Code:
GMER 2.2.19882 - hxxp://www.gmer.net
Rootkit scan 2016-11-10 17:10:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 Samsung_SSD_850_EVO_500GB rev.EMT02B6Q 465,76GB
Running: gmer-2.2.19882.exe; Driver: C:\Users\Manu\AppData\Local\Temp\kxldypog.sys
---- User code sections - GMER 2.2 ----
.text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2392] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075191401 2 bytes JMP 7551b233 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2392] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075191419 2 bytes JMP 7551b35e C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2392] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075191431 2 bytes JMP 75599149 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2392] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007519144a 2 bytes CALL 754f4885 C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2392] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000751914dd 2 bytes JMP 75598a42 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2392] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000751914f5 2 bytes JMP 75598c18 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2392] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007519150d 2 bytes JMP 75598938 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2392] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075191525 2 bytes JMP 75598d02 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2392] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007519153d 2 bytes JMP 7550fcc0 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2392] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075191555 2 bytes JMP 75516907 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2392] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007519156d 2 bytes JMP 75599201 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2392] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075191585 2 bytes JMP 75598d62 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2392] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007519159d 2 bytes JMP 755988fc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2392] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000751915b5 2 bytes JMP 7550fd59 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2392] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000751915cd 2 bytes JMP 7551b2f4 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2392] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000751916b2 2 bytes JMP 755990c4 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2392] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000751916bd 2 bytes JMP 75598891 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775c1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775c12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775c1434 8 bytes [50, DE, F6, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000775c17be 8 bytes [40, DE, F6, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775c1a94 8 bytes [30, DE, F6, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775c1c15 8 bytes [20, DE, F6, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775c1d7f 8 bytes [10, DE, F6, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775c1e65 8 bytes [00, DE, F6, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775c20c8 8 bytes [F0, DD, F6, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007760be00 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007760bf80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760bfb0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760c0d0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760c180 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760c7b0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007760ca00 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760d260 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073c613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073c6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073c616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073c619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073c619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4308] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073c61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775c1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775c12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775c1434 8 bytes [50, 6E, F6, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000775c17be 8 bytes [40, 6E, F6, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775c1a94 8 bytes [30, 6E, F6, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775c1c15 8 bytes [20, 6E, F6, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775c1d7f 8 bytes [10, 6E, F6, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775c1e65 8 bytes [00, 6E, F6, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775c20c8 8 bytes [F0, 6D, F6, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007760be00 8 bytes {JMP QWORD [RIP-0x4a1f1]}
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007760bf80 8 bytes {JMP QWORD [RIP-0x4a207]}
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]}
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760c0d0 8 bytes {JMP QWORD [RIP-0x4a642]}
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760c180 8 bytes {JMP QWORD [RIP-0x4a9c8]}
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760c7b0 8 bytes {JMP QWORD [RIP-0x4a512]}
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007760ca00 8 bytes {JMP QWORD [RIP-0x4a93e]}
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760d260 8 bytes {JMP QWORD [RIP-0x4b401]}
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073c613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073c6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073c616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073c619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073c619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073c61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075412bdc 5 bytes JMP 000000005ab28fe6
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075412e7e 5 bytes JMP 000000005ab29050
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075191401 2 bytes JMP 7551b233 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075191419 2 bytes JMP 7551b35e C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075191431 2 bytes JMP 75599149 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007519144a 2 bytes CALL 754f4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751914dd 2 bytes JMP 75598a42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751914f5 2 bytes JMP 75598c18 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007519150d 2 bytes JMP 75598938 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075191525 2 bytes JMP 75598d02 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007519153d 2 bytes JMP 7550fcc0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075191555 2 bytes JMP 75516907 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007519156d 2 bytes JMP 75599201 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075191585 2 bytes JMP 75598d62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007519159d 2 bytes JMP 755988fc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751915b5 2 bytes JMP 7550fd59 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751915cd 2 bytes JMP 7551b2f4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751916b2 2 bytes JMP 755990c4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751916bd 2 bytes JMP 75598891 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775c1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775c12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775c1434 8 bytes [50, 8E, EF, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000775c17be 8 bytes [40, 8E, EF, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775c1a94 8 bytes [30, 8E, EF, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775c1c15 8 bytes [20, 8E, EF, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775c1d7f 8 bytes [10, 8E, EF, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775c1e65 8 bytes [00, 8E, EF, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775c20c8 8 bytes [F0, 8D, EF, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007760be00 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007760bf80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760bfb0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760c0d0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760c180 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760c7b0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007760ca00 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760d260 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073c613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073c6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073c616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073c619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073c619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe[4888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073c61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775c1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775c12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775c1434 8 bytes {PUSH RAX; SCASB ; JMP 0x82}
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000775c17be 8 bytes {SCASB ; JMP 0x82}
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775c1a94 8 bytes [30, AE, EB, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775c1c15 8 bytes [20, AE, EB, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775c1d7f 8 bytes [10, AE, EB, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775c1e65 8 bytes [00, AE, EB, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775c20c8 8 bytes {LODSD ; JMP 0x82}
