GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-16 16:44:39 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AX00 931,51GB Running: 6e8rhv01.exe; Driver: C:\Users\Optimus\AppData\Local\Temp\fftiipoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!XLATEOBJ_iXlate + 658 fffff9600012b826 6 bytes {JMP QWORD [RIP+0x12d7bc]} .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000174200 7 bytes [40, A3, F3, FF, 01, B5, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000174208 3 bytes [C0, 06, 02] .text ... * 107 .text C:\Windows\System32\win32k.sys!CLIPOBJ_cEnumStart + 756 fffff9600022c918 8 bytes [58, D0, EC, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngAcquireSemaphoreNoWait + 76 fffff9600022cfb8 8 bytes [14, D1, EC, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngIsSemaphoreSharedByCurrentThread + 24 fffff9600022d098 8 bytes [80, D4, EC, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngDeleteSafeSemaphore + 52 fffff9600022d168 8 bytes [EC, E1, EC, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngQueryW32kCddInterface + 778 fffff960002334c6 6 bytes {JMP QWORD [RIP+0x4184c]} .text C:\Windows\System32\win32k.sys!EngCreateDeviceBitmap + 52 fffff96000235028 8 bytes [E4, D4, EC, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngModifySurface + 972 fffff96000235488 8 bytes [A4, DA, EC, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngCTGetCurrentGamma + 40 fffff96000239958 8 bytes [E0, D1, EC, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngCreateRectRgn + 48 fffff9600023db88 8 bytes [C0, D9, EC, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngGetFileChangeTime + 305 fffff9600023e489 7 bytes [DB, EC, 04, 80, F8, FF, FF] .text C:\Windows\System32\win32k.sys!EngGetCurrentCodePage + 16 fffff9600023e7e8 8 bytes [C4, CE, EC, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngQueryPalette + 192 fffff96000258658 8 bytes [D8, D7, EC, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngCreatePath + 156 fffff96000258fe8 8 bytes [F0, D8, EC, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngFntCacheFault + 520 fffff9600026dcd8 8 bytes [64, DF, EC, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngGetDriverName + 16 fffff9600026f828 8 bytes [C8, CD, EC, 04, 80, F8, FF, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077261465 2 bytes [26, 77] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772614bb 2 bytes [26, 77] .text ... * 2 .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000777711f5 8 bytes {JMP 0xd} .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077771390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007777143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007777158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007777191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077771b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077771bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077771d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077771eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077771edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077771f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077771fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077771fd7 8 bytes {JMP 0xb} .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077772272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077772301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077772792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000777727d2 8 bytes {JMP 0x10} .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007777282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077772890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077772d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077772d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077773023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007777323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000777733c0 16 bytes {JMP 0x4e} .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077773a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077773ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077773b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077773d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077774190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777c1380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000777c1500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777c1530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777c1650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777c1700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777c1d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000777c1f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777c27e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007382146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073821a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073821a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073821a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073821a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000777711f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077771390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007777143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007777158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007777191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077771b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077771bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077771d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077771eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077771edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077771f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077771fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077771fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077772272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077772301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077772792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000777727d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007777282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077772890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077772d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077772d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077773023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007777323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000777733c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077773a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077773ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077773b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077773d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077774190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777c1380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000777c1500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777c1530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777c1650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777c1700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777c1d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000777c1f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777c27e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007382146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073821a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073821a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073821a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073821a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000777711f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077771390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007777143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007777158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007777191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077771b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077771bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077771d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077771eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077771edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077771f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077771fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077771fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077772272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077772301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077772792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000777727d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007777282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077772890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077772d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077772d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077773023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007777323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000777733c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077773a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077773ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077773b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077773d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077774190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777c1380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000777c1500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777c1530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777c1650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777c1700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777c1d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000777c1f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777c27e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007382146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073821a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073821a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073821a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073821a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000777711f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077771390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007777143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007777158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007777191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077771b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077771bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077771d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077771eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077771edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077771f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077771fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077771fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077772272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077772301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077772792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000777727d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007777282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077772890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077772d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077772d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077773023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007777323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000777733c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077773a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077773ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077773b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077773d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077774190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777c1380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000777c1500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777c1530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777c1650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777c1700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777c1d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000777c1f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777c27e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007382146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073821a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073821a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073821a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073821a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000777711f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077771390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007777143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007777158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007777191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077771b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077771bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077771d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077771eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077771edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077771f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077771fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077771fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077772272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077772301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077772792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000777727d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007777282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077772890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077772d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077772d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077773023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007777323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000777733c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077773a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077773ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077773b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077773d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077774190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777c1380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000777c1500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777c1530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777c1650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777c1700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777c1d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000777c1f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777c27e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007382146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073821a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073821a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073821a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073821a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000777711f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077771390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007777143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007777158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007777191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077771b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077771bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077771d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077771eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077771edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077771f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077771fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077771fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077772272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077772301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077772792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000777727d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007777282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077772890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077772d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077772d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077773023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007777323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000777733c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077773a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077773ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077773b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077773d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077774190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777c1380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000777c1500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777c1530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777c1650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777c1700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777c1d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000777c1f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777c27e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007382146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073821a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073821a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073821a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073821a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077261465 2 bytes [26, 77] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772614bb 2 bytes [26, 77] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000777711f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077771390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007777143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007777158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007777191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077771b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077771bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077771d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077771eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077771edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077771f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077771fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077771fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077772272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077772301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077772792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000777727d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007777282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077772890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077772d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077772d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077773023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007777323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000777733c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077773a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077773ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077773b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077773d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077774190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777c1380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000777c1500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777c1530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777c1650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777c1700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777c1d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000777c1f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777c27e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007382146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073821a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073821a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073821a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5184] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073821a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000777711f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077771390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007777143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007777158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007777191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077771b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077771bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077771d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077771eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077771edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077771f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077771fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077771fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077772272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077772301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077772792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000777727d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007777282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077772890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077772d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077772d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077773023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007777323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000777733c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077773a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077773ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077773b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077773d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077774190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777c1380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000777c1500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777c1530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777c1650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777c1700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777c1d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000777c1f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777c27e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007382146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073821a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073821a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073821a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5208] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073821a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000777711f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077771390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007777143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007777158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007777191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077771b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077771bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077771d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077771eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077771edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077771f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077771fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077771fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077772272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077772301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077772792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000777727d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007777282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077772890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077772d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077772d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077773023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007777323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000777733c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077773a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077773ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077773b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077773d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077774190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777c1380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000777c1500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777c1530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777c1650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777c1700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777c1d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000777c1f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777c27e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007382146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073821a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073821a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073821a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5348] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073821a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000777711f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077771390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007777143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007777158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007777191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077771b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077771bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077771d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077771eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077771edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077771f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077771fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077771fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077772272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077772301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077772792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000777727d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007777282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077772890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077772d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077772d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077773023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007777323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000777733c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077773a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077773ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077773b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077773d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077774190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777c1380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000777c1500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777c1530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777c1650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777c1700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777c1d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000777c1f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777c27e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007382146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073821a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073821a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073821a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073821a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000777711f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077771390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007777143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007777158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007777191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077771b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077771bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077771d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077771eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077771edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077771f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077771fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077771fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077772272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077772301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077772792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000777727d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007777282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077772890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077772d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077772d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077773023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007777323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000777733c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077773a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077773ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077773b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077773d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077774190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777c1380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000777c1500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777c1530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777c1650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777c1700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777c1d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000777c1f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777c27e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007382146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073821a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073821a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073821a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073821a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000777711f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077771390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007777143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007777158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007777191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077771b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077771bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077771d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077771eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077771edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077771f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077771fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077771fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077772272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077772301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077772792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000777727d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007777282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077772890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077772d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077772d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077773023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007777323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000777733c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077773a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077773ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077773b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077773d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077774190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777c1380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000777c1500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777c1530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777c1650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777c1700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777c1d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000777c1f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777c27e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007382146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073821a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073821a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073821a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5848] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073821a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000777711f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077771390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007777143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007777158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007777191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077771b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077771bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077771d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077771eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077771edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077771f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077771fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077771fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077772272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077772301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077772792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000777727d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007777282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077772890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077772d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077772d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077773023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007777323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000777733c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077773a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077773ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077773b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077773d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077774190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777c1380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000777c1500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777c1530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777c1650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777c1700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777c1d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000777c1f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777c27e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007382146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073821a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073821a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073821a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073821a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000777711f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077771390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007777143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007777