GMER: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-02 17:30:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD322HJ rev.1AC01118 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Admin\AppData\Local\Temp\kgdiqpow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007790faa4 5 bytes JMP 0000000172f518dd
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910034 5 bytes JMP 0000000172f51ed6
.text C:\Windows\SysWOW64\PnkBstrA.exe[2928] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000074ae17fa 2 bytes CALL 759911a9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2928] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000074ae1860 2 bytes CALL 759911a9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2928] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000074ae1942 2 bytes JMP 77037089 C:\Windows\syswow64\WS2_32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2928] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000074ae194d 2 bytes JMP 7703cba6 C:\Windows\syswow64\WS2_32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000778c1401 2 bytes JMP 759bb1ef C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2928] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000778c1419 2 bytes JMP 759bb31a C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000778c1431 2 bytes JMP 75a38f09 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000778c144a 2 bytes CALL 75994885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Windows\SysWOW64\PnkBstrA.exe[2928] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000778c14dd 2 bytes JMP 75a38802 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000778c14f5 2 bytes JMP 75a389d8 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000778c150d 2 bytes JMP 75a386f8 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000778c1525 2 bytes JMP 75a38ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000778c153d 2 bytes JMP 759afc78 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2928] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000778c1555 2 bytes JMP 759b68bf C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000778c156d 2 bytes JMP 75a38fc1 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000778c1585 2 bytes JMP 75a38b22 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000778c159d 2 bytes JMP 75a386bc C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000778c15b5 2 bytes JMP 759afd11 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000778c15cd 2 bytes JMP 759bb2b0 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000778c16b2 2 bytes JMP 75a38e84 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000778c16bd 2 bytes JMP 75a38651 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\vmnat.exe[1688] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4 0000000074ad13b0 2 bytes JMP 76465660 C:\Windows\syswow64\SHELL32.dll
.text C:\Windows\SysWOW64\vmnat.exe[1688] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20 0000000074ad13c0 2 bytes CALL 75469cee C:\Windows\syswow64\msvcrt.dll
.text ... * 20
.text C:\Windows\SysWOW64\vmnat.exe[1688] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22 0000000074ad153e 2 bytes CALL 764f7794 C:\Windows\syswow64\SHELL32.dll
.text C:\Windows\SysWOW64\vmnat.exe[1688] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43 0000000074ad1553 2 bytes CALL 759910ff C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000777113ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077711544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000777118ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077711ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077711bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077711d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077711e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077711f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077712248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777126f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077712712 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007771276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000777127d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077712b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077712be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000777130bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077713248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000777137c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000777138b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077713a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077713fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077714061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000777140d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077714216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077714254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000777144c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000777146ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077714773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077714867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077714986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077714ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077714b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077714d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077714f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077715007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000777151f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077716006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000777161be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000777163ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000777163ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077716404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007771645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077716c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007775dca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007775de20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007775de50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007775df70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007775e020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007775e650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007775e8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007775f100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000751b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000751b146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000751b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000751b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000751b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000751b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000778c1401 2 bytes JMP 759bb1ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000778c1419 2 bytes JMP 759bb31a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000778c1431 2 bytes JMP 75a38f09 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000778c144a 2 bytes CALL 75994885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000778c14dd 2 bytes JMP 75a38802 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000778c14f5 2 bytes JMP 75a389d8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000778c150d 2 bytes JMP 75a386f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000778c1525 2 bytes JMP 75a38ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000778c153d 2 bytes JMP 759afc78 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000778c1555 2 bytes JMP 759b68bf C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000778c156d 2 bytes JMP 75a38fc1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000778c1585 2 bytes JMP 75a38b22 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000778c159d 2 bytes JMP 75a386bc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000778c15b5 2 bytes JMP 759afd11 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000778c15cd 2 bytes JMP 759bb2b0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000778c16b2 2 bytes JMP 75a38e84 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000778c16bd 2 bytes JMP 75a38651 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000777113ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077711544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000777118ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077711ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077711bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077711d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077711e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077711f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077712248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777126f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077712712 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007771276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000777127d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077712b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077712be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000777130bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077713248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000777137c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000777138b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077713a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077713fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077714061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000777140d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077714216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077714254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000777144c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000777146ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077714773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077714867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077714986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077714ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077714b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077714d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077714f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077715007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000777151f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077716006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000777161be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000777163ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000777163ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077716404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007771645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077716c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007775dca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007775de20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007775de50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007775df70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007775e020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007775e650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007775e8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007775f100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000751b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000751b146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000751b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000751b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000751b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe[4472] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000751b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000777113ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077711544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000777118ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077711ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077711bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077711d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077711e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077711f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077712248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777126f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077712712 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007771276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000777127d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077712b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077712be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000777130bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077713248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000777137c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000777138b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077713a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077713fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077714061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000777140d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077714216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077714254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000777144c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000777146ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077714773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077714867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077714986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077714ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077714b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077714d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077714f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077715007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000777151f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077716006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000777161be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000777163ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000777163ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077716404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007771645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077716c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007775dca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007775de20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007775de50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007775df70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007775e020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007775e650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007775e8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007775f100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000751b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000751b146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000751b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000751b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000751b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[5512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000751b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000777113ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077711544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000777118ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077711ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077711bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077711d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077711e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077711f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077712248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777126f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077712712 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007771276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000777127d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077712b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077712be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000777130bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077713248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000777137c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000777138b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077713a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077713fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077714061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000777140d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077714216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077714254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000777144c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000777146ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077714773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077714867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077714986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077714ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077714b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077714d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077714f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077715007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000777151f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077716006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000777161be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000777163ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000777163ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077716404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007771645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077716c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007775dca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007775de20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007775de50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007775df70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007775e020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007775e650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007775e8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007775f100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000751b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000751b146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000751b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000751b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000751b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000751b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000777113ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077711544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000777118ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077711ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077711bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077711d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077711e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077711f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077712248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777126f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077712712 8 bytes {JMP 0x10}
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007771276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000777127d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077712b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077712be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000777130bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077713248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000777137c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000777138b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077713a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077713fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077714061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000777140d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077714216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077714254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000777144c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000777146ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077714773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077714867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077714986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077714ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077714b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077714d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077714f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077715007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000777151f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077716006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000777161be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000777163ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000777163ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077716404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007771645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077716c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007775dca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007775de20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007775de50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007775df70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007775e020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007775e650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007775e8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007775f100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000751b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000751b146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000751b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000751b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000751b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Robert\Desktop\Gmer-19357.exe[5588] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000751b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [2344:6040] 000007feeff29688
---- EOF - GMER 2.1 ---- Noch zu erwähnen ist, das ich MBAM(Premium) besitze und die Untersuchungen mit diesem keine Funde ergab.
Im voraus schon mal vielen Dank.
Mit freundlichen Grüßen
Necro |