GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-15 10:09:23 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ADATA_SP550 rev.O1230C 111,79GB Running: fue7ech3.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uwdcapoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[912] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000077099020 4 bytes [C3, 00, 00, 00] .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[716] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e91401 2 bytes JMP 000000000679a47b .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[716] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e91419 2 bytes JMP 000000000679a493 .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e91431 2 bytes JMP 000000000679a4ab .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e9144a 2 bytes JMP 0000000075f5fcc4 .text ... * 9 .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[716] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e914dd 2 bytes JMP 000000000679a557 .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[716] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e914f5 2 bytes JMP 000000000679a56f .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[716] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e9150d 2 bytes JMP 000000000679a587 .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[716] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e91525 2 bytes JMP 000000000679a59f .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[716] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e9153d 2 bytes JMP 000000000679a5b7 .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[716] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e91555 2 bytes JMP 000000000679a5cf .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[716] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e9156d 2 bytes JMP 000000000679a5e7 .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[716] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e91585 2 bytes JMP 000000000679a5ff .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[716] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e9159d 2 bytes JMP 000000000679a617 .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[716] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e915b5 2 bytes JMP 000000000679a62f .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[716] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e915cd 2 bytes JMP 000000005c37ce47 .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[716] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e916b2 2 bytes JMP 000000000679a72c .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[716] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e916bd 2 bytes JMP 000000000679a737 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771ebfb0 14 bytes {MOV RAX, 0x7fede3772b0; JMP RAX} .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771ebe00 10 bytes {MOV EAX, 0xb3f24; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771ebfb0 10 bytes {MOV EAX, 0xb3ccc; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771ebfd0 10 bytes {MOV EAX, 0xb3d84; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771ec0d0 10 bytes {MOV EAX, 0xb3540; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771ec180 10 bytes {MOV EAX, 0xb3974; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771ec1d0 10 bytes {MOV EAX, 0xb4020; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771ec210 10 bytes {MOV EAX, 0xb3650; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771ec7b0 10 bytes {MOV EAX, 0xb37b4; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000771ecbb0 10 bytes {MOV EAX, 0xb434c; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771ed040 10 bytes {MOV EAX, 0xb3a88; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771ed260 10 bytes {MOV EAX, 0xb3e54; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771ed420 10 bytes {MOV EAX, 0xb41a4; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemTime 00000000771ed440 10 bytes {MOV EAX, 0xb4288; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771ebe00 10 bytes {MOV EAX, 0x33f24; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771ebfb0 10 bytes {MOV EAX, 0x33ccc; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771ebfd0 10 bytes {MOV EAX, 0x33d84; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771ec0d0 10 bytes {MOV EAX, 0x33540; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771ec180 10 bytes {MOV EAX, 0x33974; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771ec1d0 10 bytes {MOV EAX, 0x34020; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771ec210 10 bytes {MOV EAX, 0x33650; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771ec7b0 10 bytes {MOV EAX, 0x337b4; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000771ecbb0 10 bytes {MOV EAX, 0x3434c; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771ed040 10 bytes {MOV EAX, 0x33a88; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771ed260 10 bytes {MOV EAX, 0x33e54; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771ed420 10 bytes {MOV EAX, 0x341a4; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemTime 00000000771ed440 10 bytes {MOV EAX, 0x34288; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter + 1 0000000077099021 11 bytes {MOV EAX, 0xffffffffcba46ebc; INC BYTE [RDI]; ADD [RAX], AL; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\system32\USER32.dll!SetParent 0000000076f88480 10 bytes {MOV EAX, 0x34798; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\system32\USER32.dll!GetWindowThreadProcessId + 208 0000000076f90b00 10 bytes {MOV EAX, 0x349f8; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\system32\USER32.dll!ClientToScreen + 92 0000000076f932b0 10 bytes {MOV EAX, 0x34654; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\system32\USER32.dll!IsDialogMessageW + 400 0000000076f96810 10 bytes {MOV EAX, 0x344e8; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\system32\USER32.dll!SetWindowLongPtrW + 20 0000000076f976c0 10 bytes {MOV EAX, 0x348b4; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\system32\USER32.dll!SetScrollInfo + 372 0000000076f97ec0 10 bytes {MOV EAX, 0x343fc; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\system32\USER32.dll!SendInput 0000000076fa8c90 10 bytes {MOV EAX, 0x34b10; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007fefedc72f0 5 bytes JMP 000007fefe9600d8 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007feff1d1180 5 bytes JMP 000007fefe9601b8 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007feff1d1210 7 bytes JMP 000007fefe960148 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007feff1d4080 