158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007777191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077771b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077771bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077771d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077771eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077771edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077771f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077771fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077771fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077772272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077772301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077772792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000777727d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007777282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077772890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077772d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077772d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077773023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007777323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000777733c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077773a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077773ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077773b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077773d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077774190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777c1380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000777c1500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777c1530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777c1650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777c1700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777c1d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000777c1f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777c27e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007382146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073821a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073821a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073821a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073821a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000777711f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077771390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007777143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007777158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007777191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077771b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077771bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077771d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077771eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077771edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077771f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077771fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077771fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077772272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077772301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077772792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000777727d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007777282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077772890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077772d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077772d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077773023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007777323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000777733c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077773a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077773ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077773b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077773d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077774190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777c1380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000777c1500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777c1530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777c1650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777c1700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777c1d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000777c1f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777c27e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007382146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073821a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073821a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073821a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6964] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073821a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000777711f5 8 bytes {JMP 0xd} .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077771390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007777143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007777158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007777191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077771b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077771bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077771d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077771eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077771edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077771f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077771fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077771fd7 8 bytes {JMP 0xb} .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077772272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077772301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077772792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000777727d2 8 bytes {JMP 0x10} .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007777282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077772890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077772d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077772d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077773023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007777323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000777733c0 16 bytes {JMP 0x4e} .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077773a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077773ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077773b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077773d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077774190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777c1380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000777c1500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777c1530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777c1650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777c1700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777c1d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000777c1f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777c27e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007382146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073821a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073821a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073821a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073821a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077261465 2 bytes [26, 77] .text C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe[2784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772614bb 2 bytes [26, 77] .text ... * 2 .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000777711f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077771390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007777143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007777158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007777191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077771b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077771bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077771d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077771eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077771edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077771f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077771fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077771fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077772272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077772301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077772792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000777727d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007777282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077772890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077772d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077772d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077773023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007777323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000777733c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077773a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077773ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077773b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077773d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077774190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777c1380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000777c1500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777c1530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777c1650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777c1700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777c1d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000777c1f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777c27e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007382146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073821a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073821a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073821a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073821a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077261465 2 bytes [26, 77] .text C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772614bb 2 bytes [26, 77] .text ... * 2 .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000777711f5 8 bytes {JMP 0xd} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077771390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007777143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007777158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007777191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077771b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077771bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077771d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077771eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077771edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077771f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077771fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077771fd7 8 bytes {JMP 0xb} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077772272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077772301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077772792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000777727d2 8 bytes {JMP 0x10} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007777282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077772890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077772d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077772d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077773023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007777323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000777733c0 16 bytes {JMP 0x4e} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077773a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077773ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077773b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077773d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077774190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777c1380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000777c1500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777c1530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777c1650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777c1700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777c1d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000777c1f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777c27e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000738213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007382146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000738216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000738216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000738219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000738219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073821a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073821a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073821a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073821a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 1 000000007796fc81 3 bytes [BC, 3A, 19] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007796fc85 2 bytes {JMP RAX} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 1 000000007796fe15 3 bytes [65, 39, 19] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 5 000000007796fe19 2 bytes {JMP RAX} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread + 1 000000007796ff25 3 bytes [F8, 39, 19] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread + 5 000000007796ff29 2 bytes {JMP RAX} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 1 000000007796ffa5 3 bytes [ED, 3A, 19] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 000000007796ffa9 2 bytes {JMP RAX} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 1 0000000077970005 3 bytes [96, 39, 19] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 5 0000000077970009 2 bytes {JMP RAX} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 1 00000000779708a5 3 bytes [C7, 39, 19] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 5 00000000779708a9 2 bytes {JMP RAX} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 1 0000000077970ed9 3 bytes [1E, 3B, 19] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 5 0000000077970edd 2 bytes {JMP RAX} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThreadEx + 1 00000000779715d5 3 bytes [29, 3A, 19] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThreadEx + 5 00000000779715d9 2 bytes {JMP RAX} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 1 0000000077971921 3 bytes [5A, 3A, 19] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 5 0000000077971925 2 bytes {JMP RAX} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 1 0000000077971be5 3 bytes [80, 3B, 19] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 5 0000000077971be9 2 bytes {JMP RAX} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemTime + 1 0000000077971c15 3 bytes [4F, 3B, 19] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemTime + 5 0000000077971c19 2 bytes {JMP RAX} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\syswow64\USER32.dll!GetPropW + 126 00000000772872a5 3 bytes [13, 3C, 19] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\syswow64\USER32.dll!GetPropW + 130 00000000772872a9 2 bytes {JMP RAX} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\syswow64\USER32.dll!RegisterClassW + 379 0000000077288be0 3 bytes [44, 3C, 19] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\syswow64\USER32.dll!RegisterClassW + 383 0000000077288be4 2 bytes {JMP RAX} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\syswow64\USER32.dll!TranslateAcceleratorW + 64 0000000077291286 3 bytes [E2, 3B, 19] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\syswow64\USER32.dll!TranslateAcceleratorW + 68 000000007729128a 2 bytes {JMP RAX} .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\syswow64\USER32.dll!SendInput + 1 00000000772aff4b 3 bytes [75, 3C, 19] .text C:\Users\Optimus\Desktop\6e8rhv01.exe[6300] C:\Windows\syswow64\USER32.dll!SendInput + 5 00000000772aff4f 2 bytes {JMP RAX} ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88004f30fb0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ????????r?????????????????????F??????i??????wpdfs.inf???????el???????????????????????????????????????????????????????E??UT???????????????????????????g???i???e???????????,????????d???????R??????????????????????????S??v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|App=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31024|Desc=@FirewallAPI.dll,-31010|EmbedCtxt=@FirewallAPI.dll,-31002|????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Battle.net\Battle.net.exe|Name=Battle.net|???&??????????????????????????????s.??f????????????c???h??????????????????????oem74.inf:IntelAudio.NTAMD64:INTAUD_WEX:2.1.31.0:{4d36e96c-e325-11ce-bfc1-08002be10318}\*intaudwaveex???{00000000-0000-0000-0000-000000000000}??????{aa3519af-4e80-5ad3-963e-a29d7152e504}?000????????????*??????f?????????ns???????????????????????????????????????????s???.NT?????? ??????????????????{eec5ad98-8080-425f-922a-dabf3de3f69a}?I.d????????????b???????? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d43205c7d Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d43205c7d (not active ControlSet) ---- Files - GMER 2.1 ---- File C:\Users\Optimus\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\E769.tmp 0 bytes File C:\Users\Optimus\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\E76A.tmp 0 bytes File C:\Users\Optimus\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\7228.tmp 0 bytes File C:\Users\Optimus\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\7239.tmp 0 bytes ---- EOF - GMER 2.1 ----