GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-19 15:01:53 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596,17GB Running: jzybqlr4.exe; Driver: C:\Users\Iras\AppData\Local\Temp\pxldrpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 5 bytes JMP 00000001771300a0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 5 bytes JMP 0000000177130018 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077191710 5 bytes JMP 00000001771303d0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077191790 5 bytes JMP 00000001771301b0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077191830 5 bytes JMP 0000000177130128 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077191ce0 5 bytes JMP 0000000177130238 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077191d70 5 bytes JMP 00000001771302c0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077191de0 5 bytes JMP 0000000177130348 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771922a0 5 bytes JMP 0000000177130458 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771922f0 5 bytes JMP 00000001771304e0 .text C:\Windows\system32\taskhost.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 5 bytes JMP 00000001771300a0 .text C:\Windows\system32\taskhost.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 5 bytes JMP 0000000177130018 .text C:\Windows\system32\taskhost.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077191710 5 bytes JMP 00000001771303d0 .text C:\Windows\system32\taskhost.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077191790 5 bytes JMP 00000001771301b0 .text C:\Windows\system32\taskhost.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077191830 5 bytes JMP 0000000177130128 .text C:\Windows\system32\taskhost.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077191ce0 5 bytes JMP 0000000177130238 .text C:\Windows\system32\taskhost.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077191d70 5 bytes JMP 00000001771302c0 .text C:\Windows\system32\taskhost.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077191de0 5 bytes JMP 0000000177130348 .text C:\Windows\system32\taskhost.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771922a0 5 bytes JMP 0000000177130458 .text C:\Windows\system32\taskhost.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771922f0 5 bytes JMP 00000001771304e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007733fc30 5 bytes JMP 000000016f3322f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007733fdf4 5 bytes JMP 000000016f332180 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007733fe88 5 bytes JMP 000000016f3325b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007733ff54 5 bytes JMP 000000016f332590 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077340048 5 bytes JMP 000000016f3324b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007734077c 5 bytes JMP 000000016f3325d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077340854 5 bytes JMP 000000016f332610 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000773408fc 5 bytes JMP 000000016f332650 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077341058 5 bytes JMP 000000016f3325f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000773410d0 5 bytes JMP 000000016f332630 .text C:\Windows\SysWOW64\ACEngSvr.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 5 bytes JMP 00000001771300a0 .text C:\Windows\SysWOW64\ACEngSvr.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 5 bytes JMP 0000000177130018 .text C:\Windows\SysWOW64\ACEngSvr.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077191710 5 bytes JMP 00000001771303d0 .text C:\Windows\SysWOW64\ACEngSvr.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077191790 5 bytes JMP 00000001771301b0 .text C:\Windows\SysWOW64\ACEngSvr.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077191830 5 bytes JMP 0000000177130128 .text C:\Windows\SysWOW64\ACEngSvr.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077191ce0 5 bytes JMP 0000000177130238 .text C:\Windows\SysWOW64\ACEngSvr.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077191d70 5 bytes JMP 00000001771302c0 .text C:\Windows\SysWOW64\ACEngSvr.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077191de0 5 bytes JMP 0000000177130348 .text C:\Windows\SysWOW64\ACEngSvr.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771922a0 5 bytes JMP 0000000177130458 .text C:\Windows\SysWOW64\ACEngSvr.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771922f0 5 bytes JMP 00000001771304e0 .text C:\Windows\system32\Dwm.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 5 bytes JMP 00000001771300a0 .text C:\Windows\system32\Dwm.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 5 bytes JMP 0000000177130018 .text C:\Windows\system32\Dwm.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077191710 5 bytes JMP 00000001771303d0 .text C:\Windows\system32\Dwm.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077191790 5 bytes JMP 00000001771301b0 .text C:\Windows\system32\Dwm.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077191830 5 bytes JMP 0000000177130128 .text C:\Windows\system32\Dwm.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077191ce0 5 bytes JMP 0000000177130238 .text C:\Windows\system32\Dwm.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077191d70 5 bytes JMP 00000001771302c0 .text C:\Windows\system32\Dwm.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077191de0 5 bytes JMP 0000000177130348 .text C:\Windows\system32\Dwm.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771922a0 5 bytes JMP 0000000177130458 .text C:\Windows\system32\Dwm.