GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-05-29 06:56:12 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 PLEXTOR_ rev.1.03 119,24GB Running: utpffnj8.exe; Driver: C:\TEMP\fwliipoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000777bfaa8 5 bytes JMP 0000000171e518dd .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777c0038 5 bytes JMP 0000000171e51ed6 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1880] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize + 779 0000000076fdb9f8 4 bytes [0B, 26, E5, 71] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b91465 2 bytes [B9, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b914bb 2 bytes [B9, 76] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd748ef0 5 bytes JMP 000007fffd6c00b8 .text C:\Windows\system32\taskhost.exe[2856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd74bfd0 5 bytes JMP 000007fffd6c0038 .text C:\Windows\system32\taskhost.exe[2856] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe647490 5 bytes JMP 000007fffd6c0138 .text C:\Windows\system32\taskhost.exe[2856] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefb13a38c 5 bytes JMP 000007fefd6c02b8 .text C:\Windows\system32\taskhost.exe[2856] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefb154b60 5 bytes JMP 000007fefd6c0238 .text C:\Windows\system32\taskhost.exe[2856] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefb154ba0 5 bytes JMP 000007fefd6c01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe[3412] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000774b6440 5 bytes JMP 0000000169ff0038 .text C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe[3412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd748ef0 5 bytes JMP 000007fffd7300b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe[3412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd74bfd0 5 bytes JMP 000007fffd730038 .text C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe[3412] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefb13a38c 5 bytes JMP 000007fefd7302b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe[3412] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefb154b60 5 bytes JMP 000007fefd730238 .text C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe[3412] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefb154ba0 5 bytes JMP 000007fefd7301b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe[3412] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe647490 5 bytes JMP 000007fffd730138 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3480] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000774b6440 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3480] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd748ef0 5 bytes JMP 000007fffd7300b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3480] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd74bfd0 5 bytes JMP 000007fffd730038 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3480] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefb13a38c 5 bytes JMP 000007fefd7302b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3480] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefb154b60 5 bytes JMP 000007fefd730238 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3480] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefb154ba0 5 bytes JMP 000007fefd7301b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3480] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe647490 5 bytes JMP 000007fffd730138 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3508] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000774b6440 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3508] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd748ef0 5 bytes JMP 000007fffd7300b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3508] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd74bfd0 5 bytes JMP 000007fffd730038 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3508] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefb13a38c 5 bytes JMP 000007fefd7302b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3508] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefb154b60 5 bytes JMP 000007fefd730238 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3508] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefb154ba0 5 bytes JMP 000007fefd7301b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3508] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe647490 5 bytes JMP 000007fffd730138 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3808] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd748ef0 5 bytes JMP 000007fffd7300b8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3808] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd74bfd0 5 bytes JMP 000007fffd730038 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3920] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000774b6440 5 bytes JMP 0000000169ff0038 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3920] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd748ef0 5 bytes JMP 000007fffd7300b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3920] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd74bfd0 5 bytes JMP 000007fffd730038 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3920] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefb13a38c 5 bytes JMP 000007fefd7302b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3920] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefb154b60 5 bytes JMP 000007fefd730238 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3920] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefb154ba0 5 bytes JMP 000007fefd7301b8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b91465 2 bytes [B9, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b914bb 2 bytes [B9, 76] .text ... * 2 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4128] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076b91465 2 bytes [B9, 76] .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4128] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076b914bb 2 bytes [B9, 76] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000775c11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000775c1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775c143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000775c158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000775c191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000775c1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000775c1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775c1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000775c1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775c1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000775c1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000775c1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000775c1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000775c2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000775c2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000775c2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000775c27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000775c27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000775c282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000775c2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000775c2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000775c2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000775c3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000775c323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000775c33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000775c3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000775c3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000775c3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000775c3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000775c4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077611380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077611500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077611530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077611650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077611700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077611d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077611f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776127e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000071e713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000071e7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000071e716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000071e716e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000071e719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000071e719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000071e71a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000071e71a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000071e71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000071e71a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 00000000768c48db 5 bytes JMP 00000001100027c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 00000000768c48f3 5 bytes JMP 00000001100028a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 00000000768c4925 5 bytes JMP 0000000110002830 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4820] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000766f9d0b 5 bytes JMP 0000000110002900 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000775c11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000775c1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775c143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000775c158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000775c191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000775c1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000775c1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775c1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000775c1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775c1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000775c1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000775c1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000775c1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000775c2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000775c2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000775c2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000775c27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000775c27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000775c282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000775c2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000775c2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000775c2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000775c3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000775c323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000775c33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000775c3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000775c3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000775c3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000775c3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000775c4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077611380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077611500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077611530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077611650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077611700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077611d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077611f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776127e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000071e713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000071e7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000071e716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000071e716e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000071e719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000071e719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000071e71a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000071e71a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000071e71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000071e71a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExA 