angelofblood | 21.11.2014 14:30 | Achja und was ich noch vergessen habe zu posten ist der log von GERM.
Ich hoffe es hilft das Problem zu finden, und danke jedem, der mir helfen will.
GMER Logfile: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-21 13:06:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000LM rev.2BA3 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\FREDER~1\AppData\Local\Temp\ufloiuog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000771211f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077121390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007712143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007712158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007712191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077121b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077121bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077121d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077121eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077121edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077121f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077121fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077121fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077122272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077122301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077122792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771227b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000771227d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007712282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077122890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077122d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077122d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077123023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007712323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000771233c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077123a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077123ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077123b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077123d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077124190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077171380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077171500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077171530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077171650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077171700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077171d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077171f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771727e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007389146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073891a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073891a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073891a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4672] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073891a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077171530 16 bytes [50, 48, B8, 18, 35, B4, EF, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077171380 16 bytes [50, 48, B8, CC, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000771714f0 16 bytes [50, 48, B8, 24, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077171510 48 bytes [50, 48, B8, A0, E3, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077171550 16 bytes [50, 48, B8, F0, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000771715a0 32 bytes [50, 48, B8, 48, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771715e0 16 bytes [50, 48, B8, 30, E3, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077171680 16 bytes [50, 48, B8, 78, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077171800 16 bytes [50, 48, B8, F4, E1, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077172270 16 bytes [50, 48, B8, C4, E3, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771722c0 16 bytes [50, 48, B8, 00, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077172410 16 bytes [50, 48, B8, 8C, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5972] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077171380 16 bytes [50, 48, B8, CC, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000771714f0 16 bytes [50, 48, B8, 24, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077171510 48 bytes [50, 48, B8, A0, E3, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5972] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077171550 16 bytes [50, 48, B8, F0, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000771715a0 32 bytes [50, 48, B8, 48, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771715e0 16 bytes [50, 48, B8, 30, E3, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077171680 16 bytes [50, 48, B8, 78, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077171800 16 bytes [50, 48, B8, F4, E1, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077172270 16 bytes [50, 48, B8, C4, E3, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771722c0 16 bytes [50, 48, B8, 00, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077172410 16 bytes [50, 48, B8, 8C, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077171380 16 bytes [50, 48, B8, CC, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000771714f0 16 bytes [50, 48, B8, 24, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077171510 48 bytes [50, 48, B8, A0, E3, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077171550 16 bytes [50, 48, B8, F0, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000771715a0 32 bytes [50, 48, B8, 48, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771715e0 16 bytes [50, 48, B8, 30, E3, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077171680 16 bytes [50, 48, B8, 78, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077171800 16 bytes [50, 48, B8, F4, E1, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077172270 16 bytes [50, 48, B8, C4, E3, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771722c0 16 bytes [50, 48, B8, 00, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077172410 16 bytes [50, 48, B8, 8C, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000771211f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077121390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007712143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007712158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007712191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077121b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077121bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077121d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077121eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077121edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077121f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077121fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077121fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077122272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077122301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077122792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771227b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000771227d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007712282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077122890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077122d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077122d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077123023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007712323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000771233c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077123a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077123ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077123b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077123d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077124190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077171380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077171500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077171530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077171650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077171700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077171d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077171f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771727e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007389146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073891a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073891a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073891a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073891a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000771211f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077121390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007712143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007712158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007712191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077121b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077121bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077121d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077121eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077121edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077121f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077121fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077121fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077122272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077122301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077122792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771227b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000771227d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007712282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077122890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077122d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077122d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077123023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007712323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000771233c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077123a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077123ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077123b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077123d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077124190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077171380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077171500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077171530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077171650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077171700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077171d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077171f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771727e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007389146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073891a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073891a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073891a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[6560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073891a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000771211f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077121390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007712143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007712158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007712191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077121b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077121bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077121d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077121eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077121edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077121f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077121fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077121fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077122272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077122301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077122792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771227b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000771227d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007712282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077122890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077122d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077122d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077123023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007712323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000771233c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077123a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077123ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077123b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077123d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077124190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077171380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077171500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077171530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077171650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