GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-03 12:21:32 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e WDC_WD10EZEX-21M2NA0 rev.01.01A01 931,51GB Running: d7wbfz96.exe; Driver: C:\Users\renata\AppData\Local\Temp\agryapod.sys ---- User code sections - GMER 2.2 ---- .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffce9af4ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffce9af4fcc 8 bytes [A0, 6B, 5B, 7E, 00, 00, 00, ...] .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffce9af52a6 8 bytes [90, 6B, 5B, 7E, 00, 00, 00, ...] .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffce9af549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffce9af583f 8 bytes [70, 6B, 5B, 7E, 00, 00, 00, ...] .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffce9af5895 8 bytes [60, 6B, 5B, 7E, 00, 00, 00, ...] .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffce9af5a44 8 bytes [50, 6B, 5B, 7E, 00, 00, 00, ...] .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffce9af5fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce9b70780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffce9b70900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffce9b70930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce9b70a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffce9b70b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce9b711c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffce9b714c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce9b71d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077cd13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077cd1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077cd1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077cd1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077cd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077cd16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\AppData\Local\GG\Application\gghub.exe[5448] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077cd1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffce9af4ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffce9af4fcc 8 bytes [A0, 6B, 92, FE, 00, 00, 00, ...] .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffce9af52a6 8 bytes [90, 6B, 92, FE, 00, 00, 00, ...] .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffce9af549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffce9af583f 8 bytes [70, 6B, 92, FE, 00, 00, 00, ...] .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffce9af5895 8 bytes [60, 6B, 92, FE, 00, 00, 00, ...] .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffce9af5a44 8 bytes [50, 6B, 92, FE, 00, 00, 00, ...] .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffce9af5fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce9b70780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffce9b70900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffce9b70930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce9b70a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffce9b70b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce9b711c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffce9b714c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce9b71d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077cd13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077cd1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077cd1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077cd1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077cd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077cd16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\AppData\Local\GG\Application\ggapp.exe[5864] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077cd1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffce9af4ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffce9af4fcc 8 bytes [A0, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffce9af52a6 8 bytes [90, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffce9af549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffce9af583f 8 bytes [70, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffce9af5895 8 bytes [60, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffce9af5a44 8 bytes [50, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffce9af5fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce9b70780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffce9b70900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffce9b70930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce9b70a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffce9b70b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce9b711c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffce9b714c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce9b71d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077cd13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077cd1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077cd1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077cd1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077cd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077cd16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5444] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077cd1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\CCleaner\CCleaner64.exe[5336] C:\Windows\system32\USER32.dll!ShowScrollBar 00007ffce7941150 5 bytes JMP 00007ffc679b0018 .text C:\Program Files\CCleaner\CCleaner64.exe[5336] C:\Windows\system32\USER32.dll!SetScrollInfo 00007ffce794c760 5 bytes JMP 00007ffc67960018 .text C:\Program Files\CCleaner\CCleaner64.exe[5336] C:\Windows\system32\USER32.dll!GetScrollInfo 00007ffce79566e0 5 bytes JMP 00007ffc67970018 .text C:\Program Files\CCleaner\CCleaner64.exe[5336] C:\Windows\system32\USER32.dll!SetScrollRange 00007ffce79590b0 5 bytes JMP 00007ffc67980018 .text C:\Program Files\CCleaner\CCleaner64.exe[5336] C:\Windows\system32\USER32.dll!SetScrollPos 00007ffce79750d0 5 bytes JMP 00007ffc679f0018 .text C:\Program Files\CCleaner\CCleaner64.exe[5336] C:\Windows\system32\USER32.dll!EnableScrollBar 00007ffce7977340 5 bytes JMP 00007ffc67990018 .text C:\Program Files\CCleaner\CCleaner64.exe[5336] C:\Windows\system32\USER32.dll!GetScrollPos 00007ffce797fcc0 5 bytes JMP 00007ffc679a0018 .text C:\Program Files\CCleaner\CCleaner64.exe[5336] C:\Windows\system32\USER32.dll!GetScrollRange 00007ffce79cedf0 5 bytes JMP 00007ffc679e0018 .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffce9af4ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffce9af4fcc 8 bytes [A0, 6B, 1F, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffce9af52a6 8 bytes [90, 6B, 1F, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffce9af549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffce9af583f 8 bytes [70, 6B, 1F, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffce9af5895 8 bytes [60, 6B, 1F, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffce9af5a44 8 bytes [50, 6B, 1F, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffce9af5fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce9b70780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffce9b70900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffce9b70930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce9b70a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffce9b70b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce9b711c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffce9b714c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce9b71d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077cd13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077cd1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077cd1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077cd1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077cd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077cd16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe[4740] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077cd1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffce9af4ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffce9af4fcc 