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771922f0 5 bytes JMP 00000001771304e0 .text C:\Windows\Explorer.EXE[5236] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 5 bytes JMP 00000001771300a0 .text C:\Windows\Explorer.EXE[5236] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 5 bytes JMP 0000000177130018 .text C:\Windows\Explorer.EXE[5236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077191710 5 bytes JMP 00000001771303d0 .text C:\Windows\Explorer.EXE[5236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077191790 5 bytes JMP 00000001771301b0 .text C:\Windows\Explorer.EXE[5236] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077191830 5 bytes JMP 0000000177130128 .text C:\Windows\Explorer.EXE[5236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077191ce0 5 bytes JMP 0000000177130238 .text C:\Windows\Explorer.EXE[5236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077191d70 5 bytes JMP 00000001771302c0 .text C:\Windows\Explorer.EXE[5236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077191de0 5 bytes JMP 0000000177130348 .text C:\Windows\Explorer.EXE[5236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771922a0 5 bytes JMP 0000000177130458 .text C:\Windows\Explorer.EXE[5236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771922f0 5 bytes JMP 00000001771304e0 .text C:\ProgramData\DatacardService\DCSHelper.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007733fc30 5 bytes JMP 000000016f3322f0 .text C:\ProgramData\DatacardService\DCSHelper.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007733fdf4 5 bytes JMP 000000016f332180 .text C:\ProgramData\DatacardService\DCSHelper.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007733fe88 5 bytes JMP 000000016f3325b0 .text C:\ProgramData\DatacardService\DCSHelper.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007733ff54 5 bytes JMP 000000016f332590 .text C:\ProgramData\DatacardService\DCSHelper.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077340048 5 bytes JMP 000000016f3324b0 .text C:\ProgramData\DatacardService\DCSHelper.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007734077c 5 bytes JMP 000000016f3325d0 .text C:\ProgramData\DatacardService\DCSHelper.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077340854 5 bytes JMP 000000016f332610 .text C:\ProgramData\DatacardService\DCSHelper.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000773408fc 5 bytes JMP 000000016f332650 .text C:\ProgramData\DatacardService\DCSHelper.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077341058 5 bytes JMP 000000016f3325f0 .text C:\ProgramData\DatacardService\DCSHelper.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000773410d0 5 bytes JMP 000000016f332630 .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 5 bytes JMP 00000001771300a0 .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 5 bytes JMP 0000000177130018 .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077191710 5 bytes JMP 00000001771303d0 .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077191790 5 bytes JMP 00000001771301b0 .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077191830 5 bytes JMP 0000000177130128 .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077191ce0 5 bytes JMP 0000000177130238 .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077191d70 5 bytes JMP 00000001771302c0 .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077191de0 5 bytes JMP 0000000177130348 .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771922a0 5 bytes JMP 0000000177130458 .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771922f0 5 bytes JMP 00000001771304e0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007733fc30 5 bytes JMP 000000016f3322f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007733fdf4 5 bytes JMP 000000016f332180 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007733fe88 5 bytes JMP 000000016f3325b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007733ff54 5 bytes JMP 000000016f332590 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077340048 5 bytes JMP 000000016f3324b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007734077c 5 bytes JMP 000000016f3325d0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077340854 5 bytes JMP 000000016f332610 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000773408fc 5 bytes JMP 000000016f332650 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077341058 5 bytes JMP 000000016f3325f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000773410d0 5 bytes JMP 000000016f332630 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5628] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007733fc30 5 bytes JMP 000000016f3322f0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5628] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007733fdf4 5 bytes JMP 000000016f332180 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5628] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007733fe88 5 bytes JMP 000000016f3325b0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5628] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007733ff54 5 bytes JMP 000000016f332590 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5628] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077340048 5 bytes JMP 000000016f3324b0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5628] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007734077c 5 bytes JMP 000000016f3325d0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5628] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077340854 5 bytes JMP 000000016f332610 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5628] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000773408fc 5 bytes JMP 000000016f332650 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5628] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077341058 5 bytes JMP 000000016f3325f0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5628] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000773410d0 5 bytes JMP 000000016f332630 .text C:\Windows\system32\SearchIndexer.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 5 bytes JMP 00000001771300a0 .text C:\Windows\system32\SearchIndexer.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 5 bytes JMP 0000000177130018 .text C:\Windows\system32\SearchIndexer.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077191710 5 bytes JMP 00000001771303d0 .text C:\Windows\system32\SearchIndexer.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077191790 5 bytes JMP 00000001771301b0 .text C:\Windows\system32\SearchIndexer.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077191830 5 bytes JMP 0000000177130128 .text C:\Windows\system32\SearchIndexer.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077191ce0 5 bytes JMP 0000000177130238 .text C:\Windows\system32\SearchIndexer.