6 bytes JMP 000007fefe960110 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[4944] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007feff1d6260 10 bytes JMP 000007fefe960180 .text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[5636] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter + 1 0000000077099021 11 bytes {MOV EAX, 0xffffffffcba46ebc; INC BYTE [RDI]; ADD [RAX], AL; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[5636] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007fefedc72f0 5 bytes JMP 000007fefe9600d8 .text C:\Windows\system32\AUDIODG.EXE[6064] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771ebe00 10 bytes {MOV EAX, 0x33f24; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\AUDIODG.EXE[6064] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771ebfb0 10 bytes {MOV EAX, 0x33ccc; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\AUDIODG.EXE[6064] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771ebfd0 10 bytes {MOV EAX, 0x33d84; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\AUDIODG.EXE[6064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771ec0d0 10 bytes {MOV EAX, 0x33540; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\AUDIODG.EXE[6064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771ec180 10 bytes {MOV EAX, 0x33974; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\AUDIODG.EXE[6064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771ec1d0 10 bytes {MOV EAX, 0x34020; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\AUDIODG.EXE[6064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771ec210 10 bytes {MOV EAX, 0x33650; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\AUDIODG.EXE[6064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771ec7b0 10 bytes {MOV EAX, 0x337b4; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\AUDIODG.EXE[6064] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000771ecbb0 10 bytes {MOV EAX, 0x3434c; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\AUDIODG.EXE[6064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771ed040 10 bytes {MOV EAX, 0x33a88; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\AUDIODG.EXE[6064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771ed260 10 bytes {MOV EAX, 0x33e54; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\AUDIODG.EXE[6064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771ed420 10 bytes {MOV EAX, 0x341a4; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\AUDIODG.EXE[6064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemTime 00000000771ed440 10 bytes {MOV EAX, 0x34288; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771ebe00 10 bytes {MOV EAX, 0x33f24; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771ebfb0 10 bytes {MOV EAX, 0x33ccc; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771ebfd0 10 bytes {MOV EAX, 0x33d84; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771ec0d0 10 bytes {MOV EAX, 0x33540; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771ec180 10 bytes {MOV EAX, 0x33974; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771ec1d0 10 bytes {MOV EAX, 0x34020; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771ec210 10 bytes {MOV EAX, 0x33650; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771ec7b0 10 bytes {MOV EAX, 0x337b4; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000771ecbb0 10 bytes {MOV EAX, 0x3434c; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771ed040 10 bytes {MOV EAX, 0x33a88; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771ed260 10 bytes {MOV EAX, 0x33e54; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771ed420 10 bytes {MOV EAX, 0x341a4; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemTime 00000000771ed440 10 bytes {MOV EAX, 0x34288; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\conhost.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771ebe00 10 bytes {MOV EAX, 0x33f24; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\conhost.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771ebfb0 10 bytes {MOV EAX, 0x33ccc; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\conhost.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771ebfd0 10 bytes {MOV EAX, 0x33d84; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\conhost.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771ec0d0 10 bytes {MOV EAX, 0x33540; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\conhost.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771ec180 10 bytes {MOV EAX, 0x33974; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\conhost.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771ec1d0 10 bytes {MOV EAX, 0x34020; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\conhost.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771ec210 10 bytes {MOV EAX, 0x33650; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\conhost.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771ec7b0 10 bytes {MOV EAX, 0x337b4; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\conhost.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000771ecbb0 10 bytes {MOV EAX, 0x3434c; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\conhost.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771ed040 10 bytes {MOV EAX, 0x33a88; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\conhost.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771ed260 10 bytes {MOV EAX, 0x33e54; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\conhost.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771ed420 10 bytes {MOV EAX, 0x341a4; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\conhost.