GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-03-07 21:11:18 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AK1 465,76GB Running: 0gjr2tdu.exe; Driver: C:\Users\pawel\AppData\Local\Temp\kgdoyfog.sys ---- User code sections - GMER 2.1 ---- ? C:\Windows\system32\mssprxy.dll [2840] entry point in ".rdata" section 00000000744d71e6 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076eb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076eb1544 8 bytes [D0, 6A, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076eb18ce 8 bytes [C0, 6A, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076eb1ba8 8 bytes [B0, 6A, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076eb1d25 8 bytes [A0, 6A, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 32 0000000076eb1e90 7 bytes [6A, F6, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076eb1f75 8 bytes [80, 6A, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076eb21d8 8 bytes [70, 6A, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076efd480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076efd600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076efd630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076efd750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076efd800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076efde30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076efe080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076efe8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007486146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074861a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075fc1401 2 bytes JMP 74feb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075fc1419 2 bytes JMP 74feb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075fc1431 2 bytes JMP 75069011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075fc144a 2 bytes CALL 74fc48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075fc14dd 2 bytes JMP 7506890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075fc14f5 2 bytes JMP 75068ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075fc150d 2 bytes JMP 75068800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075fc1525 2 bytes JMP 75068bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075fc153d 2 bytes JMP 74fdfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075fc1555 2 bytes JMP 74fe6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075fc156d 2 bytes JMP 750690c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075fc1585 2 bytes JMP 75068c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075fc159d 2 bytes JMP 750687c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075fc15b5 2 bytes JMP 74fdfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075fc15cd 2 bytes JMP 74feb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075fc16b2 2 bytes JMP 75068f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075fc16bd 2 bytes JMP 75068759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076eb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076eb1544 8 bytes [D0, AA, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076eb18ce 8 bytes [C0, AA, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076eb1ba8 8 bytes [B0, AA, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076eb1d25 8 bytes [A0, AA, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 32 0000000076eb1e90 7 bytes [AA, EE, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076eb1f75 8 bytes [80, AA, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076eb21d8 8 bytes [70, AA, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076efd480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076efd600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076efd630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076efd750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076efd800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076efde30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076efe080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076efe8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007486146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074861a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075fc1401 2 bytes JMP 74feb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075fc1419 2 bytes JMP 74feb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075fc1431 2 bytes JMP 75069011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075fc144a 2 bytes CALL 74fc48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075fc14dd 2 bytes JMP 7506890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075fc14f5 2 bytes JMP 75068ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075fc150d 2 bytes JMP 75068800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075fc1525 2 bytes JMP 75068bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075fc153d 2 bytes JMP 74fdfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075fc1555 2 bytes JMP 74fe6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075fc156d 2 bytes JMP 750690c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075fc1585 2 bytes JMP 75068c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075fc159d 2 bytes JMP 750687c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075fc15b5 2 bytes JMP 74fdfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075fc15cd 2 bytes JMP 74feb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075fc16b2 2 bytes JMP 75068f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075fc16bd 2 bytes JMP 75068759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076eb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076eb1544 8 bytes [D0, 7A, EB, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076eb18ce 8 bytes [C0, 7A, EB, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076eb1ba8 8 bytes {MOV AL, 0x7a; JMP 0x82} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076eb1d25 8 bytes [A0, 7A, EB, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 32 0000000076eb1e90 7 bytes [7A, EB, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076eb1f75 8 bytes [80, 7A, EB, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076eb21d8 8 bytes {JO 0x7c; JMP 0x82} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076efd480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076efd600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076efd630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076efd750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076efd800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076efde30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076efe080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076efe8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007486146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074861a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076eb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076eb1544 8 bytes [D0, BA, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076eb18ce 8 bytes [C0, BA, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076eb1ba8 8 bytes [B0, BA, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076eb1d25 8 bytes [A0, BA, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 32 0000000076eb1e90 7 bytes [BA, F4, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076eb1f75 8 bytes [80, BA, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076eb21d8 8 bytes [70, BA, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076efd480 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076efd600 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076efd630 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076efd750 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076efd800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076efde30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076efe080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076efe8e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5772] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5772] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007486146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5772] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5772] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5772] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5772] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074861a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076eb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076eb1544 8 bytes [D0, 