00000000768c48db 5 bytes JMP 00000001100027c0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryW 00000000768c48f3 5 bytes JMP 00000001100028a0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExW 00000000768c4925 5 bytes JMP 0000000110002830 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4848] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000766f9d0b 5 bytes JMP 0000000110002900 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000775c11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000775c1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775c143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000775c158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000775c191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000775c1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000775c1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775c1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000775c1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775c1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000775c1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000775c1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000775c1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000775c2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000775c2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000775c2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000775c27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000775c27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000775c282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000775c2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000775c2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000775c2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000775c3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000775c323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000775c33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000775c3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000775c3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000775c3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000775c3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000775c4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077611380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077611500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077611530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077611650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077611700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077611d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077611f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776127e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000071e713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000071e7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000071e716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000071e716e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000071e719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000071e719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000071e71a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000071e71a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000071e71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000071e71a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 00000000768c48db 5 bytes JMP 00000001100027c0 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 00000000768c48f3 5 bytes JMP 00000001100028a0 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 00000000768c4925 5 bytes JMP 0000000110002830 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[4952] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000766f9d0b 5 bytes JMP 0000000110002900 .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000775c11f5 8 bytes {JMP 0xd} .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000775c1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775c143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000775c158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000775c191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000775c1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000775c1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775c1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000775c1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775c1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000775c1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000775c1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000775c1fd7 8 bytes {JMP 0xb} .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000775c2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000775c2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000775c2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000775c27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000775c27d2 8 bytes {JMP 0x10} .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000775c282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000775c2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000775c2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000775c2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000775c3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000775c323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000775c33c0 16 bytes {JMP 0x4e} .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000775c3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000775c3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000775c3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000775c3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000775c4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077611380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077611500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077611530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077611650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077611700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077611d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077611f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776127e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000071e713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000071e7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000071e716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000071e716e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000071e719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000071e719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000071e71a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000071e71a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000071e71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000071e71a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExA 00000000768c48db 5 bytes JMP 00000001100027c0 .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryW 00000000768c48f3 5 bytes JMP 00000001100028a0 .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExW 00000000768c4925 5 bytes JMP 0000000110002830 .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000766f9d0b 5 bytes JMP 0000000110002900 .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b91465 2 bytes [B9, 76] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b914bb 2 bytes [B9, 76] .text ... * 2 .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000775c11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000775c1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775c143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000775c158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000775c191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000775c1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000775c1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775c1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000775c1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775c1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000775c1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000775c1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000775c1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000775c2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000775c2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000775c2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000775c27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000775c27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000775c282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000775c2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000775c2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000775c2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000775c3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000775c323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000775c33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000775c3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000775c3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000775c3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000775c3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000775c4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077611380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077611500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077611530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077611650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077611700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077611d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077611f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776127e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000071e713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000071e7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000071e716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000071e716e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000071e719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000071e719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000071e71a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000071e71a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000071e71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000071e71a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b91465 2 bytes [B9, 76] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b914bb 2 bytes [B9, 76] .text ... * 2 .text C:\Windows\system32\igfxtray.exe[4436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd748ef0 5 bytes JMP 000007fffd7300b8 .text C:\Windows\system32\igfxtray.exe[4436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd74bfd0 5 bytes JMP 000007fffd730038 .text C:\Windows\system32\igfxtray.exe[4436] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe647490 5 bytes JMP 000007fffd730138 .text C:\Windows\system32\hkcmd.exe[2764] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd748ef0 5 bytes JMP 000007fffd7300b8 .text C:\Windows\system32\hkcmd.exe[2764] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd74bfd0 5 bytes JMP 000007fffd730038 .text C:\Windows\system32\hkcmd.exe[2764] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe647490 5 bytes JMP 000007fffd730138 .text C:\Windows\system32\igfxpers.exe[4832] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd748ef0 5 bytes JMP 000007fffd7300b8 .text C:\Windows\system32\igfxpers.exe[4832] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd74bfd0 5 bytes JMP 000007fffd730038 .text C:\Windows\system32\igfxpers.exe[4832] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe647490 5 bytes JMP 000007fffd730138 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2796] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000774b6440 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2796] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd748ef0 5 bytes JMP 