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemTime 00000000771ed440 10 bytes {MOV EAX, 0x34288; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771ebe00 7 bytes [48, B8, 60, 04, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000771ebe08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000771ebf70 7 bytes [48, B8, E0, 04, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000771ebf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771ebf90 7 bytes [48, B8, D0, 08, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771ebf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000771ebfa0 7 bytes [48, B8, C0, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000771ebfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771ebfb0 7 bytes [48, B8, 40, 03, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771ebfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771ebfd0 7 bytes [48, B8, B0, 03, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771ebfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000771ec020 7 bytes [48, B8, 50, 05, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000771ec028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000771ec030 7 bytes [48, B8, 20, 09, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000771ec038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771ec060 7 bytes [48, B8, 40, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000771ec068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000771ec100 7 bytes [48, B8, 80, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000771ec108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771ec280 7 bytes [48, B8, C0, 05, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771ec288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000771eccf0 7 bytes [48, B8, 00, 09, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000771eccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771ecd40 7 bytes [48, B8, A0, 08, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000771ecd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000771ece90 7 bytes [48, B8, A0, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000771ece98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771ebe00 7 bytes [48, B8, 60, 04, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000771ebe08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000771ebf70 7 bytes [48, B8, E0, 04, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000771ebf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771ebf90 7 bytes [48, B8, D0, 08, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771ebf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000771ebfa0 7 bytes [48, B8, C0, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000771ebfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771ebfb0 7 bytes [48, B8, 40, 03, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771ebfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771ebfd0 7 bytes [48, B8, B0, 03, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771ebfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000771ec020 7 bytes [48, B8, 50, 05, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000771ec028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000771ec030 7 bytes [48, B8, 20, 09, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000771ec038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771ec060 7 bytes [48, B8, 40, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000771ec068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000771ec100 7 bytes [48, B8, 80, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000771ec108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771ec280 7 bytes [48, B8, C0, 05, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771ec288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000771eccf0 7 bytes [48, B8, 00, 09, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000771eccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771ecd40 7 bytes [48, B8, A0, 08, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000771ecd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000771ece90 7 bytes [48, B8, A0, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000771ece98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771ebe00 7 bytes [48, B8, 60, 04, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000771ebe08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000771ebf70 7 bytes [48, B8, E0, 04, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000771ebf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771ebf90 7 bytes [48, B8, D0, 08, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771ebf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000771ebfa0 7 bytes [48, B8, C0, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000771ebfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771ebfb0 7 bytes [48, B8, 40, 03, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771ebfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771ebfd0 7 bytes [48, B8, B0, 03, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771ebfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000771ec020 7 bytes [48, B8, 50, 05, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000771ec028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000771ec030 7 bytes [48, B8, 20, 09, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000771ec038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771ec060 7 bytes [48, B8, 40, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000771ec068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000771ec100 7 bytes [48, B8, 80, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000771ec108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771ec280 7 bytes [48, B8, C0, 05, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771ec288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000771eccf0 7 bytes [48, B8, 00, 09, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000771eccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771ecd40 7 bytes [48, B8, A0, 08, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000771ecd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000771ece90 7 bytes [48, B8, A0, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000771ece98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771ebe00 7 bytes [48, B8, 60, 04, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000771ebe08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000771ebf70 7 bytes [48, B8, E0, 04, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000771ebf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771ebf90 7 bytes [48, B8, D0, 08, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771ebf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000771ebfa0 7 bytes [48, B8, C0, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000771ebfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771ebfb0 7 bytes [48, B8, 40, 03, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771ebfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771ebfd0 7 bytes [48, B8, B0, 03, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771ebfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000771ec020 7 bytes [48, B8, 50, 05, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000771ec028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000771ec030 7 bytes [48, B8, 20, 09, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000771ec038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771ec060 7 bytes [48, B8, 40, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000771ec068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000771ec100 7 bytes [48, B8, 80, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000771ec108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771ec280 7 bytes [48, B8, C0, 05, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771ec288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000771eccf0 7 bytes [48, B8, 00, 09, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000771eccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771ecd40 7 bytes [48, B8, A0, 08, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000771ecd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000771ece90 7 bytes [48, B8, A0, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000771ece98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\wuauclt.