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077191d70 5 bytes JMP 00000001771302c0 .text C:\Windows\system32\SearchIndexer.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077191de0 5 bytes JMP 0000000177130348 .text C:\Windows\system32\SearchIndexer.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771922a0 5 bytes JMP 0000000177130458 .text C:\Windows\system32\SearchIndexer.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771922f0 5 bytes JMP 00000001771304e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 5 bytes JMP 00000001771300a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 5 bytes JMP 0000000177130018 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077191710 5 bytes JMP 00000001771303d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077191790 5 bytes JMP 00000001771301b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077191830 5 bytes JMP 0000000177130128 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077191ce0 5 bytes JMP 0000000177130238 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077191d70 5 bytes JMP 00000001771302c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077191de0 5 bytes JMP 0000000177130348 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771922a0 5 bytes JMP 0000000177130458 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771922f0 5 bytes JMP 00000001771304e0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6196] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007733fc30 5 bytes JMP 000000016f3322f0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6196] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007733fdf4 5 bytes JMP 000000016f332180 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6196] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007733fe88 5 bytes JMP 000000016f3325b0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6196] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007733ff54 5 bytes JMP 000000016f332590 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6196] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077340048 5 bytes JMP 000000016f3324b0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6196] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007734077c 5 bytes JMP 000000016f3325d0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6196] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077340854 5 bytes JMP 000000016f332610 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6196] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000773408fc 5 bytes JMP 000000016f332650 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6196] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077341058 5 bytes JMP 000000016f3325f0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6196] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000773410d0 5 bytes JMP 000000016f332630 .text C:\Program Files (x86)\AVG\Av\avgui.exe[6204] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007733fc30 5 bytes JMP 000000016f3322f0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[6204] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007733fdf4 5 bytes JMP 000000016f332180 .text C:\Program Files (x86)\AVG\Av\avgui.exe[6204] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007733fe88 5 bytes JMP 000000016f3325b0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[6204] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007733ff54 5 bytes JMP 000000016f332590 .text C:\Program Files (x86)\AVG\Av\avgui.exe[6204] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077340048 5 bytes JMP 000000016f3324b0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[6204] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007734077c 5 bytes JMP 000000016f3325d0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[6204] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077340854 5 bytes JMP 000000016f332610 .text C:\Program Files (x86)\AVG\Av\avgui.exe[6204] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000773408fc 5 bytes JMP 000000016f332650 .text C:\Program Files (x86)\AVG\Av\avgui.exe[6204] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077341058 5 bytes JMP 000000016f3325f0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[6204] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000773410d0 5 bytes JMP 000000016f332630 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007733fc30 5 bytes JMP 000000016f3322f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007733fdf4 5 bytes JMP 000000016f332180 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007733fe88 5 bytes JMP 000000016f3325b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007733ff54 5 bytes JMP 000000016f332590 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077340048 5 bytes JMP 000000016f3324b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007734077c 5 bytes JMP 000000016f3325d0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077340854 5 bytes JMP 000000016f332610 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000773408fc 5 bytes JMP 000000016f332650 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077341058 5 bytes JMP 000000016f3325f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000773410d0 5 bytes JMP 000000016f332630 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes JMP 49484746 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes JMP 12520000 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007466146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7624] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074661a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes {JMP QWORD [RIP-0x4f7ee]} .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes {JMP QWORD [RIP-0x4f7f1]} .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes {JMP QWORD [RIP-0x50157]} .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes {JMP QWORD [RIP-0x4fd98]} .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes {JMP QWORD [RIP-0x501d2]} .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes {JMP QWORD [RIP-0x4f5e6]} .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes {JMP QWORD [RIP-0x50021]} .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes {JMP QWORD [RIP-0x50967]} .