000007fffd7300b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2796] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd74bfd0 5 bytes JMP 000007fffd730038 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2796] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe647490 5 bytes JMP 000007fffd730138 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2796] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefb13a38c 5 bytes JMP 000007fefd7302b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2796] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefb154b60 5 bytes JMP 000007fefd730238 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2796] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefb154ba0 5 bytes JMP 000007fefd7301b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2796] C:\Windows\system32\DSOUND.dll!DirectSoundCreate8 000007feebdd6944 5 bytes JMP 000007fefd7303b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2796] C:\Windows\system32\DSOUND.dll!DirectSoundCreate 000007feebdf5a84 5 bytes JMP 000007fefd730338 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[5116] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd748ef0 5 bytes JMP 000007fffd7300b8 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[5116] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd74bfd0 5 bytes JMP 000007fffd730038 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4388] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000774b6440 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4388] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd748ef0 5 bytes JMP 000007fffd7300b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4388] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd74bfd0 5 bytes JMP 000007fffd730038 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4388] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe647490 5 bytes JMP 000007fffd730138 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000775c11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000775c1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775c143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000775c158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000775c191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000775c1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000775c1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775c1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000775c1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775c1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000775c1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000775c1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000775c1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000775c2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000775c2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000775c2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000775c27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000775c27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000775c282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000775c2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000775c2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000775c2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000775c3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000775c323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000775c33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000775c3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000775c3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000775c3b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000775c3d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000775c4190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077611380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077611500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077611530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077611650 8 bytes JMP a23f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077611700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077611d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077611f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776127e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000071e713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000071e7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000071e716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000071e716e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000071e719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000071e719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000071e71a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000071e71a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000071e71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000071e71a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000775c11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000775c1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775c143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000775c158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000775c191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000775c1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000775c1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775c1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000775c1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775c1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000775c1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000775c1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000775c1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000775c2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000775c2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000775c2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000775c27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000775c27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000775c282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000775c2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000775c2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000775c2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000775c3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000775c323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000775c33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000775c3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000775c3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000775c3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000775c3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000775c4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077611380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077611500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077611530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077611650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077611700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077611d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077611f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776127e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000071e713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000071e7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000071e716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000071e716e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000071e719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000071e719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000071e71a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000071e71a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000071e71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000071e71a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 00000000768c48db 5 bytes JMP 00000001010c27c0 .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 00000000768c48f3 5 bytes JMP 00000001010c28a0 .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 00000000768c4925 5 bytes JMP 00000001010c2830 .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000766f9d0b 5 bytes JMP 00000001010c2900 .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b91465 2 bytes [B9, 76] .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[5468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b914bb 2 bytes [B9, 76] .text ... * 2 .text C:\Windows\system32\taskeng.exe[5132] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd748ef0 5 bytes JMP 000007fffd7300b8 .text C:\Windows\system32\taskeng.exe[5132] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd74bfd0 5 bytes JMP 000007fffd730038 .text C:\Windows\system32\taskeng.exe[5132] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe647490 5 bytes JMP 000007fffd730138 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000775c11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000775c1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775c143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000775c158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000775c191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000775c1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000775c1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775c1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000775c1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775c1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000775c1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000775c1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000775c1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000775c2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000775c2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000775c2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000775c27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000775c27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000775c282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000775c2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000775c2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000775c2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000775c3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000775c323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000775c33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000775c3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000775c3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000775c3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000775c3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000775c4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077611380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077611500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077611530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077611650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077611700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077611d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077611f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776127e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000071e713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000071e7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000071e716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000071e716e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000071e719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000071e719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000071e71a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000071e71a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000071e71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000071e71a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 00000000768c48db 5 bytes JMP 00000001100027c0 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 00000000768c48f3 5 bytes JMP 00000001100028a0 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 00000000768c4925 5 bytes JMP 0000000110002830 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000766f9d0b 5 bytes JMP 0000000110002900 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000072efadf9 5 bytes JMP 0000000110003440 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SysWOW64\WINMM.dll!waveOutPause 0000000072f15484 5 bytes JMP 00000001100034e0 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5256] C:\Windows\SysWOW64\WINMM.dll!waveOutRestart 0000000072f154b8 5 bytes JMP 0000000110003580 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5804] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000774b6440 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5804] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd748ef0 5 bytes JMP 000007fffd7300b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5804] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd74bfd0 5 bytes JMP 000007fffd730038 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5804] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefb13a38c 5 bytes JMP 000007fefd7302b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5804] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefb154b60 5 bytes JMP 000007fefd730238 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[5804] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefb154ba0 5 bytes JMP 000007fefd7301b8 .