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007760be00 8 bytes {JMP QWORD [RIP-0x4a1f1]}
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007760bf80 8 bytes {JMP QWORD [RIP-0x4a207]}
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]}
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760c0d0 8 bytes {JMP QWORD [RIP-0x4a642]}
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760c180 8 bytes {JMP QWORD [RIP-0x4a9c8]}
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760c7b0 8 bytes {JMP QWORD [RIP-0x4a512]}
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007760ca00 8 bytes {JMP QWORD [RIP-0x4a93e]}
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760d260 8 bytes {JMP QWORD [RIP-0x4b401]}
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073c613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073c6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073c616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073c619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073c619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073c61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075191401 2 bytes JMP 7551b233 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075191419 2 bytes JMP 7551b35e C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075191431 2 bytes JMP 75599149 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007519144a 2 bytes CALL 754f4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751914dd 2 bytes JMP 75598a42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751914f5 2 bytes JMP 75598c18 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007519150d 2 bytes JMP 75598938 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075191525 2 bytes JMP 75598d02 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007519153d 2 bytes JMP 7550fcc0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075191555 2 bytes JMP 75516907 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007519156d 2 bytes JMP 75599201 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075191585 2 bytes JMP 75598d62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007519159d 2 bytes JMP 755988fc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751915b5 2 bytes JMP 7550fd59 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751915cd 2 bytes JMP 7551b2f4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751916b2 2 bytes JMP 755990c4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[5056] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751916bd 2 bytes JMP 75598891 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775c1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775c12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775c1434 8 bytes [50, 5E, F5, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000775c17be 8 bytes [40, 5E, F5, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775c1a94 8 bytes [30, 5E, F5, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775c1c15 8 bytes [20, 5E, F5, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775c1d7f 8 bytes [10, 5E, F5, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775c1e65 8 bytes [00, 5E, F5, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775c20c8 8 bytes [F0, 5D, F5, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007760be00 8 bytes {JMP QWORD [RIP-0x4a1f1]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007760bf80 8 bytes {JMP QWORD [RIP-0x4a207]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760c0d0 8 bytes {JMP QWORD [RIP-0x4a642]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760c180 8 bytes {JMP QWORD [RIP-0x4a9c8]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760c7b0 8 bytes {JMP QWORD [RIP-0x4a512]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007760ca00 8 bytes {JMP QWORD [RIP-0x4a93e]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760d260 8 bytes {JMP QWORD [RIP-0x4b401]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073c613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073c6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073c616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073c619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073c619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073c61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775c1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775c12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775c1434 8 bytes [50, 7E, E9, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000775c17be 8 bytes [40, 7E, E9, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775c1a94 8 bytes [30, 7E, E9, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775c1c15 8 bytes [20, 7E, E9, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775c1d7f 8 bytes [10, 7E, E9, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775c1e65 8 bytes [00, 7E, E9, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775c20c8 8 bytes [F0, 7D, E9, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007760be00 8 bytes {JMP QWORD [RIP-0x4a1f1]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007760bf80 8 bytes {JMP QWORD [RIP-0x4a207]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760c0d0 8 bytes {JMP QWORD [RIP-0x4a642]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760c180 8 bytes {JMP QWORD [RIP-0x4a9c8]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760c7b0 8 bytes {JMP QWORD [RIP-0x4a512]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007760ca00 8 bytes {JMP QWORD [RIP-0x4a93e]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760d260 8 bytes {JMP QWORD [RIP-0x4b401]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073c613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073c6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073c616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073c619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073c619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4428] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073c61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775c1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775c12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775c1434 8 bytes [50, DE, F6, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000775c17be 8 bytes [40, DE, F6, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775c1a94 8 bytes [30, DE, F6, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775c1c15 8 bytes [20, DE, F6, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775c1d7f 8 bytes [10, DE, F6, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775c1e65 8 bytes [00, DE, F6, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775c20c8 8 bytes [F0, DD, F6, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007760be00 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007760bf80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760bfb0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760c0d0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760c180 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760c7b0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007760ca00 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760d260 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073c613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073c6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073c616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073c619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073c619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073c61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775c1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775c12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775c1434 8 bytes [50, 6E, F2, 7E, 00, 00, 00, ...]
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000775c17be 8 bytes [40, 6E, F2, 7E, 00, 00, 00, ...]
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775c1a94 8 bytes [30, 6E, F2, 7E, 00, 00, 00, ...]
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775c1c15 8 bytes [20, 6E, F2, 7E, 00, 00, 00, ...]
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775c1d7f 8 bytes [10, 6E, F2, 7E, 00, 00, 00, ...]
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775c1e65 8 bytes [00, 6E, F2, 7E, 00, 00, 00, ...]
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775c20c8 8 bytes [F0, 6D, F2, 7E, 00, 00, 00, ...]
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007760be00 8 bytes {JMP QWORD [RIP-0x4a1f1]}
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007760bf80 8 bytes {JMP QWORD [RIP-0x4a207]}
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]}
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760c0d0 8 bytes {JMP QWORD [RIP-0x4a642]}
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760c180 8 bytes {JMP QWORD [RIP-0x4a9c8]}
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760c7b0 8 bytes {JMP QWORD [RIP-0x4a512]}
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007760ca00 8 bytes {JMP QWORD [RIP-0x4a93e]}
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760d260 8 bytes {JMP QWORD [RIP-0x4b401]}
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073c613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073c6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073c616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073c619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073c619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Manu\Downloads\TB\gmer-2.2.19882.exe[7068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073c61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- EOF - GMER 2.2 ---- |