Code:
Alles auswählen Aufklappen ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-15 23:24:16
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3 SAMSUNG_ rev.CXM0 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\Sven\AppData\Local\Temp\pfldypow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\PnkBstrA.exe[1352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d01465 2 bytes [D0, 75]
.text C:\Windows\system32\PnkBstrA.exe[1352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d014bb 2 bytes [D0, 75]
.text ... * 2
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3924] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 0000000075d01465 2 bytes [D0, 75]
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3924] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 0000000075d014bb 2 bytes [D0, 75]
.text ... * 2
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077a511f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077a51390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077a5143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077a5158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077a5191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077a51b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077a51bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077a51d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077a51eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077a51edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077a51f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077a51fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077a51fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077a52272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077a52301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077a52792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077a527b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077a527d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077a5282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077a52890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077a52d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077a52d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077a53023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077a5323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077a533c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077a53a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077a53ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077a53b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077a53d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077a54190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077aa1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077aa1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077aa1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077aa1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077aa1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073f613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073f6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073f616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073f616e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073f619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073f619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073f61a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073f61a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073f61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073f61a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077a511f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077a51390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077a5143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077a5158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077a5191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077a51b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077a51bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077a51d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077a51eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077a51edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077a51f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077a51fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077a51fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077a52272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077a52301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077a52792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077a527b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077a527d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077a5282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077a52890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077a52d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077a52d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077a53023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077a5323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077a533c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077a53a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077a53ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077a53b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077a53d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077a54190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077aa1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077aa1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077aa1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077aa1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077aa1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073f613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073f6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073f616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073f616e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073f619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073f619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073f61a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073f61a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073f61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073f61a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077a511f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077a51390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077a5143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077a5158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077a5191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077a51b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077a51bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077a51d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077a51eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077a51edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077a51f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077a51fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077a51fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077a52272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077a52301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077a52792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077a527b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077a527d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077a5282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077a52890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077a52d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077a52d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077a53023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077a5323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077a533c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077a53a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077a53ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077a53b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077a53d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077a54190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077aa1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077aa1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077aa1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077aa1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077aa1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073f613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073f6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073f616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073f616e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073f619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073f619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073f61a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073f61a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073f61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073f61a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077a511f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077a51390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077a5143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077a5158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077a5191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077a51b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077a51bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077a51d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077a51eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077a51edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077a51f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077a51fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077a51fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077a52272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077a52301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077a52792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077a527b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077a527d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077a5282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077a52890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077a52d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077a52d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077a53023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077a5323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077a533c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077a53a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077a53ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077a53b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077a53d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077a54190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077aa1380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077aa1500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077aa1530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077aa1700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077aa1f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073f613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073f6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073f616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073f616e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073f619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073f619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073f61a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073f61a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073f61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073f61a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077a511f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077a51390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077a5143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077a5158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077a5191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077a51b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077a51bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077a51d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077a51eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077a51edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077a51f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077a51fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077a51fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077a52272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077a52301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077a52792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077a527b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077a527d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077a5282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077a52890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077a52d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077a52d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077a53023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077a5323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077a533c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077a53a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077a53ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077a53b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077a53d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077a54190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077aa1380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077aa1500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077aa1530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077aa1700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077aa1f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073f613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073f6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073f616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073f616e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073f619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073f619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073f61a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073f61a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073f61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073f61a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077a511f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077a51390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077a5143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077a5158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077a5191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077a51b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077a51bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077a51d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077a51eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077a51edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077a51f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077a51fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077a51fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077a52272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077a52301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077a52792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077a527b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077a527d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077a5282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077a52890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077a52d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077a52d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077a53023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077a5323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077a533c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077a53a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077a53ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077a53b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077a53d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077a54190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077aa1380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077aa1500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077aa1530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077aa1700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077aa1f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073f613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073f6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073f616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073f616e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073f619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073f619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073f61a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073f61a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073f61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073f61a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077a511f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077a51390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077a5143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077a5158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077a5191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077a51b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077a51bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077a51d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077a51eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077a51edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077a51f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077a51fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077a51fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077a52272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077a52301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077a52792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077a527b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077a527d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077a5282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077a52890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077a52d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077a52d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077a53023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077a5323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077a533c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077a53a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077a53ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077a53b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077a53d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077a54190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077aa1380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077aa1500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077aa1530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077aa1700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077aa1f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073f613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073f6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073f616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073f616e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073f619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073f619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073f61a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073f61a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073f61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073f61a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077a511f5 8 bytes {JMP 0xd}
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077a51390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077a5143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077a5158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077a5191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077a51b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077a51bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077a51d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077a51eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077a51edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077a51f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077a51fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077a51fd7 8 bytes {JMP 0xb}
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077a52272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077a52301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077a52792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077a527b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077a527d2 8 bytes {JMP 0x10}
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077a5282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077a52890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077a52d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077a52d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077a53023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077a5323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077a533c0 16 bytes {JMP 0x4e}
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077a53a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077a53ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077a53b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077a53d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077a54190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077aa1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077aa1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077aa1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077aa1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077aa1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073f613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073f6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073f616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073f616e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073f619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073f619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073f61a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073f61a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073f61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073f61a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Kernel IAT/EAT - GMER 2.1 ----
IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff880048f8fb0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002683115883
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002683115883 (not active ControlSet)
---- EOF - GMER 2.1 ----
15.07.2014, 22:57
Baum-Darstellung