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771ebe00 10 bytes {MOV EAX, 0x33f24; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\wuauclt.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771ebfb0 10 bytes {MOV EAX, 0x33ccc; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\wuauclt.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771ebfd0 10 bytes {MOV EAX, 0x33d84; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\wuauclt.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771ec0d0 10 bytes {MOV EAX, 0x33540; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\wuauclt.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771ec180 10 bytes {MOV EAX, 0x33974; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\wuauclt.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771ec1d0 10 bytes {MOV EAX, 0x34020; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\wuauclt.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771ec210 10 bytes {MOV EAX, 0x33650; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\wuauclt.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771ec7b0 10 bytes {MOV EAX, 0x337b4; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\wuauclt.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000771ecbb0 10 bytes {MOV EAX, 0x3434c; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\wuauclt.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771ed040 10 bytes {MOV EAX, 0x33a88; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\wuauclt.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771ed260 10 bytes {MOV EAX, 0x33e54; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\wuauclt.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771ed420 10 bytes {MOV EAX, 0x341a4; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\system32\wuauclt.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemTime 00000000771ed440 10 bytes {MOV EAX, 0x34288; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\servicing\TrustedInstaller.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771ebe00 10 bytes {MOV EAX, 0x33f24; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\servicing\TrustedInstaller.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771ebfb0 10 bytes {MOV EAX, 0x33ccc; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\servicing\TrustedInstaller.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771ebfd0 10 bytes {MOV EAX, 0x33d84; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\servicing\TrustedInstaller.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771ec0d0 10 bytes {MOV EAX, 0x33540; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\servicing\TrustedInstaller.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771ec180 10 bytes {MOV EAX, 0x33974; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\servicing\TrustedInstaller.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771ec1d0 10 bytes {MOV EAX, 0x34020; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\servicing\TrustedInstaller.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771ec210 10 bytes {MOV EAX, 0x33650; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\servicing\TrustedInstaller.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771ec7b0 10 bytes {MOV EAX, 0x337b4; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\servicing\TrustedInstaller.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000771ecbb0 10 bytes {MOV EAX, 0x3434c; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\servicing\TrustedInstaller.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771ed040 10 bytes {MOV EAX, 0x33a88; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\servicing\TrustedInstaller.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771ed260 10 bytes {MOV EAX, 0x33e54; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\servicing\TrustedInstaller.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771ed420 10 bytes {MOV EAX, 0x341a4; MOVSXD RAX, EAX; JMP RAX} .text C:\Windows\servicing\TrustedInstaller.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemTime 00000000771ed440 10 bytes {MOV EAX, 0x34288; MOVSXD RAX, EAX; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771ebe00 7 bytes [48, B8, 60, 04, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000771ebe08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000771ebf70 7 bytes [48, B8, E0, 04, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000771ebf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771ebf90 7 bytes [48, B8, D0, 08, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771ebf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000771ebfa0 7 bytes [48, B8, C0, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000771ebfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771ebfb0 7 bytes [48, B8, 40, 03, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771ebfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771ebfd0 7 bytes [48, B8, B0, 03, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771ebfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000771ec020 7 bytes [48, B8, 50, 05, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000771ec028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000771ec030 7 bytes [48, B8, 20, 09, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000771ec038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771ec060 7 bytes [48, B8, 40, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000771ec068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000771ec100 7 bytes [48, B8, 80, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000771ec108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771ec280 7 bytes [48, B8, C0, 05, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771ec288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000771eccf0 7 bytes [48, B8, 00, 09, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000771eccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771ecd40 7 bytes [48, B8, A0, 08, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000771ecd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000771ece90 7 bytes [48, B8, A0, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000771ece98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771ebe00 7 bytes [48, B8, 60, 04, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000771ebe08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000771ebf70 7 bytes [48, B8, E0, 04, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000771ebf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771ebf90 7 bytes [48, B8, D0, 08, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771ebf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000771ebfa0 7 bytes [48, B8, C0, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000771ebfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771ebfb0 7 bytes [48, B8, 40, 03, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771ebfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771ebfd0 7 bytes [48, B8, B0, 03, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771ebfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000771ec020 7 bytes [48, B8, 50, 05, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000771ec028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000771ec030 7 bytes [48, B8, 20, 09, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000771ec038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771ec060 7 bytes [48, B8, 40, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000771ec068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000771ec100 7 bytes [48, B8, 80, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000771ec108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771ec280 7 bytes [48, B8, C0, 05, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771ec288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000771eccf0 7 bytes [48, B8, 00, 09, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000771eccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771ecd40 7 bytes [48, B8, A0, 08, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000771ecd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000771ece90 7 bytes [48, B8, A0, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000771ece98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000771ebe00 7 bytes [48, B8, 60, 04, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000771ebe08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000771ebf70 7 bytes [48, B8, E0, 04, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000771ebf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771ebf90 7 bytes [48, B8, D0, 08, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771ebf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000771ebfa0 7 bytes [48, B8, C0, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000771ebfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771ebfb0 7 bytes [48, B8, 40, 03, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771ebfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771ebfd0 7 bytes [48, B8, B0, 03, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771ebfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000771ec020 7 bytes [48, B8, 50, 05, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000771ec028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000771ec030 7 bytes [48, B8, 20, 09, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000771ec038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771ec060 7 bytes [48, B8, 40, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000771ec068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000771ec100 7 bytes [48, B8, 80, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000771ec108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771ec280 7 bytes [48, B8, C0, 05, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771ec288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000771eccf0 7 bytes [48, B8, 00, 09, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000771eccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771ecd40 7 bytes [48, B8, A0, 08, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000771ecd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000771ece90 7 bytes [48, B8, A0, 06, B9, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000771ece98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Admin\Downloads\fue7ech3.exe[6944] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 1 00000000773a0ee9 3 bytes [B6, 46, 1B] .text C:\Users\Admin\Downloads\fue7ech3.exe[6944] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 5 00000000773a0eed 2 bytes {JMP RAX} .text C:\Users\Admin\Downloads\fue7ech3.exe[6944] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemTime + 1 00000000773a1c25 3 bytes [1F, 46, 1B] .text C:\Users\Admin\Downloads\fue7ech3.exe[6944] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemTime + 5 00000000773a1c29 2 bytes {JMP RAX} .text C:\Users\Admin\Downloads\fue7ech3.exe[6944] C:\Windows\syswow64\USER32.dll!GetPropW + 126 00000000754172a5 3 bytes [5E, 48, 1B] .text C:\Users\Admin\Downloads\fue7ech3.exe[6944] C:\Windows\syswow64\USER32.dll!GetPropW + 130 00000000754172a9 2 bytes {JMP RAX} .text C:\Users\Admin\Downloads\fue7ech3.exe[6944] C:\Windows\syswow64\USER32.dll!IsProcessDPIAware + 14 00000000754181b4 3 bytes [55, 49, 1B] .text C:\Users\Admin\Downloads\fue7ech3.exe[6944] C:\Windows\syswow64\USER32.dll!IsProcessDPIAware + 18 00000000754181b8 2 bytes {JMP RAX} .text C:\Users\Admin\Downloads\fue7ech3.exe[6944] C:\Windows\syswow64\USER32.dll!RegisterClassW + 379 0000000075418be0 3 bytes [11, 4C, 1B] .text C:\Users\Admin\Downloads\fue7ech3.exe[6944] C:\Windows\syswow64\USER32.dll!RegisterClassW + 383 0000000075418be4 2 bytes {JMP RAX} .text C:\Users\Admin\Downloads\fue7ech3.exe[6944] C:\Windows\syswow64\USER32.dll!TranslateAcceleratorW + 64 000000007542129e 3 bytes [30, 4B, 1B] .text C:\Users\Admin\Downloads\fue7ech3.exe[6944] C:\Windows\syswow64\USER32.dll!TranslateAcceleratorW + 68 00000000754212a2 2 bytes {JMP RAX} .text C:\Users\Admin\Downloads\fue7ech3.exe[6944] C:\Windows\syswow64\USER32.dll!SetParent + 1 00000000754245cd 3 bytes [41, 4A, 1B] .text C:\Users\Admin\Downloads\fue7ech3.exe[6944] C:\Windows\syswow64\USER32.dll!SetParent + 5 00000000754245d1 2 bytes {JMP RAX} .text C:\Users\Admin\Downloads\fue7ech3.exe[6944] C:\Windows\syswow64\USER32.dll!SendInput + 1 000000007543ff2b 3 bytes [40, 4D, 1B] .text