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007466146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074661a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007733fc30 5 bytes JMP 000000016f3322f0 .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007733fdf4 5 bytes JMP 000000016f332180 .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007733fe88 5 bytes JMP 000000016f3325b0 .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007733ff54 5 bytes JMP 000000016f332590 .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077340048 5 bytes JMP 000000016f3324b0 .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007734077c 5 bytes JMP 000000016f3325d0 .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077340854 5 bytes JMP 000000016f332610 .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000773408fc 5 bytes JMP 000000016f332650 .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077341058 5 bytes JMP 000000016f3325f0 .text C:\Users\Iras\AppData\Roaming\BitTorrent\BitTorrent.exe[7408] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000773410d0 5 bytes JMP 000000016f332630 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[8032] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007733fc30 5 bytes JMP 000000016f3322f0 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[8032] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007733fdf4 5 bytes JMP 000000016f332180 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[8032] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007733fe88 5 bytes JMP 000000016f3325b0 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[8032] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007733ff54 5 bytes JMP 000000016f332590 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[8032] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077340048 5 bytes JMP 000000016f3324b0 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[8032] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007734077c 5 bytes JMP 000000016f3325d0 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[8032] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077340854 5 bytes JMP 000000016f332610 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[8032] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000773408fc 5 bytes JMP 000000016f332650 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[8032] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077341058 5 bytes JMP 000000016f3325f0 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[8032] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000773410d0 5 bytes JMP 000000016f332630 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[7688] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007733fc30 5 bytes JMP 000000016f3322f0 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[7688] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007733fdf4 5 bytes JMP 000000016f332180 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[7688] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007733fe88 5 bytes JMP 000000016f3325b0 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[7688] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007733ff54 5 bytes JMP 000000016f332590 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[7688] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077340048 5 bytes JMP 000000016f3324b0 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[7688] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007734077c 5 bytes JMP 000000016f3325d0 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[7688] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077340854 5 bytes JMP 000000016f332610 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[7688] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000773408fc 5 bytes JMP 000000016f332650 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[7688] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077341058 5 bytes JMP 000000016f3325f0 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[7688] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000773410d0 5 bytes JMP 000000016f332630 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes JMP 49484746 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes JMP 12520000 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007466146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074661a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 5 bytes JMP 00000001771300a0 .text C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 5 bytes JMP 0000000177130018 .text C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077191710 5 bytes JMP 00000001771303d0 .text C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077191790 5 bytes JMP 00000001771301b0 .text C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077191830 5 bytes JMP 0000000177130128 .text C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077191ce0 5 bytes JMP 0000000177130238 .text C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077191d70 5 bytes JMP 00000001771302c0 .text C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077191de0 5 bytes JMP 0000000177130348 .text C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771922a0 5 bytes JMP 0000000177130458 .text C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771922f0 5 bytes JMP 00000001771304e0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes {JMP QWORD [RIP-0x4f7ee]} .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes {JMP QWORD [RIP-0x4f7f1]} .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes {JMP QWORD [RIP-0x50157]} .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes {JMP QWORD [RIP-0x4fd98]} .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes {JMP QWORD [RIP-0x501d2]} .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes {JMP QWORD [RIP-0x4f5e6]} .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes {JMP QWORD [RIP-0x50021]} .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes {JMP QWORD [RIP-0x50967]} .