C9D8D explorer.exe [1788.2612] ZwShutdownSystem SSDT 866CBCD5 explorer.exe [1788.2612] ZwSuspendThread SSDT 866CBC62 explorer.exe [1788.2612] ZwTerminateThread SSDT 866CC3BC explorer.exe [1788.2612] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread explorer.exe [1788:2288] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys explorer.exe [1788.2288] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED explorer.exe [1788.2288] ZwDeleteValueKey SSDT 866CBE85 explorer.exe [1788.2288] ZwEnumerateKey SSDT 866CBF9E explorer.exe [1788.2288] ZwEnumerateValueKey SSDT 866CBDBB explorer.exe [1788.2288] ZwOpenKey SSDT 866CBAF5 explorer.exe [1788.2288] ZwOpenProcess SSDT 866CBB7D explorer.exe [1788.2288] ZwOpenThread SSDT 866CC432 explorer.exe [1788.2288] ZwProtectVirtualMemory SSDT 866CC609 explorer.exe [1788.2288] ZwQueryDirectoryFile SSDT sphj.sys explorer.exe [1788.2288] ZwQueryKey [0xF740220A] SSDT 866CB9A2 explorer.exe [1788.2288] ZwQuerySystemInformation SSDT sphj.sys explorer.exe [1788.2288] ZwQueryValueKey [0xF740208A] SSDT 866CC346 explorer.exe [1788.2288] ZwReadVirtualMemory SSDT 866CBD48 explorer.exe [1788.2288] ZwSetContextThread SSDT 866CC0DB explorer.exe [1788.2288] ZwSetValueKey SSDT 866C9D8D explorer.exe [1788.2288] ZwShutdownSystem SSDT 866CBCD5 explorer.exe [1788.2288] ZwSuspendThread SSDT 866CBC62 explorer.exe [1788.2288] ZwTerminateThread SSDT 866CC3BC explorer.exe [1788.2288] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread explorer.exe [1788:2992] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys explorer.exe [1788.2992] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED explorer.exe [1788.2992] ZwDeleteValueKey SSDT 866CBE85 explorer.exe [1788.2992] ZwEnumerateKey SSDT 866CBF9E explorer.exe [1788.2992] ZwEnumerateValueKey SSDT 866CBDBB explorer.exe [1788.2992] ZwOpenKey SSDT 866CBAF5 explorer.exe [1788.2992] ZwOpenProcess SSDT 866CBB7D explorer.exe [1788.2992] ZwOpenThread SSDT 866CC432 explorer.exe [1788.2992] ZwProtectVirtualMemory SSDT 866CC609 explorer.exe [1788.2992] ZwQueryDirectoryFile SSDT sphj.sys explorer.exe [1788.2992] ZwQueryKey [0xF740220A] SSDT 866CB9A2 explorer.exe [1788.2992] ZwQuerySystemInformation SSDT sphj.sys explorer.exe [1788.2992] ZwQueryValueKey [0xF740208A] SSDT 866CC346 explorer.exe [1788.2992] ZwReadVirtualMemory SSDT 866CBD48 explorer.exe [1788.2992] ZwSetContextThread SSDT 866CC0DB explorer.exe [1788.2992] ZwSetValueKey SSDT 866C9D8D explorer.exe [1788.2992] ZwShutdownSystem SSDT 866CBCD5 explorer.exe [1788.2992] ZwSuspendThread SSDT 866CBC62 explorer.exe [1788.2992] ZwTerminateThread SSDT 866CC3BC explorer.exe [1788.2992] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread explorer.exe [1788:5316] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys explorer.exe [1788.5316] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED explorer.exe [1788.5316] ZwDeleteValueKey SSDT 866CBE85 explorer.exe [1788.5316] ZwEnumerateKey SSDT 866CBF9E explorer.exe [1788.5316] ZwEnumerateValueKey SSDT 866CBDBB explorer.exe [1788.5316] ZwOpenKey SSDT 866CBAF5 explorer.exe [1788.5316] ZwOpenProcess SSDT 866CBB7D explorer.exe [1788.5316] ZwOpenThread SSDT 866CC432 explorer.exe [1788.5316] ZwProtectVirtualMemory SSDT 866CC609 explorer.exe [1788.5316] ZwQueryDirectoryFile SSDT sphj.sys explorer.exe [1788.5316] ZwQueryKey [0xF740220A] SSDT 866CB9A2 explorer.exe [1788.5316] ZwQuerySystemInformation SSDT sphj.sys explorer.exe [1788.5316] ZwQueryValueKey [0xF740208A] SSDT 866CC346 explorer.exe [1788.5316] ZwReadVirtualMemory SSDT 866CBD48 explorer.exe [1788.5316] ZwSetContextThread SSDT 866CC0DB explorer.exe [1788.5316] ZwSetValueKey SSDT 866C9D8D explorer.exe [1788.5316] ZwShutdownSystem SSDT 866CBCD5 explorer.exe [1788.5316] ZwSuspendThread SSDT 866CBC62 explorer.exe [1788.5316] ZwTerminateThread SSDT 866CC3BC explorer.exe [1788.5316] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread explorer.exe [1788:4792] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys explorer.exe [1788.4792] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED explorer.exe [1788.4792] ZwDeleteValueKey SSDT 866CBE85 explorer.exe [1788.4792] ZwEnumerateKey SSDT 866CBF9E explorer.exe [1788.4792] ZwEnumerateValueKey SSDT 866CBDBB explorer.exe [1788.4792] ZwOpenKey SSDT 866CBAF5 explorer.exe [1788.4792] ZwOpenProcess SSDT 866CBB7D explorer.exe [1788.4792] ZwOpenThread SSDT 866CC432 explorer.exe [1788.4792] ZwProtectVirtualMemory SSDT 866CC609 explorer.exe [1788.4792] ZwQueryDirectoryFile SSDT sphj.sys explorer.exe [1788.4792] ZwQueryKey [0xF740220A] SSDT 866CB9A2 explorer.exe [1788.4792] ZwQuerySystemInformation SSDT sphj.sys explorer.exe [1788.4792] ZwQueryValueKey [0xF740208A] SSDT 866CC346 explorer.exe [1788.4792] ZwReadVirtualMemory SSDT 866CBD48 explorer.exe [1788.4792] ZwSetContextThread SSDT 866CC0DB explorer.exe [1788.4792] ZwSetValueKey SSDT 866C9D8D explorer.exe [1788.4792] ZwShutdownSystem SSDT 866CBCD5 explorer.exe [1788.4792] ZwSuspendThread SSDT 866CBC62 explorer.exe [1788.4792] ZwTerminateThread SSDT 866CC3BC explorer.exe [1788.4792] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1796:1800] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys svchost.exe [1796.1800] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1796.1800] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1796.1800] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1796.1800] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1796.1800] ZwOpenKey SSDT 866CBAF5 svchost.exe [1796.1800] ZwOpenProcess SSDT 866CBB7D svchost.exe [1796.1800] ZwOpenThread SSDT 866CC432 svchost.exe [1796.1800] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1796.1800] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1796.1800] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1796.1800] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1796.1800] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1796.1800] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1796.1800] ZwSetContextThread SSDT 866CC0DB svchost.exe [1796.1800] ZwSetValueKey SSDT 866C9D8D svchost.exe [1796.1800] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1796.1800] ZwSuspendThread SSDT 866CBC62 svchost.exe [1796.1800] ZwTerminateThread SSDT 866CC3BC svchost.exe [1796.1800] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1796:1808] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1796.1808] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1796.1808] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1796.1808] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1796.1808] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1796.1808] ZwOpenKey SSDT 866CBAF5 svchost.exe [1796.1808] ZwOpenProcess SSDT 866CBB7D svchost.exe [1796.1808] ZwOpenThread SSDT 866CC432 svchost.exe [1796.1808] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1796.1808] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1796.1808] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1796.1808] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1796.1808] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1796.1808] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1796.1808] ZwSetContextThread SSDT 866CC0DB svchost.exe [1796.1808] ZwSetValueKey SSDT 866C9D8D svchost.exe [1796.1808] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1796.1808] ZwSuspendThread SSDT 866CBC62 svchost.exe [1796.1808] ZwTerminateThread SSDT 866CC3BC svchost.exe [1796.1808] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1796:1824] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1796.1824] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1796.1824] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1796.1824] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1796.1824] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1796.1824] ZwOpenKey SSDT 866CBAF5 svchost.exe [1796.1824] ZwOpenProcess SSDT 866CBB7D svchost.exe [1796.1824] ZwOpenThread SSDT 866CC432 svchost.exe [1796.1824] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1796.1824] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1796.1824] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1796.1824] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1796.1824] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1796.1824] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1796.1824] ZwSetContextThread SSDT 866CC0DB svchost.exe [1796.1824] ZwSetValueKey SSDT 866C9D8D svchost.exe [1796.1824] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1796.1824] ZwSuspendThread SSDT 866CBC62 svchost.exe [1796.1824] ZwTerminateThread SSDT 866CC3BC svchost.exe [1796.1824] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1796:1288] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1796.1288] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1796.1288] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1796.1288] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1796.1288] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1796.1288] ZwOpenKey SSDT 866CBAF5 svchost.exe [1796.1288] ZwOpenProcess SSDT 866CBB7D svchost.exe [1796.1288] ZwOpenThread SSDT 866CC432 svchost.exe [1796.1288] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1796.1288] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1796.1288] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1796.1288] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1796.1288] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1796.1288] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1796.1288] ZwSetContextThread SSDT 866CC0DB svchost.exe [1796.1288] ZwSetValueKey SSDT 866C9D8D svchost.exe [1796.1288] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1796.1288] ZwSuspendThread SSDT 866CBC62 svchost.exe [1796.1288] ZwTerminateThread SSDT 866CC3BC svchost.exe [1796.1288] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1796:1620] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1796.1620] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1796.1620] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1796.1620] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1796.1620] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1796.1620] ZwOpenKey SSDT 866CBAF5 svchost.exe [1796.1620] ZwOpenProcess SSDT 866CBB7D svchost.exe [1796.1620] ZwOpenThread SSDT 866CC432 svchost.exe [1796.1620] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1796.1620] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1796.1620] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1796.1620] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1796.1620] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1796.1620] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1796.1620] ZwSetContextThread SSDT 866CC0DB svchost.exe [1796.1620] ZwSetValueKey SSDT 866C9D8D svchost.exe [1796.1620] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1796.1620] ZwSuspendThread SSDT 866CBC62 svchost.exe [1796.1620] ZwTerminateThread SSDT 866CC3BC svchost.exe [1796.1620] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1796:2144] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1796.2144] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1796.2144] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1796.2144] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1796.2144] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1796.2144] ZwOpenKey SSDT 866CBAF5 svchost.exe [1796.2144] ZwOpenProcess SSDT 866CBB7D svchost.exe [1796.2144] ZwOpenThread SSDT 866CC432 svchost.exe [1796.2144] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1796.2144] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1796.2144] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1796.2144] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1796.2144] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1796.2144] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1796.2144] ZwSetContextThread SSDT 866CC0DB svchost.exe [1796.2144] ZwSetValueKey SSDT 866C9D8D svchost.exe [1796.2144] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1796.2144] ZwSuspendThread SSDT 866CBC62 svchost.exe [1796.2144] ZwTerminateThread SSDT 866CC3BC svchost.exe [1796.2144] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1796:2188] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1796.2188] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1796.2188] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1796.2188] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1796.2188] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1796.2188] ZwOpenKey SSDT 866CBAF5 svchost.exe [1796.2188] ZwOpenProcess SSDT 866CBB7D svchost.exe [1796.2188] ZwOpenThread SSDT 866CC432 svchost.exe [1796.2188] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1796.2188] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1796.2188] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1796.2188] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1796.2188] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1796.2188] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1796.2188] ZwSetContextThread SSDT 866CC0DB svchost.exe [1796.2188] ZwSetValueKey SSDT 866C9D8D svchost.exe [1796.2188] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1796.2188] ZwSuspendThread SSDT 866CBC62 svchost.exe [1796.2188] ZwTerminateThread SSDT 866CC3BC svchost.exe [1796.2188] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1796:2196] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1796.2196] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1796.2196] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1796.2196] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1796.2196] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1796.2196] ZwOpenKey SSDT 866CBAF5 svchost.exe [1796.2196] ZwOpenProcess SSDT 866CBB7D svchost.exe [1796.2196] ZwOpenThread SSDT 866CC432 svchost.exe [1796.2196] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1796.2196] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1796.2196] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1796.2196] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1796.2196] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1796.2196] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1796.2196] ZwSetContextThread SSDT 866CC0DB svchost.exe [1796.2196] ZwSetValueKey SSDT 866C9D8D svchost.exe [1796.2196] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1796.2196] ZwSuspendThread SSDT 866CBC62 svchost.exe [1796.2196] ZwTerminateThread SSDT 866CC3BC svchost.exe [1796.2196] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1796:2200] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1796.2200] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1796.2200] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1796.2200] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1796.2200] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1796.2200] ZwOpenKey SSDT 866CBAF5 svchost.exe [1796.2200] ZwOpenProcess SSDT 866CBB7D svchost.exe [1796.2200] ZwOpenThread SSDT 866CC432 svchost.exe [1796.2200] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1796.2200] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1796.2200] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1796.2200] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1796.2200] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1796.2200] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1796.2200] ZwSetContextThread SSDT 866CC0DB svchost.exe [1796.2200] ZwSetValueKey SSDT 866C9D8D svchost.exe [1796.2200] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1796.2200] ZwSuspendThread SSDT 866CBC62 svchost.exe [1796.2200] ZwTerminateThread SSDT 866CC3BC svchost.exe [1796.2200] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1796:2292] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1796.2292] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1796.2292] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1796.2292] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1796.2292] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1796.2292] ZwOpenKey SSDT 866CBAF5 svchost.exe [1796.2292] ZwOpenProcess SSDT 866CBB7D svchost.exe [1796.2292] ZwOpenThread SSDT 866CC432 svchost.exe [1796.2292] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1796.2292] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1796.2292] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1796.2292] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1796.2292] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1796.2292] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1796.2292] ZwSetContextThread SSDT 866CC0DB svchost.exe [1796.2292] ZwSetValueKey SSDT 866C9D8D svchost.exe [1796.2292] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1796.2292] ZwSuspendThread SSDT 866CBC62 svchost.exe [1796.2292] ZwTerminateThread SSDT 866CC3BC svchost.exe [1796.2292] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1796:2336] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1796.2336] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1796.2336] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1796.2336] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1796.2336] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1796.2336] ZwOpenKey SSDT 866CBAF5 svchost.exe [1796.2336] ZwOpenProcess SSDT 866CBB7D svchost.exe [1796.2336] ZwOpenThread SSDT 866CC432 svchost.exe [1796.2336] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1796.2336] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1796.2336] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1796.2336] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1796.2336] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1796.2336] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1796.2336] ZwSetContextThread SSDT 866CC0DB svchost.exe [1796.2336] ZwSetValueKey SSDT 866C9D8D svchost.exe [1796.2336] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1796.2336] ZwSuspendThread SSDT 866CBC62 svchost.exe [1796.2336] ZwTerminateThread SSDT 866CC3BC svchost.exe [1796.2336] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1796:492] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys svchost.exe [1796.492] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED svchost.exe [1796.492] ZwDeleteValueKey SSDT 866CBE85 svchost.exe [1796.492] ZwEnumerateKey SSDT 866CBF9E svchost.exe [1796.492] ZwEnumerateValueKey SSDT 866CBDBB svchost.exe [1796.492] ZwOpenKey SSDT 866CBAF5 svchost.exe [1796.492] ZwOpenProcess SSDT 866CBB7D svchost.exe [1796.492] ZwOpenThread SSDT 866CC432 svchost.exe [1796.492] ZwProtectVirtualMemory SSDT 866CC609 svchost.exe [1796.492] ZwQueryDirectoryFile SSDT sphj.sys svchost.exe [1796.492] ZwQueryKey [0xF740220A] SSDT 866CB9A2 svchost.exe [1796.492] ZwQuerySystemInformation SSDT sphj.sys svchost.exe [1796.492] ZwQueryValueKey [0xF740208A] SSDT 866CC346 svchost.exe [1796.492] ZwReadVirtualMemory SSDT 866CBD48 svchost.exe [1796.492] ZwSetContextThread SSDT 866CC0DB svchost.exe [1796.492] ZwSetValueKey SSDT 866C9D8D svchost.exe [1796.492] ZwShutdownSystem SSDT 866CBCD5 svchost.exe [1796.492] ZwSuspendThread SSDT 866CBC62 svchost.exe [1796.492] ZwTerminateThread SSDT 866CC3BC svchost.exe [1796.492] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread fwqs7w2n.exe [1836:7356] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys fwqs7w2n.exe [1836.7356] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED fwqs7w2n.exe [1836.7356] ZwDeleteValueKey SSDT 866CBE85 fwqs7w2n.exe [1836.7356] ZwEnumerateKey SSDT 866CBF9E fwqs7w2n.exe [1836.7356] ZwEnumerateValueKey SSDT 866CBDBB fwqs7w2n.exe [1836.7356] ZwOpenKey SSDT 866CBAF5 fwqs7w2n.exe [1836.7356] ZwOpenProcess SSDT 866CBB7D fwqs7w2n.exe [1836.7356] ZwOpenThread SSDT 866CC432 fwqs7w2n.exe [1836.7356] ZwProtectVirtualMemory SSDT 866CC609 fwqs7w2n.exe [1836.7356] ZwQueryDirectoryFile SSDT sphj.sys fwqs7w2n.exe [1836.7356] ZwQueryKey [0xF740220A] SSDT 866CB9A2 fwqs7w2n.exe [1836.7356] ZwQuerySystemInformation SSDT sphj.sys fwqs7w2n.exe [1836.7356] ZwQueryValueKey [0xF740208A] SSDT 866CC346 fwqs7w2n.exe [1836.7356] ZwReadVirtualMemory SSDT 866CBD48 fwqs7w2n.exe [1836.7356] ZwSetContextThread SSDT 866CC0DB fwqs7w2n.exe [1836.7356] ZwSetValueKey SSDT 866C9D8D fwqs7w2n.exe [1836.7356] ZwShutdownSystem SSDT 866CBCD5 fwqs7w2n.exe [1836.7356] ZwSuspendThread SSDT 866CBC62 fwqs7w2n.exe [1836.7356] ZwTerminateThread SSDT 866CC3BC fwqs7w2n.exe [1836.7356] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread spoolsv.exe [1988:1992] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys spoolsv.exe [1988.1992] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED spoolsv.exe [1988.1992] ZwDeleteValueKey SSDT 866CBE85 spoolsv.exe [1988.1992] ZwEnumerateKey SSDT 866CBF9E spoolsv.exe [1988.1992] ZwEnumerateValueKey SSDT 866CBDBB spoolsv.exe [1988.1992] ZwOpenKey SSDT 866CBAF5 spoolsv.exe [1988.1992] ZwOpenProcess SSDT 866CBB7D spoolsv.exe [1988.1992] ZwOpenThread SSDT 866CC432 spoolsv.exe [1988.1992] ZwProtectVirtualMemory SSDT 866CC609 spoolsv.exe [1988.1992] ZwQueryDirectoryFile SSDT sphj.sys spoolsv.exe [1988.1992] ZwQueryKey [0xF740220A] SSDT 866CB9A2 spoolsv.exe [1988.1992] ZwQuerySystemInformation SSDT sphj.sys spoolsv.exe [1988.1992] ZwQueryValueKey [0xF740208A] SSDT 866CC346 spoolsv.exe [1988.1992] ZwReadVirtualMemory SSDT 866CBD48 spoolsv.exe [1988.1992] ZwSetContextThread SSDT 866CC0DB spoolsv.exe [1988.1992] ZwSetValueKey SSDT 866C9D8D spoolsv.exe [1988.1992] ZwShutdownSystem SSDT 866CBCD5 spoolsv.exe [1988.1992] ZwSuspendThread SSDT 866CBC62 spoolsv.exe [1988.1992] ZwTerminateThread SSDT 866CC3BC spoolsv.exe [1988.1992] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread spoolsv.exe [1988:2008] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys spoolsv.exe [1988.2008] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED spoolsv.exe [1988.2008] ZwDeleteValueKey SSDT 866CBE85 spoolsv.exe [1988.2008] ZwEnumerateKey SSDT 866CBF9E spoolsv.exe [1988.2008] ZwEnumerateValueKey SSDT 866CBDBB spoolsv.exe [1988.2008] ZwOpenKey SSDT 866CBAF5 spoolsv.exe [1988.2008] ZwOpenProcess SSDT 866CBB7D spoolsv.exe [1988.2008] ZwOpenThread SSDT 866CC432 spoolsv.exe [1988.2008] ZwProtectVirtualMemory SSDT 866CC609 spoolsv.exe [1988.2008] ZwQueryDirectoryFile SSDT sphj.sys spoolsv.exe [1988.2008] ZwQueryKey [0xF740220A] SSDT 866CB9A2 spoolsv.exe [1988.2008] ZwQuerySystemInformation SSDT sphj.sys spoolsv.exe [1988.2008] ZwQueryValueKey [0xF740208A] SSDT 866CC346 spoolsv.exe [1988.2008] ZwReadVirtualMemory SSDT 866CBD48 spoolsv.exe [1988.2008] ZwSetContextThread SSDT 866CC0DB spoolsv.exe [1988.2008] ZwSetValueKey SSDT 866C9D8D spoolsv.exe [1988.2008] ZwShutdownSystem SSDT 866CBCD5 spoolsv.exe [1988.2008] ZwSuspendThread SSDT 866CBC62 spoolsv.exe [1988.2008] ZwTerminateThread SSDT 866CC3BC spoolsv.exe [1988.2008] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread spoolsv.exe [1988:2012] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys spoolsv.exe [1988.2012] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED spoolsv.exe [1988.2012] ZwDeleteValueKey SSDT 866CBE85 spoolsv.exe [1988.2012] ZwEnumerateKey SSDT 866CBF9E spoolsv.exe [1988.2012] ZwEnumerateValueKey SSDT 866CBDBB spoolsv.exe [1988.2012] ZwOpenKey SSDT 866CBAF5 spoolsv.exe [1988.2012] ZwOpenProcess SSDT 866CBB7D spoolsv.exe [1988.2012] ZwOpenThread SSDT 866CC432 spoolsv.exe [1988.2012] ZwProtectVirtualMemory SSDT 866CC609 spoolsv.exe [1988.2012] ZwQueryDirectoryFile SSDT sphj.sys spoolsv.exe [1988.2012] ZwQueryKey [0xF740220A] SSDT 866CB9A2 spoolsv.exe [1988.2012] ZwQuerySystemInformation SSDT sphj.sys spoolsv.exe [1988.2012] ZwQueryValueKey [0xF740208A] SSDT 866CC346 spoolsv.exe [1988.2012] ZwReadVirtualMemory SSDT 866CBD48 spoolsv.exe [1988.2012] ZwSetContextThread SSDT 866CC0DB spoolsv.exe [1988.2012] ZwSetValueKey SSDT 866C9D8D spoolsv.exe [1988.2012] ZwShutdownSystem SSDT 866CBCD5 spoolsv.exe [1988.2012] ZwSuspendThread SSDT 866CBC62 spoolsv.exe [1988.2012] ZwTerminateThread SSDT 866CC3BC spoolsv.exe [1988.2012] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread spoolsv.exe [1988:2024] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys spoolsv.exe [1988.2024] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED spoolsv.exe [1988.2024] ZwDeleteValueKey SSDT 866CBE85 spoolsv.exe [1988.2024] ZwEnumerateKey SSDT 866CBF9E spoolsv.exe [1988.2024] ZwEnumerateValueKey SSDT 866CBDBB spoolsv.exe [1988.2024] ZwOpenKey SSDT 866CBAF5 spoolsv.exe [1988.2024] ZwOpenProcess SSDT 866CBB7D spoolsv.exe [1988.2024] ZwOpenThread SSDT 866CC432 spoolsv.exe [1988.2024] ZwProtectVirtualMemory SSDT 866CC609 spoolsv.exe [1988.2024] ZwQueryDirectoryFile SSDT sphj.sys spoolsv.exe [1988.2024] ZwQueryKey [0xF740220A] SSDT 866CB9A2 spoolsv.exe [1988.2024] ZwQuerySystemInformation SSDT sphj.sys spoolsv.exe [1988.2024] ZwQueryValueKey [0xF740208A] SSDT 866CC346 spoolsv.exe [1988.2024] ZwReadVirtualMemory SSDT 866CBD48 spoolsv.exe [1988.2024] ZwSetContextThread SSDT 866CC0DB spoolsv.exe [1988.2024] ZwSetValueKey SSDT 866C9D8D spoolsv.exe [1988.2024] ZwShutdownSystem SSDT 866CBCD5 spoolsv.exe [1988.2024] ZwSuspendThread SSDT 866CBC62 spoolsv.exe [1988.2024] ZwTerminateThread SSDT 866CC3BC spoolsv.exe [1988.2024] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread spoolsv.exe [1988:516] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys spoolsv.exe [1988.516] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED spoolsv.exe [1988.516] ZwDeleteValueKey SSDT 866CBE85 spoolsv.exe [1988.516] ZwEnumerateKey SSDT 866CBF9E spoolsv.exe [1988.516] ZwEnumerateValueKey SSDT 866CBDBB spoolsv.exe [1988.516] ZwOpenKey SSDT 866CBAF5 spoolsv.exe [1988.516] ZwOpenProcess SSDT 866CBB7D spoolsv.exe [1988.516] ZwOpenThread SSDT 866CC432 spoolsv.exe [1988.516] ZwProtectVirtualMemory SSDT 866CC609 spoolsv.exe [1988.516] ZwQueryDirectoryFile SSDT sphj.sys spoolsv.exe [1988.516] ZwQueryKey [0xF740220A] SSDT 866CB9A2 spoolsv.exe [1988.516] ZwQuerySystemInformation SSDT sphj.sys spoolsv.exe [1988.516] ZwQueryValueKey [0xF740208A] SSDT 866CC346 spoolsv.exe [1988.516] ZwReadVirtualMemory SSDT 866CBD48 spoolsv.exe [1988.516] ZwSetContextThread SSDT 866CC0DB spoolsv.exe [1988.516] ZwSetValueKey SSDT 866C9D8D spoolsv.exe [1988.516] ZwShutdownSystem SSDT 866CBCD5 spoolsv.exe [1988.516] ZwSuspendThread SSDT 866CBC62 spoolsv.exe [1988.516] ZwTerminateThread SSDT 866CC3BC spoolsv.exe [1988.516] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread spoolsv.exe [1988:320] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys spoolsv.exe [1988.320] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED spoolsv.exe [1988.320] ZwDeleteValueKey SSDT 866CBE85 spoolsv.exe [1988.320] ZwEnumerateKey SSDT 866CBF9E spoolsv.exe [1988.320] ZwEnumerateValueKey SSDT 866CBDBB spoolsv.exe [1988.320] ZwOpenKey SSDT 866CBAF5 spoolsv.exe [1988.320] ZwOpenProcess SSDT 866CBB7D spoolsv.exe [1988.320] ZwOpenThread SSDT 866CC432 spoolsv.exe [1988.320] ZwProtectVirtualMemory SSDT 866CC609 spoolsv.exe [1988.320] ZwQueryDirectoryFile SSDT sphj.sys spoolsv.exe [1988.320] ZwQueryKey [0xF740220A] SSDT 866CB9A2 spoolsv.exe [1988.320] ZwQuerySystemInformation SSDT sphj.sys spoolsv.exe [1988.320] ZwQueryValueKey [0xF740208A] SSDT 866CC346 spoolsv.exe [1988.320] ZwReadVirtualMemory SSDT 866CBD48 spoolsv.exe [1988.320] ZwSetContextThread SSDT 866CC0DB spoolsv.exe [1988.320] ZwSetValueKey SSDT 866C9D8D spoolsv.exe [1988.320] ZwShutdownSystem SSDT 866CBCD5 spoolsv.exe [1988.320] ZwSuspendThread SSDT 866CBC62 spoolsv.exe [1988.320] ZwTerminateThread SSDT 866CC3BC spoolsv.exe [1988.320] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread spoolsv.exe [1988:604] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys spoolsv.exe [1988.604] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED spoolsv.exe [1988.604] ZwDeleteValueKey SSDT 866CBE85 spoolsv.exe [1988.604] ZwEnumerateKey SSDT 866CBF9E spoolsv.exe [1988.604] ZwEnumerateValueKey SSDT 866CBDBB spoolsv.exe [1988.604] ZwOpenKey SSDT 866CBAF5 