077171700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077171d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077171f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771727e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007389146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073891a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073891a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073891a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073891a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000771211f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077121390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007712143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007712158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007712191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077121b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077121bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077121d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077121eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077121edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077121f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077121fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077121fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077122272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077122301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077122792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771227b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000771227d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007712282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077122890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077122d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077122d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077123023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007712323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000771233c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077123a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077123ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077123b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077123d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077124190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077171380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077171500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077171530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077171650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077171700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077171d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077171f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771727e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007389146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073891a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073891a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073891a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073891a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000771211f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077121390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007712143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007712158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007712191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077121b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077121bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077121d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077121eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077121edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077121f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077121fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077121fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077122272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077122301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077122792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771227b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000771227d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007712282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077122890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077122d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077122d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077123023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007712323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000771233c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077123a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077123ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077123b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077123d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077124190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077171380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077171500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077171530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077171650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077171700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077171d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077171f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771727e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007389146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073891a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073891a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073891a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073891a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d61401 2 bytes JMP 7510b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d61419 2 bytes JMP 7510b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d61431 2 bytes JMP 75188ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d6144a 2 bytes CALL 750e48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d614dd 2 bytes JMP 751887a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d614f5 2 bytes JMP 75188978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d6150d 2 bytes JMP 75188698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d61525 2 bytes JMP 75188a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d6153d 2 bytes JMP 750ffca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d61555 2 bytes JMP 751068ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d6156d 2 bytes JMP 75188f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d61585 2 bytes JMP 75188ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d6159d 2 bytes JMP 7518865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d615b5 2 bytes JMP 750ffd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d615cd 2 bytes JMP 7510b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d616b2 2 bytes JMP 75188e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d616bd 2 bytes JMP 751885f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000771211f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077121390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007712143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007712158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007712191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077121b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077121bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077121d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077121eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077121edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077121f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077121fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077121fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077122272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077122301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077122792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771227b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000771227d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007712282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077122890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077122d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077122d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077123023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007712323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000771233c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077123a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077123ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077123b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077123d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077124190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077171380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077171500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077171530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077171650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077171700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077171d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077171f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771727e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007389146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073891a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073891a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073891a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073891a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077171380 16 bytes [50, 48, B8, CC, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000771714f0 16 bytes [50, 48, B8, 24, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077171510 48 bytes [50, 48, B8, A0, E3, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077171550 16 bytes [50, 48, B8, F0, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000771715a0 32 bytes [50, 48, B8, 48, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771715e0 16 bytes [50, 48, B8, 30, E3, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077171680 16 bytes [50, 48, B8, 78, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077171800 16 bytes [50, 48, B8, F4, E1, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077172270 16 bytes [50, 48, B8, C4, E3, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771722c0 16 bytes [50, 48, B8, 00, E4, 4B, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077172410 16 bytes [50, 48, B8, 8C, E4, 4B, 3F, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000771211f5 8 bytes {JMP 0xd}
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077121390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007712143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007712158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007712191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077121b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077121bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077121d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077121eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077121edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077121f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077121fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077121fd7 8 bytes {JMP 0xb}
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077122272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077122301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077122792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771227b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000771227d2 8 bytes {JMP 0x10}
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007712282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077122890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077122d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077122d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077123023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007712323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000771233c0 16 bytes {JMP 0x4e}
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077123a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077123ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077123b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077123d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077124190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077171380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077171500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077171530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077171650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077171700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077171d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077171f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771727e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007389146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073891a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073891a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073891a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Frederick\Desktop\Gmer-19357.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073891a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\20689d7aec72
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\20689d7aec72 (not active ControlSet)
---- EOF - GMER 2.1 ---- --- --- --- |