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007466146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074661a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007733fc30 5 bytes JMP 000000016f3322f0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007733fdf4 5 bytes JMP 000000016f332180 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007733fe88 5 bytes JMP 000000016f3325b0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007733ff54 5 bytes JMP 000000016f332590 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077340048 5 bytes JMP 000000016f3324b0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007734077c 5 bytes JMP 000000016f3325d0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077340854 5 bytes JMP 000000016f332610 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000773408fc 5 bytes JMP 000000016f332650 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077341058 5 bytes JMP 000000016f3325f0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[9412] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000773410d0 5 bytes JMP 000000016f332630 .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007733fc30 5 bytes JMP 000000016f3322f0 .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007733fdf4 5 bytes JMP 000000016f332180 .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007733fe88 5 bytes JMP 000000016f3325b0 .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007733ff54 5 bytes JMP 000000016f332590 .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077340048 5 bytes JMP 000000016f3324b0 .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007734077c 5 bytes JMP 000000016f3325d0 .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077340854 5 bytes JMP 000000016f332610 .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000773408fc 5 bytes JMP 000000016f332650 .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077341058 5 bytes JMP 000000016f3325f0 .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000773410d0 5 bytes JMP 000000016f332630 .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes JMP 0 .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes JMP 49484746 .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes JMP 12520000 .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes JMP 0 .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes JMP 0 .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007466146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074661a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6664] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6664] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6664] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6664] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6664] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6664] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6664] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6664] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6664] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6664] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6664] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes JMP 0 .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes JMP 49484746 .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes JMP 12520000 .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6664] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes JMP 0 .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[6664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes JMP 0 .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes {JMP QWORD [RIP-0x4f7ee]} .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes {JMP QWORD [RIP-0x4f7f1]} .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes {JMP QWORD [RIP-0x50157]} .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes {JMP QWORD [RIP-0x4fd98]} .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes {JMP QWORD [RIP-0x501d2]} .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes {JMP QWORD [RIP-0x4f5e6]} .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes {JMP QWORD [RIP-0x50021]} .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes {JMP QWORD [RIP-0x50967]} .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007466146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[7664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074661a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes {JMP QWORD [RIP-0x50157]} .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes JMP 49484746 .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes {JMP QWORD [RIP-0x501d2]} .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes {JMP QWORD [RIP-0x50021]} .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes {JMP QWORD [RIP-0x50967]} .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007466146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[5428] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074661a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes {JMP QWORD [RIP-0x50157]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes JMP 49484746 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes {JMP QWORD [RIP-0x501d2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes {JMP QWORD [RIP-0x50021]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes {JMP QWORD [RIP-0x50967]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007466146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11176] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074661a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes {JMP QWORD [RIP-0x50157]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes JMP 49484746 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes {JMP QWORD [RIP-0x501d2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes {JMP QWORD [RIP-0x50021]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes {JMP QWORD [RIP-0x50967]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007466146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7072] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074661a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes JMP 49484746 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes JMP 12520000 