Mbar nichts gefunden, hier der Report: Code:
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
Database version:
main: v2015.02.09.10
rootkit: v2015.02.03.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Niko :: QUESTMASTER3000 [administrator]
09.02.2015 22:28:19
mbar-log-2015-02-09 (22-28-19).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 367075
Time elapsed: 12 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end) Und hiern och das fehlende GMER Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-09 22:04:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Niko\AppData\Local\Temp\fwldiaoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[1784] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072ec1a22 2 bytes [EC, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1784] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072ec1ad0 2 bytes [EC, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1784] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072ec1b08 2 bytes [EC, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1784] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072ec1bba 2 bytes [EC, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1784] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072ec1bda 2 bytes [EC, 72]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077671398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007767143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077671594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007767191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077671bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077671d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077671edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077671fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776727d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007767282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077672898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077672d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077672d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007767323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077673a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077673ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077673b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077674190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077674241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077674434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077674a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077674b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077674c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077674d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077674ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077674ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007767668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007767687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007767692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077677166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077677dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077677e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776c1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000776c1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776c1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776c1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776c1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776c1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000776c1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776c27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000751213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007512146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000751216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000751219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000751219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075121a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077671398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007767143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077671594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007767191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077671bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077671d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077671edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077671fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776727d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007767282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077672898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077672d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077672d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007767323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077673a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077673ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077673b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077674190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077674241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077674434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077674a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077674b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077674c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077674d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077674ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077674ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007767668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007767687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007767692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077677166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077677dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077677e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776c1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000776c1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776c1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776c1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776c1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776c1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000776c1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776c27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000751213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007512146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000751216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000751219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000751219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075121a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077671398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007767143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077671594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007767191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077671bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077671d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077671edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077671fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776727d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007767282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077672898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077672d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077672d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007767323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077673a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077673ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077673b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077674190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077674241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077674434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077674a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077674b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077674c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077674d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077674ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077674ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007767668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007767687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007767692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077677166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077677dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077677e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776c1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000776c1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776c1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776c1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776c1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776c1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000776c1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776c27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000751213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007512146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000751216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000751219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000751219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075121a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077671398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007767143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077671594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007767191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077671bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077671d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077671edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077671fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776727d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007767282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077672898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077672d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077672d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007767323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077673a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077673ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077673b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077674190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077674241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077674434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077674a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077674b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077674c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077674d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077674ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077674ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007767668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007767687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007767692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077677166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077677dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077677e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776c1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000776c1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776c1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776c1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776c1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776c1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000776c1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776c27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000751213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007512146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000751216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000751219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000751219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075121a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077671398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007767143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077671594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007767191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077671bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077671d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077671edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077671fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776727d2 8 bytes {JMP 0x10}
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007767282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077672898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077672d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077672d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007767323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077673a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077673ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077673b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077674190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077674241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077674434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077674a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077674b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077674c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077674d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077674ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077674ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007767668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007767687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007767692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077677166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077677dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077677e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776c1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000776c1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776c1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776c1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776c1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776c1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000776c1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776c27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000751213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007512146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000751216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000751219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000751219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075121a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=26F42A7 TREIBER\Windows XP\Intel\xae Matrix Storage Manager\Setup.exe 1
---- EOF - GMER 2.1 ---- |