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000775c11f5 8 bytes {JMP 0xd} .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000775c1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775c143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000775c158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000775c191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000775c1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000775c1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775c1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000775c1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775c1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000775c1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000775c1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000775c1fd7 8 bytes {JMP 0xb} .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000775c2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000775c2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000775c2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000775c27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000775c27d2 8 bytes {JMP 0x10} .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000775c282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000775c2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000775c2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000775c2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000775c3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000775c323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000775c33c0 16 bytes {JMP 0x4e} .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000775c3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000775c3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000775c3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000775c3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000775c4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077611380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077611500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077611530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077611650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077611700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077611d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077611f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776127e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000071e713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000071e7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000071e716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000071e716e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000071e719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000071e719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000071e71a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000071e71a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000071e71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000071e71a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b91465 2 bytes [B9, 76] .text C:\Windows\SysWOW64\RunDll32.exe[5560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b914bb 2 bytes [B9, 76] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000775c11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000775c1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775c143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000775c158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000775c191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000775c1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000775c1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775c1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000775c1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775c1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000775c1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000775c1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000775c1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000775c2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000775c2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000775c2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000775c27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000775c27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000775c282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000775c2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000775c2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000775c2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000775c3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000775c323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000775c33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000775c3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000775c3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000775c3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000775c3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000775c4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077611380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077611500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077611530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077611650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077611700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077611d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077611f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776127e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000071e713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000071e7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000071e716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000071e716e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000071e719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000071e719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000071e71a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000071e71a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000071e71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000071e71a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000775c11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000775c1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775c143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000775c158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000775c191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000775c1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000775c1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775c1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000775c1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775c1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000775c1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000775c1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000775c1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000775c2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000775c2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000775c2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000775c27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000775c27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000775c282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000775c2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000775c2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000775c2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000775c3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000775c323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000775c33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000775c3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000775c3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000775c3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000775c3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000775c4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077611380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077611500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077611530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077611650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077611700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077611d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077611f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776127e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000071e713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000071e7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000071e716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000071e716e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000071e719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000071e719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000071e71a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000071e71a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000071e71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4520] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000071e71a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000775c11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000775c1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775c143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000775c158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000775c191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000775c1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000775c1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775c1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000775c1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775c1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000775c1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000775c1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000775c1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000775c2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000775c2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000775c2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000775c27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000775c27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000775c282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000775c2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000775c2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000775c2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000775c3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000775c323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000775c33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000775c3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000775c3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000775c3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000775c3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000775c4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077611380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077611500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077611530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077611650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077611700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077611d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077611f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776127e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000071e713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000071e7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000071e716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000071e716e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000071e719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000071e719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000071e71a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000071e71a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000071e71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000071e71a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\system32\wuauclt.exe[6664] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd748ef0 5 bytes JMP 000007fffd7300b8 .text C:\Windows\system32\wuauclt.exe[6664] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd74bfd0 5 bytes JMP 000007fffd730038 .text C:\Windows\system32\wuauclt.exe[6664] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe647490 5 bytes JMP 000007fffd730138 .