C:\Users\Admin\Downloads\fue7ech3.exe[6944] C:\Windows\syswow64\USER32.dll!SendInput + 5 000000007543ff2f 2 bytes {JMP RAX} ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5996] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed7939010] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5996] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed7938874] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5996] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed7938ff8] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5996] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed7939244] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5996] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed68f2348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed7939010] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed7938874] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed7938ff8] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed7939244] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed68f2348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed7939010] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed7938874] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed7938ff8] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed7939244] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5040] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed68f2348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed7939010] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed7938874] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed7938ff8] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed7939244] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4160] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed68f2348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed7939010] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed7938874] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed7938ff8] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed7939244] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7688] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed68f2348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed7939010] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed7938874] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed7938ff8] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed7939244] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6580] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed68f2348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\svchost.exe [988:4412] 000007fed492506c Thread C:\Windows\system32\svchost.exe [988:4420] 000007fed9ba1c20 Thread C:\Windows\system32\svchost.exe [988:4428] 000007fed9ba1c20 Thread C:\Windows\system32\svchost.exe [988:8072] 000007fee6b65124 Thread C:\Windows\system32\svchost.exe [988:4180] 000007fef82da07c Thread C:\Windows\system32\svchost.exe [988:2732] 000007fef23e4164 Thread C:\Windows\system32\svchost.exe [988:7112] 000007feeb325170 Thread C:\Windows\system32\svchost.exe [988:7980] 000007feeb325170 Thread C:\Windows\system32\svchost.exe [988:7352] 000007fef82da07c Thread C:\Windows\system32\svchost.exe [988:6908] 000007fef1611ab0 Thread C:\Windows\system32\svchost.exe [988:5344] 000007feeadeb68c Thread C:\Windows\system32\svchost.exe [988:5192] 000007feeadeb68c Thread C:\Windows\System32\WUDFHost.exe [1908:1944] 0000000073353810 Thread C:\Windows\System32\WUDFHost.exe [1908:1948] 0000000073353810 Thread C:\Windows\System32\WUDFHost.exe [1908:1952] 0000000073353810 Thread C:\Windows\System32\WUDFHost.exe [1908:1984] 0000000073353810 Thread C:\Windows\System32\WUDFHost.exe [1908:4132] 0000000073353810 Thread C:\Windows\System32\spoolsv.exe [1836:7844] 000007fef7f110c8 Thread C:\Windows\System32\spoolsv.exe [1836:6792] 000007fef7a26144 Thread C:\Windows\System32\spoolsv.exe [1836:7856] 000007fee1ea5fd0 Thread C:\Windows\System32\spoolsv.exe [1836:6568] 000007fef7f03438 Thread C:\Windows\System32\spoolsv.exe [1836:6752] 000007fee1ea63ec Thread C:\Windows\System32\spoolsv.exe [1836:6884] 000007fef82b5e5c Thread C:\Windows\System32\spoolsv.exe [1836:6772] 000007fef81e8760 Thread C:\Windows\system32\svchost.exe [2212:2824] 000007fef13935c0 Thread C:\Windows\system32\svchost.exe [2212:4764] 000007fef1395600 Thread C:\Windows\system32\svchost.exe [2212:7156] 000007feca782888 Thread C:\Windows\system32\svchost.exe [2212:4268] 000007feca642940 Thread C:\Windows\System32\svchost.exe [2736:2888] 000007fee73ba1b0 Thread C:\Windows\System32\svchost.exe [2736:2900] 000007fee73a06e0 Thread C:\Windows\System32\svchost.exe [2736:2920] 000007fee73a06d0 Thread C:\Windows\System32\svchost.exe [2736:2924] 000007fee7366d60 Thread C:\Windows\System32\svchost.exe [2736:2928] 000007fee7378d40 Thread C:\Windows\System32\svchost.exe [2736:2932] 000007fee7366d50 Thread C:\Windows\System32\svchost.exe [2736:2936] 000007fee73dc380 Thread C:\Windows\SysWOW64\ntdll.dll [1604:2612] 000000000022f59b Thread C:\Windows\SysWOW64\ntdll.dll [1604:3188] 0000000072fed5b0 Thread C:\Windows\SysWOW64\ntdll.dll [1604:3376] 0000000072fed5b0 Thread C:\Windows\SysWOW64\ntdll.dll [1604:3412] 0000000072fed5b0 Thread C:\Windows\SysWOW64\ntdll.dll [1604:3416] 0000000072fed5b0 Thread C:\Windows\SysWOW64\ntdll.dll [1604:3428] 0000000072fed5b0 Thread C:\Windows\SysWOW64\ntdll.dll [1604:3432] 0000000072fed5b0 Thread C:\Windows\SysWOW64\ntdll.dll [1604:3436] 0000000072fed5b0 Thread C:\Windows\SysWOW64\ntdll.dll [1604:3456] 0000000072fed5b0 Thread C:\Windows\System32\svchost.exe [3664:7900] 000007feca4d9688 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6432:7648] 000007fefa112be0 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6432:7676] 000007fec8188a28 Thread C:\Windows\system32\taskhost.exe [3548:1720] 000007fed411ee1c ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{A497AD70-C44E-4F83-ABF5-7E1B71FC9832}\Connection@Name isatap.{A762F05E-F1AF-4B8D-A657-FE5366087EEF} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{C7225F1D-FFCA-470E-B3BC-738D5D44BD29}?\Device\{5FE55777-92F1-4D51-9A08-C48EA96B9AA9}?\Device\{B25E289B-CD1D-4D7D-AF44-94A405018872}?\Device\{3144446E-C194-48B3-9300-04D607731E7A}?\Device\{86EDF8C1-FE1D-496E-B498-BB1CFB64752B}?\Device\{A497AD70-C44E-4F83-ABF5-7E1B71FC9832}?\Device\{EABB6F72-A653-4BA7-B17F-3E10C1F28388}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{C7225F1D-FFCA-470E-B3BC-738D5D44BD29}"?"{5FE55777-92F1-4D51-9A08-C48EA96B9AA9}"?"{B25E289B-CD1D-4D7D-AF44-94A405018872}"?"{3144446E-C194-48B3-9300-04D607731E7A}"?"{86EDF8C1-FE1D-496E-B498-BB1CFB64752B}"?"{A497AD70-C44E-4F83-ABF5-7E1B71FC9832}"?"