8A, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076eb18ce 8 bytes [C0, 8A, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076eb1ba8 8 bytes [B0, 8A, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076eb1d25 8 bytes [A0, 8A, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 32 0000000076eb1e90 7 bytes [8A, F5, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076eb1f75 8 bytes [80, 8A, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076eb21d8 8 bytes [70, 8A, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076efd480 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076efd600 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076efd630 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076efd750 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076efd800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076efde30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076efe080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076efe8e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007486146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074861a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076eb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076eb1544 8 bytes [D0, 5A, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076eb18ce 8 bytes [C0, 5A, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076eb1ba8 8 bytes [B0, 5A, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076eb1d25 8 bytes [A0, 5A, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 32 0000000076eb1e90 7 bytes [5A, F0, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076eb1f75 8 bytes [80, 5A, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076eb21d8 8 bytes [70, 5A, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076efd480 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076efd600 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076efd630 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076efd750 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076efd800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076efde30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076efe080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076efe8e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3624] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3624] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007486146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3624] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3624] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3624] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3624] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074861a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076eb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076eb1544 8 bytes [D0, 1A, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076eb18ce 8 bytes [C0, 1A, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076eb1ba8 8 bytes [B0, 1A, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076eb1d25 8 bytes [A0, 1A, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 32 0000000076eb1e90 7 bytes [1A, F0, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076eb1f75 8 bytes [80, 1A, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076eb21d8 8 bytes [70, 1A, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076efd480 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076efd600 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076efd630 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076efd750 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076efd800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076efde30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076efe080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076efe8e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6060] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6060] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007486146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6060] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6060] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6060] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6060] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074861a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076eb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076eb1544 8 bytes [D0, 2A, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076eb18ce 8 bytes [C0, 2A, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076eb1ba8 8 bytes [B0, 2A, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076eb1d25 8 bytes [A0, 2A, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 32 0000000076eb1e90 7 bytes [2A, F5, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076eb1f75 8 bytes [80, 2A, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076eb21d8 8 bytes [70, 2A, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076efd480 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076efd600 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076efd630 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076efd750 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076efd800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076efde30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076efe080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076efe8e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007486146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074861a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076eb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076eb1544 8 bytes [D0, 4A, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076eb18ce 8 bytes [C0, 4A, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076eb1ba8 8 bytes [B0, 4A, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076eb1d25 8 bytes [A0, 4A, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 32 0000000076eb1e90 7 bytes [4A, EE, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076eb1f75 8 bytes [80, 4A, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076eb21d8 8 bytes [70, 4A, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076efd480 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076efd600 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076efd630 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076efd750 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076efd800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076efde30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076efe080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076efe8e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007486146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074861a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076eb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076eb1544 8 bytes [D0, AA, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076eb18ce 8 bytes [C0, AA, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076eb1ba8 8 bytes [B0, AA, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076eb1d25 8 bytes [A0, AA, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 32 0000000076eb1e90 7 bytes [AA, F5, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076eb1f75 8 bytes [80, AA, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076eb21d8 8 bytes [70, AA, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076efd480 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076efd600 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076efd630 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076efd750 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076efd800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076efde30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076efe080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076efe8e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007486146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074861a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076eb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076eb1544 8 bytes [D0, CA, F7, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076eb18ce 8 bytes [C0, CA, F7, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076eb1ba8 8 bytes [B0, CA, F7, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076eb1d25 8 bytes [A0, CA, F7, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 32 0000000076eb1e90 7 bytes [CA, F7, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076eb1f75 8 bytes [80, CA, F7, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076eb21d8 