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007466146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10432] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074661a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\system32\UI0Detect.exe[10580] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 5 bytes JMP 00000001771300a0 .text C:\Windows\system32\UI0Detect.exe[10580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 5 bytes JMP 0000000177130018 .text C:\Windows\system32\UI0Detect.exe[10580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077191710 5 bytes JMP 00000001771303d0 .text C:\Windows\system32\UI0Detect.exe[10580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077191790 5 bytes JMP 00000001771301b0 .text C:\Windows\system32\UI0Detect.exe[10580] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077191830 5 bytes JMP 0000000177130128 .text C:\Windows\system32\UI0Detect.exe[10580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077191ce0 5 bytes JMP 0000000177130238 .text C:\Windows\system32\UI0Detect.exe[10580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077191d70 5 bytes JMP 00000001771302c0 .text C:\Windows\system32\UI0Detect.exe[10580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077191de0 5 bytes JMP 0000000177130348 .text C:\Windows\system32\UI0Detect.exe[10580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771922a0 5 bytes JMP 0000000177130458 .text C:\Windows\system32\UI0Detect.exe[10580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771922f0 5 bytes JMP 00000001771304e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes {JMP QWORD [RIP-0x50157]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes JMP 49484746 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes {JMP QWORD [RIP-0x501d2]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes {JMP QWORD [RIP-0x50021]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes {JMP QWORD [RIP-0x50967]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007466146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074661a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\system32\svchost.exe[11192] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 5 bytes JMP 00000001771300a0 .text C:\Windows\system32\svchost.exe[11192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 5 bytes JMP 0000000177130018 .text C:\Windows\system32\svchost.exe[11192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077191710 5 bytes JMP 00000001771303d0 .text C:\Windows\system32\svchost.exe[11192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077191790 5 bytes JMP 00000001771301b0 .text C:\Windows\system32\svchost.exe[11192] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077191830 5 bytes JMP 0000000177130128 .text C:\Windows\system32\svchost.exe[11192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077191ce0 5 bytes JMP 0000000177130238 .text C:\Windows\system32\svchost.exe[11192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077191d70 5 bytes JMP 00000001771302c0 .text C:\Windows\system32\svchost.exe[11192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077191de0 5 bytes JMP 0000000177130348 .text C:\Windows\system32\svchost.exe[11192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771922a0 5 bytes JMP 0000000177130458 .text C:\Windows\system32\svchost.exe[11192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771922f0 5 bytes JMP 00000001771304e0 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes {JMP QWORD [RIP-0x4f7ee]} .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes {JMP QWORD [RIP-0x4f7f1]} .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes {JMP QWORD [RIP-0x50157]} .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes {JMP QWORD [RIP-0x4fd98]} .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes {JMP QWORD [RIP-0x501d2]} .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes {JMP QWORD [RIP-0x4f5e6]} .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes {JMP QWORD [RIP-0x50021]} .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes {JMP QWORD [RIP-0x50967]} .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007466146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074661a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007733fc30 5 bytes JMP 000000016f3322f0 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007733fdf4 5 bytes JMP 000000016f332180 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007733fe88 5 bytes JMP 000000016f3325b0 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007733ff54 5 bytes JMP 000000016f332590 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077340048 5 bytes JMP 000000016f3324b0 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007734077c 5 bytes JMP 000000016f3325d0 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077340854 5 bytes JMP 000000016f332610 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000773408fc 5 bytes JMP 000000016f332650 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077341058 5 bytes JMP 000000016f3325f0 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000773410d0 5 bytes JMP 000000016f332630 .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075291465 2 bytes [29, 75] .text C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe[9240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752914bb 2 bytes [29, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes JMP 49484746 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes JMP 12520000 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007466146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3812] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074661a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes JMP 49484746 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes JMP 12520000 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007466146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074661a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes {JMP QWORD [RIP-0x4f7ee]} .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes {JMP QWORD [RIP-0x4f7f1]} .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes {JMP QWORD [RIP-0x50157]} .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes {JMP QWORD [RIP-0x4fd98]} .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes {JMP QWORD [RIP-0x501d2]} .