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000775c11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000775c1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775c143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000775c158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000775c191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000775c1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000775c1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775c1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000775c1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775c1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000775c1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000775c1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000775c1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000775c2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000775c2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000775c2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000775c27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000775c27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000775c282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000775c2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000775c2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000775c2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000775c3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000775c323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000775c33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000775c3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000775c3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000775c3b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000775c3d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000775c4190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077611380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077611500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077611530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077611650 8 bytes JMP a23f3f3f .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077611700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077611d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077611f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776127e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000071e713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000071e7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000071e716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000071e716e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000071e719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000071e719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000071e71a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000071e71a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000071e71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[5300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000071e71a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000775c11f5 8 bytes {JMP 0xd} .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000775c1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775c143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000775c158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000775c191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000775c1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000775c1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775c1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000775c1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775c1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000775c1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000775c1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000775c1fd7 8 bytes {JMP 0xb} .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000775c2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000775c2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000775c2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000775c27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000775c27d2 8 bytes {JMP 0x10} .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000775c282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000775c2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000775c2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000775c2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000775c3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000775c323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000775c33c0 16 bytes {JMP 0x4e} .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000775c3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000775c3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000775c3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000775c3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000775c4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077611380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077611500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077611530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077611650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077611700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077611d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077611f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776127e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000071e713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000071e7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000071e716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000071e716e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000071e719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000071e719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000071e71a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000071e71a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000071e71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000071e71a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 00000000768c48db 5 bytes JMP 00000001100027c0 .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 00000000768c48f3 5 bytes JMP 00000001100028a0 .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 00000000768c4925 5 bytes JMP 0000000110002830 .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000766f9d0b 5 bytes JMP 0000000110002900 .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b91465 2 bytes [B9, 76] .text C:\Users\Maniek\Desktop\DIAGNOZA\GMER\utpffnj8.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b914bb 2 bytes [B9, 76] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88003737fb0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Threads - GMER 2.1 ---- Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4224] 00000000777f3e85 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4240] 00000000777f2e65 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4536] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4540] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4552] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4568] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4572] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4580] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4584] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4588] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4592] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4596] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4604] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4608] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4612] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4624] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4628] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4636] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4644] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4648] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4660] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4668] 00000000777f3e85 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:3772] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:5544] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:5464] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:2784] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:6400] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:6368] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:4560] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:1792] 00000000729029e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4208:3560] 00000000729029e1 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{080C1C88-D624-4B63-9B4F-21B7DFFB328B}\Connection@Name isatap.{8F657729-E7D9-406E-ADBC-DCCF786E3DFA} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{5BEACB26-DF01-4152-90A6-55557436768E}\Connection@Name isatap.{B409879A-3835-4DFD-82DC-7F694CDB0193} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{5BEACB26-DF01-4152-90A6-55557436768E}?\Device\{080C1C88-D624-4B63-9B4F-21B7DFFB328B}?\Device\{CDE0190B-BA30-442D-83E7-CEAA9911EDAC}?\Device\{91770C71-7763-42DF-A866-919069984E75}?\Device\{81326AE2-1018-4495-88CB-061117AFE6BE}?\Device\{4B18AEC3-63E6-4F8D-99AF-7710626A3D03}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{5BEACB26-DF01-4152-90A6-55557436768E}"?"{080C1C88-D624-4B63-9B4F-21B7DFFB328B}"?"{CDE0190B-BA30-442D-83E7-CEAA9911EDAC}"?"{91770C71-7763-42DF-A866-919069984E75}"?"{81326AE2-1018-4495-88CB-061117AFE6BE}"?"{4B18AEC3-63E6-4F8D-99AF-7710626A3D03}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{5BEACB26-DF01-4152-90A6-55557436768E}?\Device\TCPIP6TUNNEL_{080C1C88-D624-4B63-9B4F-21B7DFFB328B}?\Device\TCPIP6TUNNEL_{CDE0190B-BA30-442D-83E7-CEAA9911EDAC}?\Device\TCPIP6TUNNEL_{91770C71-7763-42DF-A866-919069984E75}?\Device\TCPIP6TUNNEL_{81326AE2-1018-4495-88CB-061117AFE6BE}?\Device\TCPIP6TUNNEL_{4B18AEC3-63E6-4F8D-99AF-7710626A3D03}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9d74ff4 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{080C1C88-D624-4B63-9B4F-21B7DFFB328B}@InterfaceName isatap.{8F657729-E7D9-406E-ADBC-DCCF786E3DFA} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{080C1C88-D624-4B63-9B4F-21B7DFFB328B}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{5BEACB26-DF01-4152-90A6-55557436768E}@InterfaceName isatap.{B409879A-3835-4DFD-82DC-7F694CDB0193} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{5BEACB26-DF01-4152-90A6-55557436768E}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\KLIF\Parameters@LastProcessedRevision 20202161 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 4113 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 808 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9d74ff4 (not active ControlSet) ---- Files - GMER 2.1 ---- File C:\TMP\tmp3237.tmp 0 bytes ---- EOF - GMER 2.1 ----