8 bytes [A0, 6B, 82, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffce9af52a6 8 bytes [90, 6B, 82, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffce9af549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffce9af583f 8 bytes [70, 6B, 82, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffce9af5895 8 bytes [60, 6B, 82, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffce9af5a44 8 bytes [50, 6B, 82, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffce9af5fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce9b70780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffce9b70900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffce9b70930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce9b70a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffce9b70b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce9b711c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffce9b714c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce9b71d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077cd13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077cd1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077cd1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077cd1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077cd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077cd16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2624] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077cd1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffce9af4ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffce9af4fcc 8 bytes [A0, 6B, 6D, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffce9af52a6 8 bytes [90, 6B, 6D, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffce9af549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffce9af583f 8 bytes [70, 6B, 6D, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffce9af5895 8 bytes [60, 6B, 6D, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffce9af5a44 8 bytes [50, 6B, 6D, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffce9af5fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce9b70780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffce9b70900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffce9b70930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce9b70a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffce9b70b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce9b711c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffce9b714c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce9b71d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077cd13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077cd1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077cd1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077cd1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077cd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077cd16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1172] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077cd1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe[5684] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077cd13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe[5684] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077cd1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe[5684] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077cd1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe[5684] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077cd1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe[5684] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077cd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe[5684] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077cd16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe[5684] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077cd1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffce9af4ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffce9af4fcc 8 bytes [A0, 6B, 9D, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffce9af52a6 8 bytes [90, 6B, 9D, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffce9af549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffce9af583f 8 bytes [70, 6B, 9D, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffce9af5895 8 bytes [60, 6B, 9D, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffce9af5a44 8 bytes [50, 6B, 9D, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffce9af5fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce9b70780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffce9b70900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffce9b70930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce9b70a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffce9b70b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce9b711c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffce9b714c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce9b71d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077cd13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077cd1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077cd1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077cd1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077cd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077cd16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2964] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077cd1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffce9af4ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffce9af4fcc 8 bytes [A0, 6B, 1F, 7F, 00, 00, 00, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffce9af52a6 8 bytes [90, 6B, 1F, 7F, 00, 00, 00, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffce9af549f 8 bytes {JMP 0xffffffffffffffee} .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffce9af583f 8 bytes [70, 6B, 1F, 7F, 00, 00, 00, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffce9af5895 8 bytes [60, 6B, 1F, 7F, 00, 00, 00, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffce9af5a44 8 bytes [50, 6B, 1F, 7F, 00, 00, 00, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffce9af5fe1 8 bytes {JMP 0xffffffffffffff9e} .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce9b70780 8 bytes {JMP QWORD [RIP-0x7af47]} .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffce9b70900 8 bytes {JMP QWORD [RIP-0x7b071]} .