{EABB6F72-A653-4BA7-B17F-3E10C1F28388}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{C7225F1D-FFCA-470E-B3BC-738D5D44BD29}?\Device\TCPIP6TUNNEL_{5FE55777-92F1-4D51-9A08-C48EA96B9AA9}?\Device\TCPIP6TUNNEL_{B25E289B-CD1D-4D7D-AF44-94A405018872}?\Device\TCPIP6TUNNEL_{3144446E-C194-48B3-9300-04D607731E7A}?\Device\TCPIP6TUNNEL_{86EDF8C1-FE1D-496E-B498-BB1CFB64752B}?\Device\TCPIP6TUNNEL_{A497AD70-C44E-4F83-ABF5-7E1B71FC9832}?\Device\TCPIP6TUNNEL_{EABB6F72-A653-4BA7-B17F-3E10C1F28388}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ??????????????????????????????Zisatap.{D99EBE02-28EF-48D0-8C5E-13E308894787}????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????2Karta Microsoft ISATAP #5????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\184f320d3108 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\184f320d5da2 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\185e0f218cba Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\185e0f21cfb3 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\484520b58eab Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cbb589fbbc8 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cbb589fbbfc Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cbb58ac0049 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\acb57df1257e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\d85de239a72c Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3144446E-C194-48B3-9300-04D607731E7A}@InterfaceName isatap.{013F33B2-9C57-4E49-8F41-90E48B08DBB5} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3144446E-C194-48B3-9300-04D607731E7A}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{A497AD70-C44E-4F83-ABF5-7E1B71FC9832}@InterfaceName isatap.{A762F05E-F1AF-4B8D-A657-FE5366087EEF} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{A497AD70-C44E-4F83-ABF5-7E1B71FC9832}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???i????Wolumin uniwersalny??4???i?i?????i?i????????????????????????LegacyDriver?v????N??i???3?????3?3??? B??i???/??????????????????????????Rasl2tp??1???i???i???i??{8ECC055D-047F-11D1-A537-0000F8753ED1}??????Security Processor Loader Driver?????i?i?i?i?i?i?i???????????4?????????????????????????s?0???????i???e??sy??sy???????????4???????????????_???????e??USB??????????????.?????s????LegacyDriver??????N??i???a????D.in??{8ECC055D-047F-11D1-A537-0000F8753ED1}?1.1??? ^??i???s?????s????@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100? BI???i?i?i?i?i?i?i???????????4??????7???? b??i?????????chi???i?i?i?i?i?i?i??mouclass?????????????????????????????i???????3??usbhub?????????????????????s?????????????????????????????????????j?j????????f0??{8ECC055D-047F-11D1-A537-0000F8753ED1}???3??@%systemroot%\system32\drivers\RDPENCDD.sys,-101?M???????????6??????54?????????????????s?????i??USB?????? \??i???-?????D-R???????_???????e????X??????????????????????j?j?i???????????????????g??????me??volume.inf???????????????4???????i?i??????? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???w????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|??????????w??????????????????????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|?????????w??????????????e????????w???;???????????????????w???;?????????P?????????????????????w???;???????????;???????????}?}?P???x?x?w???????w???????????????e???z?z?z???w???w??????????????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|?????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31305|Desc=@F Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\184f320d3108 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\184f320d5da2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\185e0f218cba (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\185e0f21cfb3 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\484520b58eab (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cbb589fbbc8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cbb589fbbfc (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cbb58ac0049 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\acb57df1257e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\d85de239a72c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???o?s?????????????????????????????????????????????????????g????????????????? ???????o?????o?????o?????????????? ??????????????????????????????o????? ???????o???????????o???????????????????????????????????????????o?????o????? ???????o?????o????????????????????????????? ???????o???????????o????????0????????M???????????????????????????????????????????????????? ??????????????????? ??????????????????????????????????????s????? ???????????????????????o??????p???? ???????????????????????????????????????o?o?o?o?o?o?o?o?o??????????????????????? ???????n???????????o??????????V????????a???o????:??o????????h?????system32\drivers\amdxata.sys????SCSI miniport?????V??o???????????d??amdsata.inf_amd64_neutral_fa9a4835d180b5fc???????o?o?o?o?o?oin??LocalSystem?????????????????t????t?p?t?t?t??????????? ???????n?????o?????o??????????R???????D?????R??o?????????e????@%systemroot%\system32\appidsvc.dll,-102??????N??o??????????????\SystemRoot\system32\drivers\appid.sys????????R??o?????????n????@%systemroot%\system32\appidsvc.dll,-10 Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???o?????????????????????????????????}??????ta??????ta???o?????? ????\?g\U????6??o??????????????EPFW Filter Driver?ata????2??o????????h??????p?l?p?s?8????~??w???7???????A??system32\DRIVERS\epfwwfpr.sys???ELAN PS/2 Port Input Device??????????o??????p???Pointer Port??????L??|?????????e?????????????w???i??????F2????????????????????8??o?????????e?????o?o?o?o?o?o?o??????????????????????????t???????????????????????%systemroot%\system32\netevent.dll;%systemroot%\system32\iologmsg.dll???WPD??o??%SystemRoot%\system32\winevt\Logs\Application.evtx???????????????????e????????????????n??????? ??o???????=?????????????????????s?????????????????????????????????v??\SystemRoot\system32\drivers\cmdide.sys??.??System Bus Extender???????R??o???????????d??mshdc.inf_amd64_neutral_a69a58a4286f0b22?????o?o?o?o?o?o????@%systemroot%\system32\cscsvc.dll,-203???????|?|?z??????????14???????????????k???3?????e*I???????????????????????????9??????????system32\DRIVERS\eamonm.sys?55??55????????????????????????