8 bytes [70, CA, F7, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076efd480 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076efd600 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076efd630 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076efd750 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076efd800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076efde30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076efe080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076efe8e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5608] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5608] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007486146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5608] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5608] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5608] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5608] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074861a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076eb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076eb1544 8 bytes [D0, 2A, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076eb18ce 8 bytes [C0, 2A, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076eb1ba8 8 bytes [B0, 2A, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076eb1d25 8 bytes [A0, 2A, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 32 0000000076eb1e90 7 bytes [2A, F6, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076eb1f75 8 bytes [80, 2A, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076eb21d8 8 bytes [70, 2A, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076efd480 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076efd600 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076efd630 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076efd750 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076efd800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076efde30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076efe080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076efe8e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007486146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074861a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3748] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076eb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3748] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076eb1544 8 bytes [D0, 2A, EA, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3748] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076eb18ce 8 bytes [C0, 2A, EA, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3748] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076eb1ba8 8 bytes [B0, 2A, EA, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3748] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076eb1d25 8 bytes [A0, 2A, EA, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3748] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 32 0000000076eb1e90 7 bytes [2A, EA, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3748] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076eb1f75 8 bytes [80, 2A, EA, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3748] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076eb21d8 8 bytes [70, 2A, EA, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3748] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076efd480 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076efd600 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3748] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076efd630 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076efd750 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076efd800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076efde30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3748] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076efe080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076efe8e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007486146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074861a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076eb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076eb1544 8 bytes [D0, 1A, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076eb18ce 8 bytes [C0, 1A, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076eb1ba8 8 bytes [B0, 1A, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076eb1d25 8 bytes [A0, 1A, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 32 0000000076eb1e90 7 bytes [1A, EC, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076eb1f75 8 bytes [80, 1A, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076eb21d8 8 bytes [70, 1A, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076efd480 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076efd600 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076efd630 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076efd750 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076efd800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076efde30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076efe080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076efe8e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007486146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074861a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\pawel\Downloads\0gjr2tdu.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076eb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\pawel\Downloads\0gjr2tdu.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076eb1544 8 bytes [D0, 1A, F1, 7E, 00, 00, 00, ...] .text C:\Users\pawel\Downloads\0gjr2tdu.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076eb18ce 8 bytes [C0, 1A, F1, 7E, 00, 00, 00, ...] .text C:\Users\pawel\Downloads\0gjr2tdu.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076eb1ba8 8 bytes [B0, 1A, F1, 7E, 00, 00, 00, ...] .text C:\Users\pawel\Downloads\0gjr2tdu.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076eb1d25 8 bytes [A0, 1A, F1, 7E, 00, 00, 00, ...] .text C:\Users\pawel\Downloads\0gjr2tdu.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 32 0000000076eb1e90 7 bytes [1A, F1, 7E, 00, 00, 00, 00] .text C:\Users\pawel\Downloads\0gjr2tdu.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076eb1f75 8 bytes [80, 1A, F1, 7E, 00, 00, 00, ...] .text C:\Users\pawel\Downloads\0gjr2tdu.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076eb21d8 8 bytes [70, 1A, F1, 7E, 00, 00, 00, ...] .text C:\Users\pawel\Downloads\0gjr2tdu.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076efd480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\Users\pawel\Downloads\0gjr2tdu.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076efd600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\Users\pawel\Downloads\0gjr2tdu.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076efd630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Users\pawel\Downloads\0gjr2tdu.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076efd750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\Users\pawel\Downloads\0gjr2tdu.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076efd800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\Users\pawel\Downloads\0gjr2tdu.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076efde30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\Users\pawel\Downloads\0gjr2tdu.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076efe080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\Users\pawel\Downloads\0gjr2tdu.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076efe8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\Users\pawel\Downloads\0gjr2tdu.exe[4596] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\pawel\Downloads\0gjr2tdu.exe[4596] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007486146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\pawel\Downloads\0gjr2tdu.exe[4596] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\pawel\Downloads\0gjr2tdu.exe[4596] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\pawel\Downloads\0gjr2tdu.exe[4596] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\pawel\Downloads\0gjr2tdu.exe[4596] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074861a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff8800372dec0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [892:3828] 000007fefb2d2af8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [892:996] 000007feeef95648 ---- EOF - GMER 2.1 ----