M4xNamara | 11.12.2013 15:51 | GMER Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-09 16:42:16
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uxrdapod.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!EngAssociateSurface + 328 fffff960000480f8 8 bytes [E0, B9, 71, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000114100 7 bytes [C0, 92, F3, FF, 01, 9C, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 9 fffff96000114109 2 bytes [06, 02]
.text ... * 108
.text C:\Windows\System32\win32k.sys!BRUSHOBJ_pvGetRbrush + 432 fffff960001cbc88 8 bytes [B8, B5, 71, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!CLIPOBJ_bEnum + 740 fffff960001cc158 8 bytes [74, B6, 71, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngAcquireSemaphoreNoWait + 76 fffff960001cc7e8 8 bytes [40, B7, 71, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngIsSemaphoreSharedByCurrentThread + 24 fffff960001cc8c8 8 bytes [58, B9, 71, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngDeleteSafeSemaphore + 52 fffff960001cc998 8 bytes [04, C0, 71, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngMapSection + 240 fffff960001cd408 8 bytes [24, B4, 71, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 386 fffff960001d2d06 6 bytes {JMP QWORD [RIP+0x3b38c]}
.text C:\Windows\System32\win32k.sys!EngCreateBitmap + 44 fffff960001d4828 8 bytes [F8, B7, 71, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngCreateEvent + 88 fffff960001dd1d8 8 bytes [30, BC, 71, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngDeleteEvent + 40 fffff960001dd208 8 bytes [98, C8, 71, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngRectInRgn + 48 fffff960001dd678 8 bytes [38, BD, 71, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngSetRectRgn + 84 fffff960001dd7f8 8 bytes [F0, C0, 71, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngGetCurrentCodePage + 20 fffff960001de018 8 bytes [70, CD, 71, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngLockDriverObj + 36 fffff960001f7c98 8 bytes [28, B3, 71, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngCreatePath + 148 fffff960001f87e8 8 bytes [D4, BC, 71, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngGetPrinterData + 24 fffff960001fe638 8 bytes [C4, C4, 71, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngGetTickCount + 24 fffff960001fe658 8 bytes [50, BE, 71, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngLoadModuleForWrite + 16 fffff9600020e5e8 8 bytes {CALL QWORD [RAX+0x471c74c]}
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077071465 2 bytes [07, 77]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770714bb 2 bytes [07, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776111f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077611390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007761158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077611b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077611bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077611eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077611f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077611fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077611fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077612272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077612301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077612792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077612890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077612d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077613023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776133c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077613d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074f916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074f91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074f91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1928] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074f91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776111f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077611390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007761158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077611b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077611bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077611eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077611f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077611fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077611fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077612272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077612301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077612792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077612890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077612d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077613023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776133c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077613d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074f916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074f91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074f91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074f91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776111f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077611390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007761158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077611b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077611bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077611eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077611f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077611fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077611fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077612272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077612301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077612792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077612890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077612d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077613023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776133c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077613d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074f916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074f91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074f91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074f91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077071465 2 bytes [07, 77]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770714bb 2 bytes [07, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776111f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077611390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007761158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077611b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077611bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077611eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077611f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077611fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077611fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077612272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077612301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077612792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077612890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077612d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077613023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776133c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077613d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074f916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074f91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074f91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074f91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776111f5 8 bytes {JMP 0xd}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077611390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007761158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077611b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077611bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077611eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077611f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077611fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077611fd7 8 bytes {JMP 0xb}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077612272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077612301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077612792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077612890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077612d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077613023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776133c0 16 bytes {JMP 0x4e}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077613d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074f916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074f91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074f91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074f91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776111f5 8 bytes {JMP 0xd}
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077611390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007761158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077611b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077611bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077611eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077611f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077611fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077611fd7 8 bytes {JMP 0xb}
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077612272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077612301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077612792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077612890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077612d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077613023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776133c0 16 bytes {JMP 0x4e}
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077613d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074f916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074f91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074f91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074f91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776111f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077611390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007761158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077611b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077611bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077611eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077611f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077611fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077611fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077612272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077612301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077612792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077612890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077612d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077613023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776133c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077613d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074f916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074f91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074f91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074f91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077071465 2 bytes [07, 77]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770714bb 2 bytes [07, 77]
.text ... * 2
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776111f5 8 bytes {JMP 0xd}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077611390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007761158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077611b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077611bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077611eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077611f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077611fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077611fd7 8 bytes {JMP 0xb}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077612272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077612301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077612792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077612890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077612d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077613023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776133c0 16 bytes {JMP 0x4e}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077613d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074f916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074f91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074f91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074f91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776111f5 8 bytes {JMP 0xd}
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077611390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007761158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077611b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077611bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077611eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077611f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077611fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077611fd7 8 bytes {JMP 0xb}
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077612272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077612301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077612792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077612890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077612d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077613023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776133c0 16 bytes {JMP 0x4e}
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077613d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074f916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074f91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074f91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[4344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074f91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Kernel IAT/EAT - GMER 2.1 ----
IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff8800477deb8] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]
---- Threads - GMER 2.1 ----
Thread [1892:856] 0000000077842e65
Thread [1892:1480] 0000000074617950
Thread [1892:2380] 00000000747bc59c
Thread [1892:2352] 00000000747bc59c
Thread [1892:3640] 00000000747bc59c
Thread [1892:3644] 00000000747bc59c
Thread [1892:3208] 00000000738233a8
Thread [1892:3276] 000000007388f5d0
Thread [1892:3652] 000000007388f5d0
Thread [1892:1924] 00000000663c91c4
Thread [1892:3596] 000000007269786a
Thread [1892:3656] 000000005f60fed7
Thread [1892:3852] 000000005f148cba
Thread [1892:3608] 000000005f148cba
Thread [1892:1752] 000000005f148cba
Thread [1892:2600] 00000000770912e5
Thread [1892:2084] 00000000770912e5
Thread [1892:1720] 0000000077843e85
Thread [1892:2864] 000000005f148cba
Thread [1892:3572] 00000000747bc59c
Thread [1892:4232] 0000000077843e85
Thread [1892:4372] 0000000077843e85
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004eb9dbaa
Reg HKLM\SYSTEM\CurrentControlSet\services\KLIF\Parameters@LastProcessedRevision 11007287
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004eb9dbaa (not active ControlSet)
---- EOF - GMER 2.1 ---- |