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes {JMP QWORD [RIP-0x4f5e6]} .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes {JMP QWORD [RIP-0x50021]} .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes {JMP QWORD [RIP-0x50967]} .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007466146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074661a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007733fc30 5 bytes JMP 000000016f3322f0 .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007733fdf4 5 bytes JMP 000000016f332180 .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007733fe88 5 bytes JMP 000000016f3325b0 .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007733ff54 5 bytes JMP 000000016f332590 .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077340048 5 bytes JMP 000000016f3324b0 .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007734077c 5 bytes JMP 000000016f3325d0 .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077340854 5 bytes JMP 000000016f332610 .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000773408fc 5 bytes JMP 000000016f332650 .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077341058 5 bytes JMP 000000016f3325f0 .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000773410d0 5 bytes JMP 000000016f332630 .text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[7404] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075488799 5 bytes JMP 00000001532c5629 .text C:\Windows\splwow64.exe[12012] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 5 bytes JMP 00000001771300a0 .text C:\Windows\splwow64.exe[12012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 5 bytes JMP 0000000177130018 .text C:\Windows\splwow64.exe[12012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077191710 5 bytes JMP 00000001771303d0 .text C:\Windows\splwow64.exe[12012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077191790 5 bytes JMP 00000001771301b0 .text C:\Windows\splwow64.exe[12012] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077191830 5 bytes JMP 0000000177130128 .text C:\Windows\splwow64.exe[12012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077191ce0 5 bytes JMP 0000000177130238 .text C:\Windows\splwow64.exe[12012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077191d70 5 bytes JMP 00000001771302c0 .text C:\Windows\splwow64.exe[12012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077191de0 5 bytes JMP 0000000177130348 .text C:\Windows\splwow64.exe[12012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771922a0 5 bytes JMP 0000000177130458 .text C:\Windows\splwow64.exe[12012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771922f0 5 bytes JMP 00000001771304e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes JMP 49484746 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes JMP 12520000 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007466146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074661a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes JMP 0 .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes JMP 49484746 .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes JMP 12520000 .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes JMP 0 .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes JMP 0 .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007466146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe[2596] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074661a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes JMP 49484746 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes JMP 12520000 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007466146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074661a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes JMP 49484746 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes JMP 12520000 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007466146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074661a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\system32\notepad.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 5 bytes JMP 00000001771300a0 .text C:\Windows\system32\notepad.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 5 bytes JMP 0000000177130018 .text C:\Windows\system32\notepad.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077191710 5 bytes JMP 00000001771303d0 .text C:\Windows\system32\notepad.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077191790 5 bytes JMP 00000001771301b0 .text C:\Windows\system32\notepad.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077191830 5 bytes JMP 0000000177130128 .text C:\Windows\system32\notepad.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077191ce0 5 bytes JMP 0000000177130238 .text C:\Windows\system32\notepad.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077191d70 5 bytes JMP 00000001771302c0 .text C:\Windows\system32\notepad.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077191de0 5 bytes JMP 0000000177130348 .text C:\Windows\system32\notepad.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771922a0 5 bytes JMP 0000000177130458 .text C:\Windows\system32\notepad.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771922f0 5 bytes JMP 00000001771304e0 .text C:\Windows\system32\notepad.exe[11516] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 5 bytes JMP 00000001771300a0 .text C:\Windows\system32\notepad.exe[11516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 5 bytes JMP 0000000177130018 .text C:\Windows\system32\notepad.exe[11516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077191710 5 bytes JMP 00000001771303d0 .text C:\Windows\system32\notepad.exe[11516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077191790 5 bytes JMP 00000001771301b0 .text C:\Windows\system32\notepad.exe[11516] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077191830 5 bytes JMP 0000000177130128 .text C:\Windows\system32\notepad.exe[11516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077191ce0 5 bytes JMP 0000000177130238 .text C:\Windows\system32\notepad.exe[11516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077191d70 5 bytes JMP 00000001771302c0 .text C:\Windows\system32\notepad.exe[11516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077191de0 5 bytes JMP 0000000177130348 .text C:\Windows\system32\notepad.exe[11516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771922a0 5 bytes JMP 0000000177130458 .text C:\Windows\system32\notepad.exe[11516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771922f0 5 bytes JMP 00000001771304e0 .