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffce9b70930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce9b70a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffce9b70b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce9b711c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffce9b714c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce9b71d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077cd13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077cd1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077cd1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077cd1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077cd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077cd16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[6876] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077cd1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffce9af4ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffce9af4fcc 8 bytes [A0, 6B, 31, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffce9af52a6 8 bytes [90, 6B, 31, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffce9af549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffce9af583f 8 bytes [70, 6B, 31, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffce9af5895 8 bytes [60, 6B, 31, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffce9af5a44 8 bytes [50, 6B, 31, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffce9af5fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce9b70780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffce9b70900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffce9b70930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce9b70a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffce9b70b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce9b711c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffce9b714c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce9b71d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077cd13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077cd1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077cd1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077cd1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077cd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077cd16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe[6408] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077cd1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffce9af4ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffce9af4fcc 8 bytes [A0, 6B, 06, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffce9af52a6 8 bytes [90, 6B, 06, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffce9af549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffce9af583f 8 bytes [70, 6B, 06, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffce9af5895 8 bytes [60, 6B, 06, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffce9af5a44 8 bytes [50, 6B, 06, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffce9af5fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce9b70780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffce9b70900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffce9b70930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce9b70a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffce9b70b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce9b711c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffce9b714c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce9b71d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077cd13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077cd1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077cd1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077cd1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077cd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077cd16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6480] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077cd1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffce9af4ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffce9af4fcc 8 bytes [A0, 6B, E6, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffce9af52a6 8 bytes [90, 6B, E6, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffce9af549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffce9af583f 8 bytes [70, 6B, E6, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffce9af5895 8 bytes [60, 6B, E6, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffce9af5a44 8 bytes [50, 6B, E6, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffce9af5fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce9b70780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffce9b70900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffce9b70930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce9b70a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffce9b70b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce9b711c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffce9b714c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce9b71d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077cd13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077cd1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077cd1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077cd1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077cd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077cd16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6760] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077cd1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffce9af4ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffce9af4fcc 8 bytes [A0, 6B, 42, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffce9af52a6 8 bytes [90, 6B, 42, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffce9af549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffce9af583f 8 bytes [70, 6B, 42, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffce9af5895 8 bytes [60, 6B, 42, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffce9af5a44 8 bytes [50, 6B, 42, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffce9af5fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce9b70780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffce9b70900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffce9b70930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce9b70a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffce9b70b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce9b711c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffce9b714c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce9b71d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077cd13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077cd1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077cd1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077cd1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077cd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077cd16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7144] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077cd1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffce9af4ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffce9af4fcc 8 bytes [A0, 6B, 7B, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffce9af52a6 8 bytes [90, 6B, 7B, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffce9af549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffce9af583f 8 bytes [70, 6B, 7B, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffce9af5895 8 bytes [60, 6B, 7B, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffce9af5a44 8 bytes [50, 6B, 7B, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffce9af5fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce9b70780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffce9b70900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffce9b70930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce9b70a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffce9b70b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce9b711c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffce9b714c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce9b71d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077cd13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077cd1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077cd1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077cd1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077cd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077cd16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077cd1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffce9af4ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffce9af4fcc 