Westwest75 | 13.02.2014 16:34 | Das GMER File: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-13 16:06:30
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 Corsair_ rev.5.02 223,57GB
Running: Gmer-19357.exe; Driver: C:\Users\X-12\AppData\Local\Temp\kxldipob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077301465 2 bytes [30, 77]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773014bb 2 bytes [30, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077301465 2 bytes [30, 77]
.text C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773014bb 2 bytes [30, 77]
.text ... * 2
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[2032] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077dbfaa8 5 bytes JMP 00000001737718a8
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[2032] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077dc0038 5 bytes JMP 0000000173771ea1
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[2032] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize + 779 00000000770ab9f8 4 bytes [96, 25, 77, 73]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077301465 2 bytes [30, 77]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773014bb 2 bytes [30, 77]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077301465 2 bytes [30, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773014bb 2 bytes [30, 77]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000075421a22 2 bytes [42, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000075421ad0 2 bytes [42, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000075421b08 2 bytes [42, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000075421bba 2 bytes [42, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000075421bda 2 bytes [42, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077301465 2 bytes [30, 77]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773014bb 2 bytes [30, 77]
.text ... * 2
.text C:\Program Files\OO Software\DiskImage\oodiag.exe[2476] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000077ab9b80 13 bytes {MOV R11, 0x13f366cf8; JMP R11}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077301465 2 bytes [30, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773014bb 2 bytes [30, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077301465 2 bytes [30, 77]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773014bb 2 bytes [30, 77]
.text ... * 2
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077301465 2 bytes [30, 77]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773014bb 2 bytes [30, 77]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077301465 2 bytes [30, 77]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773014bb 2 bytes [30, 77]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077301465 2 bytes [30, 77]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773014bb 2 bytes [30, 77]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077301465 2 bytes [30, 77]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773014bb 2 bytes [30, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077bc11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077bc1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077bc143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077bc158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077bc191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077bc1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077bc1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077bc1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077bc1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077bc1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077bc1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077bc1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077bc1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077bc2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077bc2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077bc2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077bc27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077bc27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077bc282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077bc2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077bc2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077bc2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077bc3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077bc323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077bc33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077bc3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077bc3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077bc3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077bc3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077bc4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077c11380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077c11500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077c11530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c11700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c11f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000756a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000756a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000756a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000756a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000756a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000756a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000756a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000756a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000756a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000756a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077bc11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077bc1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077bc143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077bc158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077bc191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077bc1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077bc1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077bc1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077bc1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077bc1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077bc1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077bc1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077bc1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077bc2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077bc2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077bc2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077bc27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077bc27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077bc282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077bc2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077bc2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077bc2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077bc3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077bc323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077bc33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077bc3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077bc3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077bc3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077bc3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077bc4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077c11380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077c11500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077c11530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c11700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c11f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000756a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000756a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000756a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000756a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000756a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000756a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000756a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000756a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000756a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000756a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077bc11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077bc1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077bc143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077bc158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077bc191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077bc1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077bc1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077bc1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077bc1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077bc1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077bc1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077bc1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077bc1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077bc2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077bc2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077bc2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077bc27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077bc27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077bc282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077bc2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077bc2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077bc2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077bc3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077bc323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077bc33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077bc3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077bc3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077bc3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077bc3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077bc4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077c11380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077c11500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077c11530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c11700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c11f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000756a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000756a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000756a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000756a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000756a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000756a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000756a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000756a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000756a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000756a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077bc11f5 8 bytes {JMP 0xd}
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077bc1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077bc143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077bc158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077bc191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077bc1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077bc1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077bc1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077bc1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077bc1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077bc1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077bc1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077bc1fd7 8 bytes {JMP 0xb}
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077bc2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077bc2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077bc2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077bc27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077bc27d2 8 bytes {JMP 0x10}
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077bc282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077bc2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077bc2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077bc2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077bc3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077bc323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077bc33c0 16 bytes {JMP 0x4e}
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077bc3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077bc3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077bc3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077bc3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077bc4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077c11380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077c11500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077c11530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c11700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c11f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000756a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000756a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000756a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000756a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000756a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000756a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000756a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000756a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000756a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000756a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077301465 2 bytes [30, 77]
.text C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773014bb 2 bytes [30, 77]
.text ... * 2
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077bc11f5 8 bytes {JMP 0xd}
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077bc1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077bc143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077bc158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077bc191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077bc1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077bc1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077bc1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077bc1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077bc1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077bc1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077bc1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077bc1fd7 8 bytes {JMP 0xb}
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077bc2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077bc2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077bc2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077bc27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077bc27d2 8 bytes {JMP 0x10}
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077bc282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077bc2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077bc2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077bc2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077bc3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077bc323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077bc33c0 16 bytes {JMP 0x4e}
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077bc3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077bc3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077bc3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077bc3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077bc4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077c11380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077c11500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077c11530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c11700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c11f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000756a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000756a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000756a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000756a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000756a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000756a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000756a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000756a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000756a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000756a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Threads - GMER 2.1 ----
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3468:3484] 00000000761c7587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3468:3488] 0000000070e97712
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3468:3520] 0000000077df2e65
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3468:8132] 0000000077df3e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3468:5160] 0000000077df3e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3468:6764] 0000000077df3e85
Thread C:\Windows\System32\svchost.exe [6272:3296] 000007fef88c9688
---- Processes - GMER 2.1 ----
Library C:\ProgramData\EPSON\EPSON XP-600 Series\Language\0407.E_SJE0AB.DLL (*** suspicious ***) @ C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNJCE.EXE [5636] (EPSON Status Monitor 3/SEIKO EPSON CORPORATION)(2013-05-17 17:19:38) 00000000003c0000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk1\DR1 unknown MBR code
---- EOF - GMER 2.1 ---- |