(??o????????????D??s????????????? ---- Files - GMER 2.2 ---- File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000414 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030ac 28562 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030ad 28927 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030ae 32318 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030b3 32038 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030b5 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030b6 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030b7 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030b8 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030b9 20750 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030ba 21009 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030bb 26990 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030bc 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030bd 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030be 18182 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003087 37541 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003088 95442 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00308a 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00308b 27304 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00308c 23249 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00308d 26744 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00308e 16753 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00308f 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003090 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003091 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003092 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003093 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003094 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003095 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003096 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0024a0 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003098 114937 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003099 111484 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00309a 16447 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00309b 21689 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00309c 207123 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00309d 29252 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00309e 37726 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00309f 157595 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030a0 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030a1 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030a2 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030a3 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030a4 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030a5 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030a6 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030a7 18786 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030a8 44143 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030a9 16753 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030aa 18778 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002083 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002086 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0020a8 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002087 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003097 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000988 134372 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030ab 30367 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0030bf 17112 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00328b 64425 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002a12 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002a16 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003030 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003059 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00306d 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003029 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00302a 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00302b 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00302c 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00302d 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00302e 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00302f 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00305a 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00305d 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00305e 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003060 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003061 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003062 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003063 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003064 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003065 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003066 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003067 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003068 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003069 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00306a 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00306b 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00306c 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003031 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003032 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003033 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003034 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003035 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003036 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003037 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003038 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003039 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00303a 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00303b 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00303c 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00303d 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00303e 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00303f 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003051 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003055 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003058 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00306e 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00306f 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003070 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003071 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003072 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003073 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003078 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003079 441679 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00307a 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00307d 0 bytes ---- EOF - GMER 2.2 ----