8 bytes [A0, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffce9af52a6 8 bytes [90, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffce9af549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffce9af583f 8 bytes [70, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffce9af5895 8 bytes [60, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffce9af5a44 8 bytes [50, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffce9af5fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce9b70780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffce9b70900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffce9b70930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce9b70a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffce9b70b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce9b711c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffce9b714c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce9b71d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077cd13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077cd1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077cd1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077cd1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077cd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077cd16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\Downloads\OTL_www.INSTALKI.pl.exe[7656] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077cd1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffce9af4ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffce9af4fcc 8 bytes [A0, 6B, 54, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffce9af52a6 8 bytes [90, 6B, 54, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffce9af549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffce9af583f 8 bytes [70, 6B, 54, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffce9af5895 8 bytes [60, 6B, 54, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffce9af5a44 8 bytes [50, 6B, 54, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffce9af5fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce9b70780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffce9b70900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffce9b70930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce9b70a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffce9b70b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce9b711c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffce9b714c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce9b71d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077cd13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077cd1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077cd1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077cd1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077cd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077cd16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077cd1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffce9af4ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffce9af4fcc 8 bytes [A0, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffce9af52a6 8 bytes [90, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffce9af549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffce9af583f 8 bytes [70, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffce9af5895 8 bytes [60, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffce9af5a44 8 bytes [50, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffce9af5fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffce9b70780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffce9b70900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffce9b70930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffce9b70a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffce9b70b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffce9b711c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffce9b714c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffce9b71d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077cd13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077cd1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077cd1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077cd1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077cd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077cd16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\renata\Downloads\d7wbfz96.exe[7256] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077cd1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\AUDIODG.EXE[6240] @ C:\Windows\system32\AUDIODG.EXE[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffce9c90000] IAT C:\Windows\system32\AUDIODG.EXE[6240] @ C:\Windows\system32\AUDIODG.EXE[ntdll.dll!NtClose] [7ffce9c90010] IAT C:\Windows\system32\AUDIODG.EXE[6240] @ C:\Windows\SYSTEM32\KERNEL32.DLL[ntdll.dll!NtClose] [7ffce9c90010] IAT C:\Windows\system32\AUDIODG.EXE[6240] @ C:\Windows\SYSTEM32\KERNELBASE.dll[ntdll.dll!NtClose] [7ffce9c90010] IAT C:\Windows\system32\AUDIODG.EXE[6240] @ C:\Windows\system32\RPCRT4.dll[ntdll.dll!NtClose] [7ffce9c90010] IAT C:\Windows\system32\AUDIODG.EXE[6240] @ C:\Windows\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffce9c90000] IAT C:\Windows\system32\AUDIODG.EXE[6240] @ C:\Windows\SYSTEM32\combase.dll[ntdll.dll!NtClose] [7ffce9c90010] IAT C:\Windows\system32\AUDIODG.EXE[6240] @ C:\Windows\SYSTEM32\sechost.dll[ntdll.dll!NtClose] [7ffce9c90010] IAT C:\Windows\system32\AUDIODG.EXE[6240] @ C:\Windows\SYSTEM32\kernel.appcore.dll[ntdll.dll!NtClose] [7ffce9c90010] IAT C:\Windows\system32\AUDIODG.EXE[6240] @ C:\Windows\system32\CRYPTBASE.dll[ntdll.dll!NtClose] [7ffce9c90010] IAT C:\Windows\system32\AUDIODG.EXE[6240] @ C:\Windows\system32\bcryptPrimitives.dll[ntdll.dll!NtClose] [7ffce9c90010] IAT C:\Windows\system32\AUDIODG.EXE[6240] @ C:\Windows\SYSTEM32\user32.dll[ntdll.dll!NtClose] [7ffce9c90010] IAT C:\Windows\system32\AUDIODG.EXE[6240] @ C:\Windows\system32\GDI32.dll[ntdll.dll!NtClose] [7ffce9c90010] IAT C:\Windows\system32\AUDIODG.EXE[6240] @ C:\Windows\system32\CRYPTSP.dll[ntdll.dll!NtClose] [7ffce9c90010] IAT C:\Windows\system32\AUDIODG.EXE[6240] @ C:\Windows\system32\rsaenh.dll[ntdll.dll!NtClose] [7ffce9c90010] IAT C:\Windows\system32\AUDIODG.EXE[6240] @ C:\Windows\system32\bcrypt.dll[ntdll.dll!NtClose] [7ffce9c90010] IAT C:\Windows\system32\AUDIODG.EXE[6240] @ C:\Windows\System32\audioses.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffce9c90000] IAT C:\Windows\system32\AUDIODG.EXE[6240] @ C:\Windows\System32\AVRT.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffce9c90000] IAT C:\Windows\system32\AUDIODG.EXE[6240] @ C:\Windows\System32\AVRT.dll[ntdll.dll!NtClose] [7ffce9c90010] IAT C:\Windows\system32\AUDIODG.EXE[6240] @ C:\Windows\system32\ole32.dll[ntdll.dll!NtClose] [7ffce9c90010] IAT C:\Windows\system32\AUDIODG.EXE[6240] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtClose] [7ffce9c90010] IAT C:\Windows\system32\AUDIODG.EXE[6240] @ C:\Windows\system32\SETUPAPI.dll[ntdll.dll!NtClose] [7ffce9c90010] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [856:932] fffff960008de2d0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -835682553 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@ShowSuperHidden 0 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----