spoolsv.exe [1988.604] ZwOpenProcess SSDT 866CBB7D spoolsv.exe [1988.604] ZwOpenThread SSDT 866CC432 spoolsv.exe [1988.604] ZwProtectVirtualMemory SSDT 866CC609 spoolsv.exe [1988.604] ZwQueryDirectoryFile SSDT sphj.sys spoolsv.exe [1988.604] ZwQueryKey [0xF740220A] SSDT 866CB9A2 spoolsv.exe [1988.604] ZwQuerySystemInformation SSDT sphj.sys spoolsv.exe [1988.604] ZwQueryValueKey [0xF740208A] SSDT 866CC346 spoolsv.exe [1988.604] ZwReadVirtualMemory SSDT 866CBD48 spoolsv.exe [1988.604] ZwSetContextThread SSDT 866CC0DB spoolsv.exe [1988.604] ZwSetValueKey SSDT 866C9D8D spoolsv.exe [1988.604] ZwShutdownSystem SSDT 866CBCD5 spoolsv.exe [1988.604] ZwSuspendThread SSDT 866CBC62 spoolsv.exe [1988.604] ZwTerminateThread SSDT 866CC3BC spoolsv.exe [1988.604] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread spoolsv.exe [1988:600] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys spoolsv.exe [1988.600] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED spoolsv.exe [1988.600] ZwDeleteValueKey SSDT 866CBE85 spoolsv.exe [1988.600] ZwEnumerateKey SSDT 866CBF9E spoolsv.exe [1988.600] ZwEnumerateValueKey SSDT 866CBDBB spoolsv.exe [1988.600] ZwOpenKey SSDT 866CBAF5 spoolsv.exe [1988.600] ZwOpenProcess SSDT 866CBB7D spoolsv.exe [1988.600] ZwOpenThread SSDT 866CC432 spoolsv.exe [1988.600] ZwProtectVirtualMemory SSDT 866CC609 spoolsv.exe [1988.600] ZwQueryDirectoryFile SSDT sphj.sys spoolsv.exe [1988.600] ZwQueryKey [0xF740220A] SSDT 866CB9A2 spoolsv.exe [1988.600] ZwQuerySystemInformation SSDT sphj.sys spoolsv.exe [1988.600] ZwQueryValueKey [0xF740208A] SSDT 866CC346 spoolsv.exe [1988.600] ZwReadVirtualMemory SSDT 866CBD48 spoolsv.exe [1988.600] ZwSetContextThread SSDT 866CC0DB spoolsv.exe [1988.600] ZwSetValueKey SSDT 866C9D8D spoolsv.exe [1988.600] ZwShutdownSystem SSDT 866CBCD5 spoolsv.exe [1988.600] ZwSuspendThread SSDT 866CBC62 spoolsv.exe [1988.600] ZwTerminateThread SSDT 866CC3BC spoolsv.exe [1988.600] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread spoolsv.exe [1988:396] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys spoolsv.exe [1988.396] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED spoolsv.exe [1988.396] ZwDeleteValueKey SSDT 866CBE85 spoolsv.exe [1988.396] ZwEnumerateKey SSDT 866CBF9E spoolsv.exe [1988.396] ZwEnumerateValueKey SSDT 866CBDBB spoolsv.exe [1988.396] ZwOpenKey SSDT 866CBAF5 spoolsv.exe [1988.396] ZwOpenProcess SSDT 866CBB7D spoolsv.exe [1988.396] ZwOpenThread SSDT 866CC432 spoolsv.exe [1988.396] ZwProtectVirtualMemory SSDT 866CC609 spoolsv.exe [1988.396] ZwQueryDirectoryFile SSDT sphj.sys spoolsv.exe [1988.396] ZwQueryKey [0xF740220A] SSDT 866CB9A2 spoolsv.exe [1988.396] ZwQuerySystemInformation SSDT sphj.sys spoolsv.exe [1988.396] ZwQueryValueKey [0xF740208A] SSDT 866CC346 spoolsv.exe [1988.396] ZwReadVirtualMemory SSDT 866CBD48 spoolsv.exe [1988.396] ZwSetContextThread SSDT 866CC0DB spoolsv.exe [1988.396] ZwSetValueKey SSDT 866C9D8D spoolsv.exe [1988.396] ZwShutdownSystem SSDT 866CBCD5 spoolsv.exe [1988.396] ZwSuspendThread SSDT 866CBC62 spoolsv.exe [1988.396] ZwTerminateThread SSDT 866CC3BC spoolsv.exe [1988.396] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread spoolsv.exe [1988:5268] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys spoolsv.exe [1988.5268] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED spoolsv.exe [1988.5268] ZwDeleteValueKey SSDT 866CBE85 spoolsv.exe [1988.5268] ZwEnumerateKey SSDT 866CBF9E spoolsv.exe [1988.5268] ZwEnumerateValueKey SSDT 866CBDBB spoolsv.exe [1988.5268] ZwOpenKey SSDT 866CBAF5 spoolsv.exe [1988.5268] ZwOpenProcess SSDT 866CBB7D spoolsv.exe [1988.5268] ZwOpenThread SSDT 866CC432 spoolsv.exe [1988.5268] ZwProtectVirtualMemory SSDT 866CC609 spoolsv.exe [1988.5268] ZwQueryDirectoryFile SSDT sphj.sys spoolsv.exe [1988.5268] ZwQueryKey [0xF740220A] SSDT 866CB9A2 spoolsv.exe [1988.5268] ZwQuerySystemInformation SSDT sphj.sys spoolsv.exe [1988.5268] ZwQueryValueKey [0xF740208A] SSDT 866CC346 spoolsv.exe [1988.5268] ZwReadVirtualMemory SSDT 866CBD48 spoolsv.exe [1988.5268] ZwSetContextThread SSDT 866CC0DB spoolsv.exe [1988.5268] ZwSetValueKey SSDT 866C9D8D spoolsv.exe [1988.5268] ZwShutdownSystem SSDT 866CBCD5 spoolsv.exe [1988.5268] ZwSuspendThread SSDT 866CBC62 spoolsv.exe [1988.5268] ZwTerminateThread SSDT 866CC3BC spoolsv.exe [1988.5268] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread alg.exe [2348:2352] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys alg.exe [2348.2352] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED alg.exe [2348.2352] ZwDeleteValueKey SSDT 866CBE85 alg.exe [2348.2352] ZwEnumerateKey SSDT 866CBF9E alg.exe [2348.2352] ZwEnumerateValueKey SSDT 866CBDBB alg.exe [2348.2352] ZwOpenKey SSDT 866CBAF5 alg.exe [2348.2352] ZwOpenProcess SSDT 866CBB7D alg.exe [2348.2352] ZwOpenThread SSDT 866CC432 alg.exe [2348.2352] ZwProtectVirtualMemory SSDT 866CC609 alg.exe [2348.2352] ZwQueryDirectoryFile SSDT sphj.sys alg.exe [2348.2352] ZwQueryKey [0xF740220A] SSDT 866CB9A2 alg.exe [2348.2352] ZwQuerySystemInformation SSDT sphj.sys alg.exe [2348.2352] ZwQueryValueKey [0xF740208A] SSDT 866CC346 alg.exe [2348.2352] ZwReadVirtualMemory SSDT 866CBD48 alg.exe [2348.2352] ZwSetContextThread SSDT 866CC0DB alg.exe [2348.2352] ZwSetValueKey SSDT 866C9D8D alg.exe [2348.2352] ZwShutdownSystem SSDT 866CBCD5 alg.exe [2348.2352] ZwSuspendThread SSDT 866CBC62 alg.exe [2348.2352] ZwTerminateThread SSDT 866CC3BC alg.exe [2348.2352] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread alg.exe [2348:2384] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys alg.exe [2348.2384] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED alg.exe [2348.2384] ZwDeleteValueKey SSDT 866CBE85 alg.exe [2348.2384] ZwEnumerateKey SSDT 866CBF9E alg.exe [2348.2384] ZwEnumerateValueKey SSDT 866CBDBB alg.exe [2348.2384] ZwOpenKey SSDT 866CBAF5 alg.exe [2348.2384] ZwOpenProcess SSDT 866CBB7D alg.exe [2348.2384] ZwOpenThread SSDT 866CC432 alg.exe [2348.2384] ZwProtectVirtualMemory SSDT 866CC609 alg.exe [2348.2384] ZwQueryDirectoryFile SSDT sphj.sys alg.exe [2348.2384] ZwQueryKey [0xF740220A] SSDT 866CB9A2 alg.exe [2348.2384] ZwQuerySystemInformation SSDT sphj.sys alg.exe [2348.2384] ZwQueryValueKey [0xF740208A] SSDT 866CC346 alg.exe [2348.2384] ZwReadVirtualMemory SSDT 866CBD48 alg.exe [2348.2384] ZwSetContextThread SSDT 866CC0DB alg.exe [2348.2384] ZwSetValueKey SSDT 866C9D8D alg.exe [2348.2384] ZwShutdownSystem SSDT 866CBCD5 alg.exe [2348.2384] ZwSuspendThread SSDT 866CBC62 alg.exe [2348.2384] ZwTerminateThread SSDT 866CC3BC alg.exe [2348.2384] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread alg.exe [2348:2388] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys alg.exe [2348.2388] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED alg.exe [2348.2388] ZwDeleteValueKey SSDT 866CBE85 alg.exe [2348.2388] ZwEnumerateKey SSDT 866CBF9E alg.exe [2348.2388] ZwEnumerateValueKey SSDT 866CBDBB alg.exe [2348.2388] ZwOpenKey SSDT 866CBAF5 alg.exe [2348.2388] ZwOpenProcess SSDT 866CBB7D alg.exe [2348.2388] ZwOpenThread SSDT 866CC432 alg.exe [2348.2388] ZwProtectVirtualMemory SSDT 866CC609 alg.exe [2348.2388] ZwQueryDirectoryFile SSDT sphj.sys alg.exe [2348.2388] ZwQueryKey [0xF740220A] SSDT 866CB9A2 alg.exe [2348.2388] ZwQuerySystemInformation SSDT sphj.sys alg.exe [2348.2388] ZwQueryValueKey [0xF740208A] SSDT 866CC346 alg.exe [2348.2388] ZwReadVirtualMemory SSDT 866CBD48 alg.exe [2348.2388] ZwSetContextThread SSDT 866CC0DB alg.exe [2348.2388] ZwSetValueKey SSDT 866C9D8D alg.exe [2348.2388] ZwShutdownSystem SSDT 866CBCD5 alg.exe [2348.2388] ZwSuspendThread SSDT 866CBC62 alg.exe [2348.2388] ZwTerminateThread SSDT 866CC3BC alg.exe [2348.2388] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread alg.exe [2348:2396] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys alg.exe [2348.2396] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED alg.exe [2348.2396] ZwDeleteValueKey SSDT 866CBE85 alg.exe [2348.2396] ZwEnumerateKey SSDT 866CBF9E alg.exe [2348.2396] ZwEnumerateValueKey SSDT 866CBDBB alg.exe [2348.2396] ZwOpenKey SSDT 866CBAF5 alg.exe [2348.2396] ZwOpenProcess SSDT 866CBB7D alg.exe [2348.2396] ZwOpenThread SSDT 866CC432 alg.exe [2348.2396] ZwProtectVirtualMemory SSDT 866CC609 alg.exe [2348.2396] ZwQueryDirectoryFile SSDT sphj.sys alg.exe [2348.2396] ZwQueryKey [0xF740220A] SSDT 866CB9A2 alg.exe [2348.2396] ZwQuerySystemInformation SSDT sphj.sys alg.exe [2348.2396] ZwQueryValueKey [0xF740208A] SSDT 866CC346 alg.exe [2348.2396] ZwReadVirtualMemory SSDT 866CBD48 alg.exe [2348.2396] ZwSetContextThread SSDT 866CC0DB alg.exe [2348.2396] ZwSetValueKey SSDT 866C9D8D alg.exe [2348.2396] ZwShutdownSystem SSDT 866CBCD5 alg.exe [2348.2396] ZwSuspendThread SSDT 866CBC62 alg.exe [2348.2396] ZwTerminateThread SSDT 866CC3BC alg.exe [2348.2396] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread alg.exe [2348:2412] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys alg.exe [2348.2412] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED alg.exe [2348.2412] ZwDeleteValueKey SSDT 866CBE85 alg.exe [2348.2412] ZwEnumerateKey SSDT 866CBF9E alg.exe [2348.2412] ZwEnumerateValueKey SSDT 866CBDBB alg.exe [2348.2412] ZwOpenKey SSDT 866CBAF5 alg.exe [2348.2412] ZwOpenProcess SSDT 866CBB7D alg.exe [2348.2412] ZwOpenThread SSDT 866CC432 alg.exe [2348.2412] ZwProtectVirtualMemory SSDT 866CC609 alg.exe [2348.2412] ZwQueryDirectoryFile