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...] .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes {JMP QWORD [RIP-0x4f7ee]} .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes {JMP QWORD [RIP-0x4f7f1]} .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes {JMP QWORD [RIP-0x50157]} .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes {JMP QWORD [RIP-0x4fd98]} .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes {JMP QWORD [RIP-0x501d2]} .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes {JMP QWORD [RIP-0x4f5e6]} .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes {JMP QWORD [RIP-0x50021]} .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes {JMP QWORD [RIP-0x50967]} .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007466146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Iras\Downloads\jzybqlr4.exe[11780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074661a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes JMP 49484746 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes JMP 12520000 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007466146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[11456] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074661a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077141398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007714143f 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077141594 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007714191e 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077141bf8 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077141d75 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077141edf 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077141fc5 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771427b0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771913e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077191560 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191590 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771916b0 8 bytes JMP 49484746 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191760 8 bytes JMP 12520000 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d90 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077191fe0 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077192840 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007466146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074661a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff880036b3f58] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2720](2012-04-10 15:53:59) 000000006fbc0000 Library C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2720](2012-04-10 15:53:59) 000000006e940000 Library C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2720](2012-04-10 15:53:59) 000000006a1c0000 Library C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2720](2012-04-10 15:53:59) 000000006ff00000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [3480] 000000006fbc0000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [3480](2011-12-22 14:28:11) 000000006e940000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [3480](2 000000006a1c0000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [3480](2011-12-22 14:28:11) 000000006ff00000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\QueryStrategy.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [3480](2011-12-22 14:28:11) 000000006efc0000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\QtXml4.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [3480](201 000000006ed40000 Library C:\Users\Iras\AppData\Local\GallopingNumerics\MonocytesRemediable.dll (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [2300](2015-11-24 23:00:42) 0000000010000000 Process C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe (*** suspicious ***) @ C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe [8032] (WebHelper/BitTorrent Inc.)(2015-12-01 23:09:30) 0000000001200000 Process C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe (*** suspicious ***) @ C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe [7688] (WebHelper/BitTorrent Inc.)(2015-12-01 23:09:30) 0000000001200000 Process C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe (*** suspicious ***) @ C:\Users\Iras\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe [9240] (WebHelper/BitTorrent Inc.)(2015-12-01 23:09:30) 0000000001200000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68b5671d Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68b5671d@00219e92bf05 0xA9 0x46 0x71 0x9F ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68b5671d@0cddef37ab44 0xDB 0x9D 0x1B 0xD3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68b5671d@5cb5249f8e2c 0x7F 0x27 0xAF 0xB6 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68b5671d@dc85de9e3ce0 0xEC 0x54 0xEB 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68b5671d@70aab250d132 0x2D 0xCE 0xA8 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68b5671d@68764f304418 0x1A 0xE6 0x40 0x05 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68b5671d@502e5c75a1bc 0xF8 0x94 0x71 0x75 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68b5671d (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68b5671d@00219e92bf05 0xA9 0x46 0x71 0x9F ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68b5671d@0cddef37ab44 0xDB 0x9D 0x1B 0xD3 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68b5671d@5cb5249f8e2c 0x7F 0x27 0xAF 0xB6 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68b5671d@dc85de9e3ce0 0xEC 0x54 0xEB 0x76 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68b5671d@70aab250d132 0x2D 0xCE 0xA8 0x80 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68b5671d@68764f304418 0x1A 0xE6 0x40 0x05 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68b5671d@502e5c75a1bc 0xF8 0x94 0x71 0x75 ... ---- EOF - GMER 2.1 ----