SSDT sphj.sys alg.exe [2348.2412] ZwQueryKey [0xF740220A] SSDT 866CB9A2 alg.exe [2348.2412] ZwQuerySystemInformation SSDT sphj.sys alg.exe [2348.2412] ZwQueryValueKey [0xF740208A] SSDT 866CC346 alg.exe [2348.2412] ZwReadVirtualMemory SSDT 866CBD48 alg.exe [2348.2412] ZwSetContextThread SSDT 866CC0DB alg.exe [2348.2412] ZwSetValueKey SSDT 866C9D8D alg.exe [2348.2412] ZwShutdownSystem SSDT 866CBCD5 alg.exe [2348.2412] ZwSuspendThread SSDT 866CBC62 alg.exe [2348.2412] ZwTerminateThread SSDT 866CC3BC alg.exe [2348.2412] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread alg.exe [2348:2428] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys alg.exe [2348.2428] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED alg.exe [2348.2428] ZwDeleteValueKey SSDT 866CBE85 alg.exe [2348.2428] ZwEnumerateKey SSDT 866CBF9E alg.exe [2348.2428] ZwEnumerateValueKey SSDT 866CBDBB alg.exe [2348.2428] ZwOpenKey SSDT 866CBAF5 alg.exe [2348.2428] ZwOpenProcess SSDT 866CBB7D alg.exe [2348.2428] ZwOpenThread SSDT 866CC432 alg.exe [2348.2428] ZwProtectVirtualMemory SSDT 866CC609 alg.exe [2348.2428] ZwQueryDirectoryFile SSDT sphj.sys alg.exe [2348.2428] ZwQueryKey [0xF740220A] SSDT 866CB9A2 alg.exe [2348.2428] ZwQuerySystemInformation SSDT sphj.sys alg.exe [2348.2428] ZwQueryValueKey [0xF740208A] SSDT 866CC346 alg.exe [2348.2428] ZwReadVirtualMemory SSDT 866CBD48 alg.exe [2348.2428] ZwSetContextThread SSDT 866CC0DB alg.exe [2348.2428] ZwSetValueKey SSDT 866C9D8D alg.exe [2348.2428] ZwShutdownSystem SSDT 866CBCD5 alg.exe [2348.2428] ZwSuspendThread SSDT 866CBC62 alg.exe [2348.2428] ZwTerminateThread SSDT 866CC3BC alg.exe [2348.2428] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread wscntfy.exe [2600:2608] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys wscntfy.exe [2600.2608] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED wscntfy.exe [2600.2608] ZwDeleteValueKey SSDT 866CBE85 wscntfy.exe [2600.2608] ZwEnumerateKey SSDT 866CBF9E wscntfy.exe [2600.2608] ZwEnumerateValueKey SSDT 866CBDBB wscntfy.exe [2600.2608] ZwOpenKey SSDT 866CBAF5 wscntfy.exe [2600.2608] ZwOpenProcess SSDT 866CBB7D wscntfy.exe [2600.2608] ZwOpenThread SSDT 866CC432 wscntfy.exe [2600.2608] ZwProtectVirtualMemory SSDT 866CC609 wscntfy.exe [2600.2608] ZwQueryDirectoryFile SSDT sphj.sys wscntfy.exe [2600.2608] ZwQueryKey [0xF740220A] SSDT 866CB9A2 wscntfy.exe [2600.2608] ZwQuerySystemInformation SSDT sphj.sys wscntfy.exe [2600.2608] ZwQueryValueKey [0xF740208A] SSDT 866CC346 wscntfy.exe [2600.2608] ZwReadVirtualMemory SSDT 866CBD48 wscntfy.exe [2600.2608] ZwSetContextThread SSDT 866CC0DB wscntfy.exe [2600.2608] ZwSetValueKey SSDT 866C9D8D wscntfy.exe [2600.2608] ZwShutdownSystem SSDT 866CBCD5 wscntfy.exe [2600.2608] ZwSuspendThread SSDT 866CBC62 wscntfy.exe [2600.2608] ZwTerminateThread SSDT 866CC3BC wscntfy.exe [2600.2608] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread muip3E4B3D8E.tmp [2800:2804] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys muip3E4B3D8E.tmp [2800.2804] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED muip3E4B3D8E.tmp [2800.2804] ZwDeleteValueKey SSDT 866CBE85 muip3E4B3D8E.tmp [2800.2804] ZwEnumerateKey SSDT 866CBF9E muip3E4B3D8E.tmp [2800.2804] ZwEnumerateValueKey SSDT 866CBDBB muip3E4B3D8E.tmp [2800.2804] ZwOpenKey SSDT 866CBAF5 muip3E4B3D8E.tmp [2800.2804] ZwOpenProcess SSDT 866CBB7D muip3E4B3D8E.tmp [2800.2804] ZwOpenThread SSDT 866CC432 muip3E4B3D8E.tmp [2800.2804] ZwProtectVirtualMemory SSDT 866CC609 muip3E4B3D8E.tmp [2800.2804] ZwQueryDirectoryFile SSDT sphj.sys muip3E4B3D8E.tmp [2800.2804] ZwQueryKey [0xF740220A] SSDT 866CB9A2 muip3E4B3D8E.tmp [2800.2804] ZwQuerySystemInformation SSDT sphj.sys muip3E4B3D8E.tmp [2800.2804] ZwQueryValueKey [0xF740208A] SSDT 866CC346 muip3E4B3D8E.tmp [2800.2804] ZwReadVirtualMemory SSDT 866CBD48 muip3E4B3D8E.tmp [2800.2804] ZwSetContextThread SSDT 866CC0DB muip3E4B3D8E.tmp [2800.2804] ZwSetValueKey SSDT 866C9D8D muip3E4B3D8E.tmp [2800.2804] ZwShutdownSystem SSDT 866CBCD5 muip3E4B3D8E.tmp [2800.2804] ZwSuspendThread SSDT 866CBC62 muip3E4B3D8E.tmp [2800.2804] ZwTerminateThread SSDT 866CC3BC muip3E4B3D8E.tmp [2800.2804] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread muip3E4B3D8E.tmp [2800:2828] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys muip3E4B3D8E.tmp [2800.2828] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED muip3E4B3D8E.tmp [2800.2828] ZwDeleteValueKey SSDT 866CBE85 muip3E4B3D8E.tmp [2800.2828] ZwEnumerateKey SSDT 866CBF9E muip3E4B3D8E.tmp [2800.2828] ZwEnumerateValueKey SSDT 866CBDBB muip3E4B3D8E.tmp [2800.2828] ZwOpenKey SSDT 866CBAF5 muip3E4B3D8E.tmp [2800.2828] ZwOpenProcess SSDT 866CBB7D muip3E4B3D8E.tmp [2800.2828] ZwOpenThread SSDT 866CC432 muip3E4B3D8E.tmp [2800.2828] ZwProtectVirtualMemory SSDT 866CC609 muip3E4B3D8E.tmp [2800.2828] ZwQueryDirectoryFile SSDT sphj.sys muip3E4B3D8E.tmp [2800.2828] ZwQueryKey [0xF740220A] SSDT 866CB9A2 muip3E4B3D8E.tmp [2800.2828] ZwQuerySystemInformation SSDT sphj.sys muip3E4B3D8E.tmp [2800.2828] ZwQueryValueKey [0xF740208A] SSDT 866CC346 muip3E4B3D8E.tmp [2800.2828] ZwReadVirtualMemory SSDT 866CBD48 muip3E4B3D8E.tmp [2800.2828] ZwSetContextThread SSDT 866CC0DB muip3E4B3D8E.tmp [2800.2828] ZwSetValueKey SSDT 866C9D8D muip3E4B3D8E.tmp [2800.2828] ZwShutdownSystem SSDT 866CBCD5 muip3E4B3D8E.tmp [2800.2828] ZwSuspendThread SSDT 866CBC62 muip3E4B3D8E.tmp [2800.2828] ZwTerminateThread SSDT 866CC3BC muip3E4B3D8E.tmp [2800.2828] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread muip3E4B3D8E.tmp [2800:2832] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys muip3E4B3D8E.tmp [2800.2832] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED muip3E4B3D8E.tmp [2800.2832] ZwDeleteValueKey SSDT 866CBE85 muip3E4B3D8E.tmp [2800.2832] ZwEnumerateKey SSDT 866CBF9E muip3E4B3D8E.tmp [2800.2832] ZwEnumerateValueKey SSDT 866CBDBB muip3E4B3D8E.tmp [2800.2832] ZwOpenKey SSDT 866CBAF5 muip3E4B3D8E.tmp [2800.2832] ZwOpenProcess SSDT 866CBB7D muip3E4B3D8E.tmp [2800.2832] ZwOpenThread SSDT 866CC432 muip3E4B3D8E.tmp [2800.2832] ZwProtectVirtualMemory SSDT 866CC609 muip3E4B3D8E.tmp [2800.2832] ZwQueryDirectoryFile SSDT sphj.sys muip3E4B3D8E.tmp [2800.2832] ZwQueryKey [0xF740220A] SSDT 866CB9A2 muip3E4B3D8E.tmp [2800.2832] ZwQuerySystemInformation SSDT sphj.sys muip3E4B3D8E.tmp [2800.2832] ZwQueryValueKey [0xF740208A] SSDT 866CC346 muip3E4B3D8E.tmp [2800.2832] ZwReadVirtualMemory SSDT 866CBD48 muip3E4B3D8E.tmp [2800.2832] ZwSetContextThread SSDT 866CC0DB muip3E4B3D8E.tmp [2800.2832] ZwSetValueKey SSDT 866C9D8D muip3E4B3D8E.tmp [2800.2832] ZwShutdownSystem SSDT 866CBCD5 muip3E4B3D8E.tmp [2800.2832] ZwSuspendThread SSDT 866CBC62 muip3E4B3D8E.tmp [2800.2832] ZwTerminateThread SSDT 866CC3BC muip3E4B3D8E.tmp [2800.2832] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread muip3E4B3D8E.tmp [2800:2840] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys muip3E4B3D8E.tmp [2800.2840] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED muip3E4B3D8E.tmp [2800.2840] ZwDeleteValueKey SSDT 866CBE85 muip3E4B3D8E.tmp [2800.2840] ZwEnumerateKey SSDT 866CBF9E muip3E4B3D8E.tmp [2800.2840] ZwEnumerateValueKey SSDT 866CBDBB muip3E4B3D8E.tmp [2800.2840] ZwOpenKey SSDT 866CBAF5 muip3E4B3D8E.tmp [2800.2840] ZwOpenProcess SSDT 866CBB7D muip3E4B3D8E.tmp [2800.2840] ZwOpenThread SSDT 866CC432 muip3E4B3D8E.tmp [2800.2840] ZwProtectVirtualMemory SSDT 866CC609 muip3E4B3D8E.tmp [2800.2840] ZwQueryDirectoryFile SSDT sphj.sys muip3E4B3D8E.tmp [2800.2840] ZwQueryKey [0xF740220A] SSDT 866CB9A2 muip3E4B3D8E.tmp [2800.2840] ZwQuerySystemInformation SSDT sphj.sys muip3E4B3D8E.tmp [2800.2840] ZwQueryValueKey [0xF740208A] SSDT 866CC346 muip3E4B3D8E.tmp [2800.2840] ZwReadVirtualMemory SSDT 866CBD48 muip3E4B3D8E.tmp [2800.2840] ZwSetContextThread SSDT 866CC0DB muip3E4B3D8E.tmp [2800.2840] ZwSetValueKey SSDT 866C9D8D muip3E4B3D8E.tmp [2800.2840] ZwShutdownSystem SSDT 866CBCD5 muip3E4B3D8E.tmp [2800.2840] ZwSuspendThread SSDT 866CBC62 muip3E4B3D8E.tmp [2800.2840] ZwTerminateThread SSDT 866CC3BC muip3E4B3D8E.tmp [2800.2840] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread muip3E4B3D8E.tmp [2800:6052] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys muip3E4B3D8E.tmp [2800.6052] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED muip3E4B3D8E.tmp [2800.6052] ZwDeleteValueKey SSDT 866CBE85 muip3E4B3D8E.tmp [2800.6052] ZwEnumerateKey SSDT 866CBF9E muip3E4B3D8E.tmp [2800.6052] ZwEnumerateValueKey SSDT 866CBDBB muip3E4B3D8E.tmp [2800.6052] ZwOpenKey SSDT 866CBAF5 muip3E4B3D8E.tmp [2800.6052] ZwOpenProcess SSDT 866CBB7D muip3E4B3D8E.tmp [2800.6052] ZwOpenThread SSDT 866CC432 muip3E4B3D8E.tmp [2800.6052] ZwProtectVirtualMemory SSDT 866CC609 muip3E4B3D8E.tmp [2800.6052] ZwQueryDirectoryFile SSDT sphj.sys muip3E4B3D8E.tmp [2800.6052] ZwQueryKey [0xF740220A] SSDT 866CB9A2 muip3E4B3D8E.tmp [2800.6052] ZwQuerySystemInformation SSDT sphj.sys muip3E4B3D8E.tmp [2800.6052] ZwQueryValueKey [0xF740208A] SSDT 866CC346 muip3E4B3D8E.tmp [2800.6052] ZwReadVirtualMemory SSDT 866CBD48 muip3E4B3D8E.tmp [2800.6052] ZwSetContextThread SSDT 866CC0DB muip3E4B3D8E.tmp [2800.6052] ZwSetValueKey SSDT 866C9D8D muip3E4B3D8E.tmp [2800.6052] ZwShutdownSystem SSDT 866CBCD5 muip3E4B3D8E.tmp [2800.6052] ZwSuspendThread SSDT 866CBC62 muip3E4B3D8E.tmp [2800.6052] ZwTerminateThread SSDT 866CC3BC muip3E4B3D8E.tmp [2800.6052] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread muip3E4B3D8E.tmp [2800:7180] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys muip3E4B3D8E.tmp [2800.7180] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED muip3E4B3D8E.tmp [2800.7180] ZwDeleteValueKey SSDT 866CBE85 muip3E4B3D8E.tmp [2800.7180] ZwEnumerateKey SSDT 866CBF9E muip3E4B3D8E.tmp [2800.7180] ZwEnumerateValueKey SSDT 866CBDBB muip3E4B3D8E.tmp [2800.7180] ZwOpenKey SSDT 866CBAF5 muip3E4B3D8E.tmp [2800.7180] ZwOpenProcess SSDT 866CBB7D muip3E4B3D8E.tmp [2800.7180] ZwOpenThread SSDT 866CC432 muip3E4B3D8E.tmp [2800.7180] ZwProtectVirtualMemory SSDT 866CC609 muip3E4B3D8E.tmp [2800.7180] ZwQueryDirectoryFile SSDT sphj.sys muip3E4B3D8E.tmp [2800.7180] ZwQueryKey [0xF740220A] SSDT 866CB9A2 muip3E4B3D8E.tmp [2800.7180] ZwQuerySystemInformation SSDT sphj.sys muip3E4B3D8E.tmp [2800.7180] ZwQueryValueKey [0xF740208A] SSDT 866CC346 muip3E4B3D8E.tmp [2800.7180] ZwReadVirtualMemory SSDT 866CBD48 muip3E4B3D8E.tmp [2800.7180] ZwSetContextThread SSDT 866CC0DB muip3E4B3D8E.tmp [2800.7180] ZwSetValueKey SSDT 866C9D8D muip3E4B3D8E.tmp [2800.7180] ZwShutdownSystem SSDT 866CBCD5 muip3E4B3D8E.tmp [2800.7180] ZwSuspendThread SSDT 866CBC62 muip3E4B3D8E.tmp [2800.7180] ZwTerminateThread SSDT 866CC3BC muip3E4B3D8E.tmp [2800.7180] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread muip3E4B3D8E.tmp [2800:8084] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys muip3E4B3D8E.tmp [2800.8084] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED muip3E4B3D8E.tmp [2800.8084] ZwDeleteValueKey SSDT 866CBE85 muip3E4B3D8E.tmp [2800.8084] ZwEnumerateKey SSDT 866CBF9E muip3E4B3D8E.tmp [2800.8084] ZwEnumerateValueKey SSDT 866CBDBB muip3E4B3D8E.tmp [2800.8084] ZwOpenKey SSDT 866CBAF5 muip3E4B3D8E.tmp [2800.8084] ZwOpenProcess SSDT 866CBB7D muip3E4B3D8E.tmp [2800.8084] ZwOpenThread SSDT 866CC432 muip3E4B3D8E.tmp [2800.8084] ZwProtectVirtualMemory SSDT 866CC609 muip3E4B3D8E.tmp [2800.8084] ZwQueryDirectoryFile SSDT sphj.sys muip3E4B3D8E.tmp [2800.8084] ZwQueryKey [0xF740220A] SSDT 866CB9A2 muip3E4B3D8E.tmp [2800.8084] ZwQuerySystemInformation SSDT sphj.sys muip3E4B3D8E.tmp [2800.8084] ZwQueryValueKey [0xF740208A] SSDT 866CC346 muip3E4B3D8E.tmp [2800.8084] ZwReadVirtualMemory SSDT 866CBD48 muip3E4B3D8E.tmp [2800.8084] ZwSetContextThread SSDT 866CC0DB muip3E4B3D8E.tmp [2800.8084] ZwSetValueKey SSDT 866C9D8D muip3E4B3D8E.tmp [2800.8084] ZwShutdownSystem SSDT 866CBCD5 muip3E4B3D8E.tmp [2800.8084] ZwSuspendThread SSDT 866CBC62 muip3E4B3D8E.tmp [2800.8084] ZwTerminateThread SSDT 866CC3BC muip3E4B3D8E.tmp [2800.8084] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread muip3E4B3D8E.tmp [2800:1308] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys muip3E4B3D8E.tmp [2800.1308] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED muip3E4B3D8E.tmp [2800.1308] ZwDeleteValueKey SSDT 866CBE85 muip3E4B3D8E.tmp [2800.1308] ZwEnumerateKey SSDT 866CBF9E muip3E4B3D8E.tmp [2800.1308] ZwEnumerateValueKey SSDT 866CBDBB muip3E4B3D8E.tmp [2800.1308] ZwOpenKey SSDT 866CBAF5 muip3E4B3D8E.tmp [2800.1308] ZwOpenProcess SSDT 866CBB7D muip3E4B3D8E.tmp [2800.1308] ZwOpenThread SSDT 866CC432 muip3E4B3D8E.tmp [2800.1308] ZwProtectVirtualMemory SSDT 866CC609 muip3E4B3D8E.tmp [2800.1308] ZwQueryDirectoryFile SSDT sphj.sys muip3E4B3D8E.tmp [2800.1308] ZwQueryKey [0xF740220A] SSDT 866CB9A2 muip3E4B3D8E.tmp [2800.1308] ZwQuerySystemInformation SSDT sphj.sys muip3E4B3D8E.tmp [2800.1308] ZwQueryValueKey [0xF740208A] SSDT 866CC346 muip3E4B3D8E.tmp [2800.1308] ZwReadVirtualMemory SSDT 866CBD48 muip3E4B3D8E.tmp [2800.1308] ZwSetContextThread SSDT 866CC0DB muip3E4B3D8E.tmp [2800.1308] ZwSetValueKey SSDT 866C9D8D muip3E4B3D8E.tmp [2800.1308] ZwShutdownSystem SSDT 866CBCD5 muip3E4B3D8E.tmp [2800.1308] ZwSuspendThread SSDT 866CBC62 muip3E4B3D8E.tmp [2800.1308] ZwTerminateThread SSDT 866CC3BC muip3E4B3D8E.tmp [2800.1308] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread muip3E4B3D8E.tmp [2800:3568] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys muip3E4B3D8E.tmp [2800.3568] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED muip3E4B3D8E.tmp [2800.3568] ZwDeleteValueKey SSDT 866CBE85 muip3E4B3D8E.tmp [2800.3568] ZwEnumerateKey SSDT 866CBF9E muip3E4B3D8E.tmp [2800.3568] ZwEnumerateValueKey SSDT 866CBDBB muip3E4B3D8E.tmp [2800.3568] ZwOpenKey SSDT 866CBAF5 muip3E4B3D8E.tmp [2800.3568] ZwOpenProcess SSDT 866CBB7D muip3E4B3D8E.tmp [2800.3568] ZwOpenThread SSDT 866CC432 muip3E4B3D8E.tmp [2800.3568] ZwProtectVirtualMemory SSDT 866CC609 muip3E4B3D8E.tmp [2800.3568] ZwQueryDirectoryFile SSDT sphj.sys muip3E4B3D8E.tmp [2800.3568] ZwQueryKey [0xF740220A] SSDT 866CB9A2 muip3E4B3D8E.tmp [2800.3568] ZwQuerySystemInformation SSDT sphj.sys muip3E4B3D8E.tmp [2800.3568] ZwQueryValueKey [0xF740208A] SSDT 866CC346 muip3E4B3D8E.tmp [2800.3568] ZwReadVirtualMemory SSDT 866CBD48 muip3E4B3D8E.tmp [2800.3568] ZwSetContextThread SSDT 866CC0DB muip3E4B3D8E.tmp [2800.3568] ZwSetValueKey SSDT 866C9D8D muip3E4B3D8E.tmp [2800.3568] ZwShutdownSystem SSDT 866CBCD5 muip3E4B3D8E.tmp [2800.3568] ZwSuspendThread SSDT 866CBC62 muip3E4B3D8E.tmp [2800.3568] ZwTerminateThread SSDT 866CC3BC muip3E4B3D8E.tmp [2800.3568] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread muip3E4B3D8E.tmp [2800:3812] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys muip3E4B3D8E.tmp [2800.3812] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED muip3E4B3D8E.tmp [2800.3812] ZwDeleteValueKey SSDT 866CBE85 muip3E4B3D8E.tmp [2800.3812] ZwEnumerateKey SSDT 866CBF9E muip3E4B3D8E.tmp [2800.3812] ZwEnumerateValueKey SSDT 866CBDBB muip3E4B3D8E.tmp [2800.3812] ZwOpenKey SSDT 866CBAF5 muip3E4B3D8E.tmp [2800.3812] ZwOpenProcess SSDT 866CBB7D muip3E4B3D8E.tmp [2800.3812] ZwOpenThread SSDT 866CC432 muip3E4B3D8E.tmp [2800.3812] ZwProtectVirtualMemory SSDT 866CC609 muip3E4B3D8E.tmp [2800.3812] ZwQueryDirectoryFile SSDT sphj.sys muip3E4B3D8E.tmp [2800.3812] ZwQueryKey [0xF740220A] SSDT 866CB9A2 muip3E4B3D8E.tmp [2800.3812] ZwQuerySystemInformation SSDT sphj.sys muip3E4B3D8E.tmp [2800.3812] ZwQueryValueKey [0xF740208A] SSDT 866CC346 muip3E4B3D8E.tmp [2800.3812] ZwReadVirtualMemory SSDT 866CBD48 muip3E4B3D8E.tmp [2800.3812] ZwSetContextThread SSDT 866CC0DB muip3E4B3D8E.tmp [2800.3812] ZwSetValueKey SSDT 866C9D8D muip3E4B3D8E.tmp [2800.3812] ZwShutdownSystem SSDT 866CBCD5 muip3E4B3D8E.tmp [2800.3812] ZwSuspendThread SSDT 866CBC62 muip3E4B3D8E.tmp [2800.3812] ZwTerminateThread SSDT 866CC3BC muip3E4B3D8E.tmp [2800.3812] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread muip3E4B3D8E.tmp [2800:5344] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys muip3E4B3D8E.tmp [2800.5344] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED muip3E4B3D8E.tmp [2800.5344] ZwDeleteValueKey SSDT 866CBE85 muip3E4B3D8E.tmp [2800.5344] ZwEnumerateKey SSDT 866CBF9E muip3E4B3D8E.tmp [2800.5344] ZwEnumerateValueKey SSDT 866CBDBB muip3E4B3D8E.tmp [2800.5344] ZwOpenKey SSDT 866CBAF5 muip3E4B3D8E.tmp [2800.5344] ZwOpenProcess SSDT 866CBB7D muip3E4B3D8E.tmp [2800.5344] ZwOpenThread SSDT 866CC432 muip3E4B3D8E.tmp [2800.5344] ZwProtectVirtualMemory SSDT 866CC609 muip3E4B3D8E.tmp [2800.5344] ZwQueryDirectoryFile SSDT sphj.sys muip3E4B3D8E.tmp [2800.5344] ZwQueryKey [0xF740220A] SSDT 866CB9A2 muip3E4B3D8E.tmp [2800.5344] ZwQuerySystemInformation SSDT sphj.sys muip3E4B3D8E.tmp [2800.5344] ZwQueryValueKey [0xF740208A] SSDT 866CC346 muip3E4B3D8E.tmp [2800.5344] ZwReadVirtualMemory SSDT 866CBD48 muip3E4B3D8E.tmp [2800.5344] ZwSetContextThread SSDT 866CC0DB muip3E4B3D8E.tmp [2800.5344] ZwSetValueKey SSDT 866C9D8D muip3E4B3D8E.tmp [2800.5344] ZwShutdownSystem SSDT 866CBCD5 muip3E4B3D8E.tmp [2800.5344] ZwSuspendThread SSDT 866CBC62 muip3E4B3D8E.tmp [2800.5344] ZwTerminateThread SSDT 866CC3BC muip3E4B3D8E.tmp [2800.5344] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread muip3E4B3D8E.tmp [2800:8052] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys muip3E4B3D8E.tmp [2800.8052] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED muip3E4B3D8E.tmp [2800.8052] ZwDeleteValueKey SSDT 866CBE85 muip3E4B3D8E.tmp [2800.8052] ZwEnumerateKey SSDT 866CBF9E muip3E4B3D8E.tmp [2800.8052] ZwEnumerateValueKey SSDT 866CBDBB muip3E4B3D8E.tmp [2800.8052] ZwOpenKey SSDT 866CBAF5 muip3E4B3D8E.tmp [2800.8052] ZwOpenProcess SSDT 866CBB7D muip3E4B3D8E.tmp [2800.8052] ZwOpenThread SSDT 866CC432 muip3E4B3D8E.tmp [2800.8052] ZwProtectVirtualMemory SSDT 866CC609 muip3E4B3D8E.tmp [2800.8052] ZwQueryDirectoryFile SSDT sphj.sys muip3E4B3D8E.tmp [2800.8052] ZwQueryKey [0xF740220A] SSDT 866CB9A2 muip3E4B3D8E.tmp [2800.8052] ZwQuerySystemInformation SSDT sphj.sys muip3E4B3D8E.tmp [2800.8052] ZwQueryValueKey [0xF740208A] SSDT 866CC346 muip3E4B3D8E.tmp [2800.8052] ZwReadVirtualMemory SSDT 866CBD48 muip3E4B3D8E.tmp [2800.8052] ZwSetContextThread SSDT 866CC0DB muip3E4B3D8E.tmp [2800.8052] ZwSetValueKey SSDT 866C9D8D muip3E4B3D8E.tmp [2800.8052] ZwShutdownSystem SSDT 866CBCD5 muip3E4B3D8E.tmp [2800.8052] ZwSuspendThread SSDT 866CBC62 muip3E4B3D8E.tmp [2800.8052] ZwTerminateThread SSDT 866CC3BC muip3E4B3D8E.tmp [2800.8052] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread muip3E4B3D8E.tmp [2800:3496] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys muip3E4B3D8E.tmp [2800.3496] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED muip3E4B3D8E.tmp [2800.3496] ZwDeleteValueKey SSDT 866CBE85 muip3E4B3D8E.tmp [2800.3496] ZwEnumerateKey SSDT 866CBF9E muip3E4B3D8E.tmp [2800.3496] ZwEnumerateValueKey SSDT 866CBDBB muip3E4B3D8E.tmp [2800.3496] ZwOpenKey SSDT 866CBAF5 muip3E4B3D8E.tmp [2800.3496] ZwOpenProcess SSDT 866CBB7D muip3E4B3D8E.tmp [2800.3496] ZwOpenThread SSDT 866CC432 muip3E4B3D8E.tmp [2800.3496] ZwProtectVirtualMemory SSDT 866CC609 muip3E4B3D8E.tmp [2800.3496] ZwQueryDirectoryFile SSDT sphj.sys muip3E4B3D8E.tmp [2800.3496] ZwQueryKey [0xF740220A] SSDT 866CB9A2 muip3E4B3D8E.tmp [2800.3496] ZwQuerySystemInformation SSDT sphj.sys muip3E4B3D8E.tmp [2800.3496] ZwQueryValueKey [0xF740208A] SSDT 866CC346 muip3E4B3D8E.tmp [2800.3496] ZwReadVirtualMemory SSDT 866CBD48 muip3E4B3D8E.tmp [2800.3496] ZwSetContextThread SSDT 866CC0DB muip3E4B3D8E.tmp [2800.3496] ZwSetValueKey SSDT 866C9D8D muip3E4B3D8E.tmp [2800.3496] ZwShutdownSystem SSDT 866CBCD5 muip3E4B3D8E.tmp [2800.3496] ZwSuspendThread SSDT 866CBC62 muip3E4B3D8E.tmp [2800.3496] ZwTerminateThread SSDT 866CC3BC muip3E4B3D8E.tmp [2800.3496] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread muip3E4B3D8E.tmp [2800:3184] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys muip3E4B3D8E.tmp [2800.3184] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED muip3E4B3D8E.tmp [2800.3184] ZwDeleteValueKey SSDT 866CBE85 muip3E4B3D8E.tmp [2800.3184] ZwEnumerateKey SSDT 866CBF9E muip3E4B3D8E.tmp [2800.3184] ZwEnumerateValueKey SSDT 866CBDBB muip3E4B3D8E.tmp [2800.3184] ZwOpenKey SSDT 866CBAF5 muip3E4B3D8E.tmp [2800.3184] ZwOpenProcess SSDT 866CBB7D muip3E4B3D8E.tmp [2800.3184] ZwOpenThread SSDT 866CC432 muip3E4B3D8E.tmp [2800.3184] ZwProtectVirtualMemory SSDT 866CC609 muip3E4B3D8E.tmp [2800.3184] ZwQueryDirectoryFile SSDT sphj.sys muip3E4B3D8E.tmp [2800.3184] ZwQueryKey [0xF740220A] SSDT 866CB9A2 muip3E4B3D8E.tmp [2800.3184] ZwQuerySystemInformation SSDT sphj.sys muip3E4B3D8E.tmp [2800.3184] ZwQueryValueKey [0xF740208A] SSDT 866CC346 muip3E4B3D8E.tmp [2800.3184] ZwReadVirtualMemory SSDT 866CBD48 muip3E4B3D8E.tmp [2800.3184] ZwSetContextThread SSDT 866CC0DB muip3E4B3D8E.tmp [2800.3184] ZwSetValueKey SSDT 866C9D8D muip3E4B3D8E.tmp [2800.3184] ZwShutdownSystem SSDT 866CBCD5 muip3E4B3D8E.tmp [2800.3184] ZwSuspendThread SSDT 866CBC62 muip3E4B3D8E.tmp [2800.3184] ZwTerminateThread SSDT 866CC3BC muip3E4B3D8E.tmp [2800.3184] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread muip3E4B3D8E.tmp [2800:4348] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys muip3E4B3D8E.tmp [2800.4348] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED muip3E4B3D8E.tmp [2800.4348] ZwDeleteValueKey SSDT 866CBE85 muip3E4B3D8E.tmp [2800.4348] ZwEnumerateKey SSDT 866CBF9E muip3E4B3D8E.tmp [2800.4348] ZwEnumerateValueKey SSDT 866CBDBB muip3E4B3D8E.tmp [2800.4348] ZwOpenKey SSDT 866CBAF5 muip3E4B3D8E.tmp [2800.4348] ZwOpenProcess SSDT 866CBB7D muip3E4B3D8E.tmp [2800.4348] ZwOpenThread SSDT 866CC432 muip3E4B3D8E.tmp [2800.4348] ZwProtectVirtualMemory SSDT 866CC609 muip3E4B3D8E.tmp [2800.4348] ZwQueryDirectoryFile SSDT sphj.sys muip3E4B3D8E.tmp [2800.4348] ZwQueryKey [0xF740220A] SSDT 866CB9A2 muip3E4B3D8E.tmp [2800.4348] ZwQuerySystemInformation SSDT sphj.sys muip3E4B3D8E.tmp [2800.4348] ZwQueryValueKey [0xF740208A] SSDT 866CC346 muip3E4B3D8E.tmp [2800.4348] ZwReadVirtualMemory SSDT 866CBD48 muip3E4B3D8E.tmp [2800.4348] ZwSetContextThread SSDT 866CC0DB muip3E4B3D8E.tmp [2800.4348] ZwSetValueKey SSDT 866C9D8D muip3E4B3D8E.tmp [2800.4348] ZwShutdownSystem SSDT 866CBCD5 muip3E4B3D8E.tmp [2800.4348] ZwSuspendThread SSDT 866CBC62 muip3E4B3D8E.tmp [2800.4348] ZwTerminateThread SSDT 866CC3BC muip3E4B3D8E.tmp [2800.4348] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread muip3E4B3D8E.tmp [2800:2544] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys muip3E4B3D8E.tmp [2800.2544] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED muip3E4B3D8E.tmp [2800.2544] ZwDeleteValueKey SSDT 866CBE85 muip3E4B3D8E.tmp [2800.2544] ZwEnumerateKey SSDT 866CBF9E muip3E4B3D8E.tmp [2800.2544] ZwEnumerateValueKey SSDT 866CBDBB muip3E4B3D8E.tmp [2800.2544] ZwOpenKey SSDT 866CBAF5 muip3E4B3D8E.tmp [2800.2544] ZwOpenProcess SSDT 866CBB7D muip3E4B3D8E.tmp [2800.2544] ZwOpenThread SSDT 866CC432 muip3E4B3D8E.tmp [2800.2544] ZwProtectVirtualMemory SSDT 866CC609 muip3E4B3D8E.tmp [2800.2544] ZwQueryDirectoryFile SSDT sphj.sys muip3E4B3D8E.tmp [2800.2544] ZwQueryKey [0xF740220A] SSDT 866CB9A2 muip3E4B3D8E.tmp [2800.2544] ZwQuerySystemInformation SSDT sphj.sys muip3E4B3D8E.tmp [2800.2544] ZwQueryValueKey [0xF740208A] SSDT 866CC346 muip3E4B3D8E.tmp [2800.2544] ZwReadVirtualMemory SSDT 866CBD48 muip3E4B3D8E.tmp [2800.2544] ZwSetContextThread SSDT 866CC0DB muip3E4B3D8E.tmp [2800.2544] ZwSetValueKey SSDT 866C9D8D muip3E4B3D8E.tmp [2800.2544] ZwShutdownSystem SSDT 866CBCD5 muip3E4B3D8E.tmp [2800.2544] ZwSuspendThread SSDT 866CBC62 muip3E4B3D8E.tmp [2800.2544] ZwTerminateThread SSDT 866CC3BC muip3E4B3D8E.tmp [2800.2544] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread muip3E4B3D8E.tmp [2800:6256] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys muip3E4B3D8E.tmp [2800.6256] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED muip3E4B3D8E.tmp [2800.6256] ZwDeleteValueKey SSDT 866CBE85 muip3E4B3D8E.tmp [2800.6256] ZwEnumerateKey SSDT 866CBF9E muip3E4B3D8E.tmp [2800.6256] ZwEnumerateValueKey SSDT 866CBDBB muip3E4B3D8E.tmp [2800.6256] ZwOpenKey SSDT 866CBAF5 muip3E4B3D8E.tmp [2800.6256] ZwOpenProcess SSDT 866CBB7D muip3E4B3D8E.tmp [2800.6256] ZwOpenThread SSDT 866CC432 muip3E4B3D8E.tmp [2800.6256] ZwProtectVirtualMemory SSDT 866CC609 muip3E4B3D8E.tmp [2800.6256] ZwQueryDirectoryFile SSDT sphj.sys muip3E4B3D8E.tmp [2800.6256] ZwQueryKey [0xF740220A] SSDT 866CB9A2 muip3E4B3D8E.tmp [2800.6256] ZwQuerySystemInformation SSDT sphj.sys muip3E4B3D8E.tmp [2800.6256] ZwQueryValueKey [0xF740208A] SSDT 866CC346 muip3E4B3D8E.tmp [2800.6256] ZwReadVirtualMemory SSDT 866CBD48 muip3E4B3D8E.tmp [2800.6256] ZwSetContextThread SSDT 866CC0DB muip3E4B3D8E.tmp [2800.6256] ZwSetValueKey SSDT 866C9D8D muip3E4B3D8E.tmp [2800.6256] ZwShutdownSystem SSDT 866CBCD5 muip3E4B3D8E.tmp [2800.6256] ZwSuspendThread SSDT 866CBC62 muip3E4B3D8E.tmp [2800.6256] ZwTerminateThread SSDT 866CC3BC muip3E4B3D8E.tmp [2800.6256] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread muip3E4B3D8E.tmp [2800:5404] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys muip3E4B3D8E.tmp [2800.5404] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED muip3E4B3D8E.tmp [2800.5404] ZwDeleteValueKey SSDT 866CBE85 muip3E4B3D8E.tmp [2800.5404] ZwEnumerateKey SSDT 866CBF9E muip3E4B3D8E.tmp [2800.5404] ZwEnumerateValueKey SSDT 866CBDBB muip3E4B3D8E.tmp [2800.5404] ZwOpenKey SSDT 866CBAF5 muip3E4B3D8E.tmp [2800.5404] ZwOpenProcess SSDT 866CBB7D muip3E4B3D8E.tmp [2800.5404] ZwOpenThread SSDT 866CC432 muip3E4B3D8E.tmp [2800.5404] ZwProtectVirtualMemory SSDT 866CC609 muip3E4B3D8E.tmp [2800.5404] ZwQueryDirectoryFile SSDT sphj.sys muip3E4B3D8E.tmp [2800.5404] ZwQueryKey [0xF740220A] SSDT 866CB9A2 muip3E4B3D8E.tmp [2800.5404] ZwQuerySystemInformation SSDT sphj.sys muip3E4B3D8E.tmp [2800.5404] ZwQueryValueKey [0xF740208A] SSDT 866CC346 muip3E4B3D8E.tmp [2800.5404] ZwReadVirtualMemory SSDT 866CBD48 muip3E4B3D8E.tmp [2800.5404] ZwSetContextThread SSDT 866CC0DB muip3E4B3D8E.tmp [2800.5404] ZwSetValueKey SSDT 866C9D8D muip3E4B3D8E.tmp [2800.5404] ZwShutdownSystem SSDT 866CBCD5 muip3E4B3D8E.tmp [2800.5404] ZwSuspendThread SSDT 866CBC62 muip3E4B3D8E.tmp [2800.5404] ZwTerminateThread SSDT 866CC3BC muip3E4B3D8E.tmp [2800.5404] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread muip3E4B3D8E.tmp [2800:3972] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys muip3E4B3D8E.tmp [2800.3972] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED muip3E4B3D8E.tmp [2800.3972] ZwDeleteValueKey SSDT 866CBE85 muip3E4B3D8E.tmp [2800.3972] ZwEnumerateKey SSDT 866CBF9E muip3E4B3D8E.tmp [2800.3972] ZwEnumerateValueKey SSDT 866CBDBB muip3E4B3D8E.tmp [2800.3972] ZwOpenKey SSDT 866CBAF5 muip3E4B3D8E.tmp [2800.3972] ZwOpenProcess SSDT 866CBB7D muip3E4B3D8E.tmp [2800.3972] ZwOpenThread SSDT 866CC432 muip3E4B3D8E.tmp [2800.3972] ZwProtectVirtualMemory SSDT 866CC609 muip3E4B3D8E.tmp [2800.3972] ZwQueryDirectoryFile SSDT sphj.sys muip3E4B3D8E.tmp [2800.3972] ZwQueryKey [0xF740220A] SSDT 866CB9A2 muip3E4B3D8E.tmp [2800.3972] ZwQuerySystemInformation SSDT sphj.sys muip3E4B3D8E.tmp [2800.3972] ZwQueryValueKey [0xF740208A] SSDT 866CC346 muip3E4B3D8E.tmp [2800.3972] ZwReadVirtualMemory SSDT 866CBD48 muip3E4B3D8E.tmp [2800.3972] ZwSetContextThread SSDT 866CC0DB muip3E4B3D8E.tmp [2800.3972] ZwSetValueKey SSDT 866C9D8D muip3E4B3D8E.tmp [2800.3972] ZwShutdownSystem SSDT 866CBCD5 muip3E4B3D8E.tmp [2800.3972] ZwSuspendThread SSDT 866CBC62 muip3E4B3D8E.tmp [2800.3972] ZwTerminateThread SSDT 866CC3BC muip3E4B3D8E.tmp [2800.3972] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread muip3E4B3D8E.tmp [2800:1056] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys muip3E4B3D8E.tmp [2800.1056] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED muip3E4B3D8E.tmp [2800.1056] ZwDeleteValueKey SSDT 866CBE85 muip3E4B3D8E.tmp [2800.1056] ZwEnumerateKey SSDT 866CBF9E muip3E4B3D8E.tmp [2800.1056] ZwEnumerateValueKey SSDT 866CBDBB muip3E4B3D8E.tmp [2800.1056] ZwOpenKey SSDT 866CBAF5 muip3E4B3D8E.tmp [2800.1056] ZwOpenProcess SSDT 866CBB7D muip3E4B3D8E.tmp [2800.1056] ZwOpenThread SSDT 866CC432 muip3E4B3D8E.tmp [2800.1056] ZwProtectVirtualMemory SSDT 866CC609 muip3E4B3D8E.tmp [2800.1056] ZwQueryDirectoryFile SSDT sphj.sys muip3E4B3D8E.tmp [2800.1056] ZwQueryKey [0xF740220A] SSDT 866CB9A2 muip3E4B3D8E.tmp [2800.1056] ZwQuerySystemInformation SSDT sphj.sys muip3E4B3D8E.tmp [2800.1056] ZwQueryValueKey [0xF740208A] SSDT 866CC346 muip3E4B3D8E.tmp [2800.1056] ZwReadVirtualMemory SSDT 866CBD48 muip3E4B3D8E.tmp [2800.1056] ZwSetContextThread SSDT 866CC0DB muip3E4B3D8E.tmp [2800.1056] ZwSetValueKey SSDT 866C9D8D muip3E4B3D8E.tmp [2800.1056] ZwShutdownSystem SSDT 866CBCD5 muip3E4B3D8E.tmp [2800.1056] ZwSuspendThread SSDT 866CBC62 muip3E4B3D8E.tmp [2800.1056] ZwTerminateThread SSDT 866CC3BC muip3E4B3D8E.tmp [2800.1056] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread muip3E4B3D8E.tmp [2800:6760] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys muip3E4B3D8E.tmp [2800.6760] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED muip3E4B3D8E.tmp [2800.6760] ZwDeleteValueKey SSDT 866CBE85 muip3E4B3D8E.tmp [2800.6760] ZwEnumerateKey SSDT 866CBF9E muip3E4B3D8E.tmp [2800.6760] ZwEnumerateValueKey SSDT 866CBDBB muip3E4B3D8E.tmp [2800.6760] ZwOpenKey SSDT 866CBAF5 muip3E4B3D8E.tmp [2800.6760] ZwOpenProcess SSDT 866CBB7D muip3E4B3D8E.tmp [2800.6760] ZwOpenThread SSDT 866CC432 muip3E4B3D8E.tmp [2800.6760] ZwProtectVirtualMemory SSDT 866CC609 muip3E4B3D8E.tmp [2800.6760] ZwQueryDirectoryFile SSDT sphj.sys muip3E4B3D8E.tmp [2800.6760] ZwQueryKey [0xF740220A] SSDT 866CB9A2 muip3E4B3D8E.tmp [2800.6760] ZwQuerySystemInformation SSDT sphj.sys muip3E4B3D8E.tmp [2800.6760] ZwQueryValueKey [0xF740208A] SSDT 866CC346 muip3E4B3D8E.tmp [2800.6760] ZwReadVirtualMemory SSDT 866CBD48 muip3E4B3D8E.tmp [2800.6760] ZwSetContextThread SSDT 866CC0DB muip3E4B3D8E.tmp [2800.6760] ZwSetValueKey SSDT 866C9D8D muip3E4B3D8E.tmp [2800.6760] ZwShutdownSystem SSDT 866CBCD5 muip3E4B3D8E.tmp [2800.6760] ZwSuspendThread SSDT 866CBC62 muip3E4B3D8E.tmp [2800.6760] ZwTerminateThread SSDT 866CC3BC muip3E4B3D8E.tmp [2800.6760] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread eqzbee3CA59BB5.tmp [2936:2940] SSDT 0x8649C6F0 != 0x80501BBC SSDT sphj.sys eqzbee3CA59BB5.tmp [2936.2940] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED eqzbee3CA59BB5.tmp [2936.2940] ZwDeleteValueKey SSDT 866CBE85 eqzbee3CA59BB5.tmp [2936.2940] ZwEnumerateKey SSDT 866CBF9E eqzbee3CA59BB5.tmp [2936.2940] ZwEnumerateValueKey SSDT 866CBDBB eqzbee3CA59BB5.tmp [2936.2940] ZwOpenKey SSDT 866CBAF5 eqzbee3CA59BB5.tmp [2936.2940] ZwOpenProcess SSDT 866CBB7D eqzbee3CA59BB5.tmp [2936.2940] ZwOpenThread SSDT 866CC432 eqzbee3CA59BB5.tmp [2936.2940] ZwProtectVirtualMemory SSDT 866CC609 eqzbee3CA59BB5.tmp [2936.2940] ZwQueryDirectoryFile SSDT sphj.sys eqzbee3CA59BB5.tmp [2936.2940] ZwQueryKey [0xF740220A] SSDT 866CB9A2 eqzbee3CA59BB5.tmp [2936.2940] ZwQuerySystemInformation SSDT sphj.sys eqzbee3CA59BB5.tmp [2936.2940] ZwQueryValueKey [0xF740208A] SSDT 866CC346 eqzbee3CA59BB5.tmp [2936.2940] ZwReadVirtualMemory SSDT 866CBD48 eqzbee3CA59BB5.tmp [2936.2940] ZwSetContextThread SSDT 866CC0DB eqzbee3CA59BB5.tmp [2936.2940] ZwSetValueKey SSDT 866C9D8D eqzbee3CA59BB5.tmp [2936.2940] ZwShutdownSystem SSDT 866CBCD5 eqzbee3CA59BB5.tmp [2936.2940] ZwSuspendThread SSDT 866CBC62 eqzbee3CA59BB5.tmp [2936.2940] ZwTerminateThread SSDT 866CC3BC eqzbee3CA59BB5.tmp [2936.2940] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread eqzbee3CA59BB5.tmp [2936:2944] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys eqzbee3CA59BB5.tmp [2936.2944] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED eqzbee3CA59BB5.tmp [2936.2944] ZwDeleteValueKey SSDT 866CBE85 eqzbee3CA59BB5.tmp [2936.2944] ZwEnumerateKey SSDT 866CBF9E eqzbee3CA59BB5.tmp [2936.2944] ZwEnumerateValueKey SSDT 866CBDBB eqzbee3CA59BB5.tmp [2936.2944] ZwOpenKey SSDT 866CBAF5 eqzbee3CA59BB5.tmp [2936.2944] ZwOpenProcess SSDT 866CBB7D eqzbee3CA59BB5.tmp [2936.2944] ZwOpenThread SSDT 866CC432 eqzbee3CA59BB5.tmp [2936.2944] ZwProtectVirtualMemory SSDT 866CC609 eqzbee3CA59BB5.tmp [2936.2944] ZwQueryDirectoryFile SSDT sphj.sys eqzbee3CA59BB5.tmp [2936.2944] ZwQueryKey [0xF740220A] SSDT 866CB9A2 eqzbee3CA59BB5.tmp [2936.2944] ZwQuerySystemInformation SSDT sphj.sys eqzbee3CA59BB5.tmp [2936.2944] ZwQueryValueKey [0xF740208A] SSDT 866CC346 eqzbee3CA59BB5.tmp [2936.2944] ZwReadVirtualMemory SSDT 866CBD48 eqzbee3CA59BB5.tmp [2936.2944] ZwSetContextThread SSDT 866CC0DB eqzbee3CA59BB5.tmp [2936.2944] ZwSetValueKey SSDT 866C9D8D eqzbee3CA59BB5.tmp [2936.2944] ZwShutdownSystem SSDT 866CBCD5 eqzbee3CA59BB5.tmp [2936.2944] ZwSuspendThread SSDT 866CBC62 eqzbee3CA59BB5.tmp [2936.2944] ZwTerminateThread SSDT 866CC3BC eqzbee3CA59BB5.tmp [2936.2944] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread eqzbee3CA59BB5.tmp [2936:2948] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys eqzbee3CA59BB5.tmp [2936.2948] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED eqzbee3CA59BB5.tmp [2936.2948] ZwDeleteValueKey SSDT 866CBE85 eqzbee3CA59BB5.tmp [2936.2948] ZwEnumerateKey SSDT 866CBF9E eqzbee3CA59BB5.tmp [2936.2948] ZwEnumerateValueKey SSDT 866CBDBB eqzbee3CA59BB5.tmp [2936.2948] ZwOpenKey SSDT 866CBAF5 eqzbee3CA59BB5.tmp [2936.2948] ZwOpenProcess SSDT 866CBB7D eqzbee3CA59BB5.tmp [2936.2948] ZwOpenThread SSDT 866CC432 eqzbee3CA59BB5.tmp [2936.2948] ZwProtectVirtualMemory SSDT 866CC609 eqzbee3CA59BB5.tmp [2936.2948] ZwQueryDirectoryFile SSDT sphj.sys eqzbee3CA59BB5.tmp [2936.2948] ZwQueryKey [0xF740220A] SSDT 866CB9A2 eqzbee3CA59BB5.tmp [2936.2948] ZwQuerySystemInformation SSDT sphj.sys eqzbee3CA59BB5.tmp [2936.2948] ZwQueryValueKey [0xF740208A] SSDT 866CC346 eqzbee3CA59BB5.tmp [2936.2948] ZwReadVirtualMemory SSDT 866CBD48 eqzbee3CA59BB5.tmp [2936.2948] ZwSetContextThread SSDT 866CC0DB eqzbee3CA59BB5.tmp [2936.2948] ZwSetValueKey SSDT 866C9D8D eqzbee3CA59BB5.tmp [2936.2948] ZwShutdownSystem SSDT 866CBCD5 eqzbee3CA59BB5.tmp [2936.2948] ZwSuspendThread SSDT 866CBC62 eqzbee3CA59BB5.tmp [2936.2948] ZwTerminateThread SSDT 866CC3BC eqzbee3CA59BB5.tmp [2936.2948] ZwWriteVirtualMemory ---- Threads - GMER 1.0.15 ---- Thread eqzbee3CA59BB5.tmp [2936:2952] SSDT 0x862A6B90 != 0x80501BBC SSDT sphj.sys eqzbee3CA59BB5.tmp [2936.2952] ZwCreateKey [0xF73E90E0] SSDT 866CC1ED eqzbee3CA59BB5.tmp [2936.2952] ZwDeleteValueKey SSDT 866CBE85 eqzbee3CA59BB5.tmp [2936.2952] ZwEnumerateKey SSDT 866CBF9E eqzbee3CA59BB5.tmp [2936.2952] ZwEnumerateValueKey SSDT 866CBDBB eqzbee3CA59BB5.tmp [2936.2952] ZwOpenKey SSDT 866CBAF5 eqzbee3CA59BB5.tmp [2936.2952] ZwOpenProcess SSDT 866CBB7D eqzbee3CA59BB5.tmp [2936.2952] ZwOpenThread SSDT 866CC432 eqzbee3CA59BB5.tmp [2936.2952] ZwProtectVirtualMemory SSDT 866CC609 eqzbee3CA59BB5.tmp [2936.2952] ZwQueryDirectoryFile SSDT sphj.sys eqzbee3CA59BB5.tmp [2936.2952] ZwQueryKey [0xF740220A] SSDT 866CB9A2 eqzbee3CA59BB5.tmp [2936.2952] ZwQuerySystemInformation SSDT sphj.sys eqzbee3CA59BB5.tmp [2936.2952] ZwQueryValueKey [0xF740208A] SSDT 866CC346 eqzbee3CA59BB5.tmp [2936.2952] ZwReadVirtualMemory SSDT 866CBD48 eqzbee3CA59BB5.tmp [2936.2952] ZwSetContextThread SSDT 866CC0DB eqzbee3CA59BB5.tmp [2936.2952] ZwSetValueKey SSDT 866C9D8D eqzbee3CA59BB5.tmp [2936.2952] ZwShutdownSystem SSDT 866CBCD5 eqzbee3CA59BB5.tmp [2936.2952] ZwSuspendThread SSDT 866CBC62 eqzbee3CA59BB5.tmp [2936.2952] ZwTerminateThread SSDT 866CC3BC eqzbee3CA59BB5.tmp [2936.2952] ZwWriteVirtualMemory ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\qyykqd.sys (*** hidden *** ) [BOOT] fcqpqmiarvyyj <-- ROOTKIT !!! Service (*** hidden *** ) [BOOT] wojqnp <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\fcqpqmiarvyyj Reg HKLM\SYSTEM\CurrentControlSet\Services\fcqpqmiarvyyj@ImagePath system32\drivers\qyykqd.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\fcqpqmiarvyyj@DisplayName fcqpqmiarvyyj Reg HKLM\SYSTEM\CurrentControlSet\Services\fcqpqmiarvyyj@Group Boot Bus Extender Reg HKLM\SYSTEM\CurrentControlSet\Services\fcqpqmiarvyyj@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\fcqpqmiarvyyj@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\fcqpqmiarvyyj@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\fcqpqmiarvyyj@_MAIN \??\C:\WINDOWS\system32\MAI1.tmp Reg HKLM\SYSTEM\CurrentControlSet\Services\fcqpqmiarvyyj@RulesData 0x03 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\fcqpqmiarvyyj@krnl_sleepfreq 0x08 0x07 0x00 0x00 Reg HKLM\SYSTEM\CurrentControlSet\Services\fcqpqmiarvyyj@krnl_servers_list 0x68 0x74 0x74 0x70 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2A 0xDE 0x6F 0x25 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\wojqnp@ghivmo 425263655 Reg HKLM\SYSTEM\CurrentControlSet\Services\wojqnp@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\wojqnp@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\wojqnp@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\wojqnp@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2A 0xDE 0x6F 0x25 ... Reg HKLM\SYSTEM\ControlSet003\Services\wojqnp@ghivmo 425263655 Reg HKLM\SYSTEM\ControlSet003\Services\wojqnp@Type 1 Reg HKLM\SYSTEM\ControlSet003\Services\wojqnp@Start 0 Reg HKLM\SYSTEM\ControlSet003\Services\wojqnp@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\wojqnp@Group Boot Bus Extender ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\drivers\str.sys 184887 bytes File C:\WINDOWS\system32\drivers\qyykqd.sys 52096 bytes <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ----