GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-06-14 20:32:03 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB Running: gmer.exe; Driver: C:\Users\cfirek\AppData\Local\Temp\kwrdapog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!EngCreateDeviceSurface + 76 fffff960000a7710 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Windows\System32\win32k.sys!XFORMOBJ_iGetFloatObjXform + 80 fffff960000afc40 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Windows\System32\win32k.sys!XFORMOBJ_iGetFloatObjXform + 496 fffff960000afde0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000164d00 7 bytes [00, 89, F3, FF, C1, 98, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000164d08 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1880] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000772a1401 2 bytes JMP 7713b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1880] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000772a1419 2 bytes JMP 7713b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1880] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000772a1431 2 bytes JMP 771b8f29 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1880] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000772a144a 2 bytes CALL 7711489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1880] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000772a14dd 2 bytes JMP 771b8822 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1880] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000772a14f5 2 bytes JMP 771b89f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1880] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000772a150d 2 bytes JMP 771b8718 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1880] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000772a1525 2 bytes JMP 771b8ae2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1880] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000772a153d 2 bytes JMP 7712fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1880] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000772a1555 2 bytes JMP 771368ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1880] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000772a156d 2 bytes JMP 771b8fe3 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1880] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000772a1585 2 bytes JMP 771b8b42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1880] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000772a159d 2 bytes JMP 771b86dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1880] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000772a15b5 2 bytes JMP 7712fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1880] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000772a15cd 2 bytes JMP 7713b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1880] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000772a16b2 2 bytes JMP 771b8ea4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1880] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000772a16bd 2 bytes JMP 771b8671 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000772a1401 2 bytes JMP 7713b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1944] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000772a1419 2 bytes JMP 7713b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000772a1431 2 bytes JMP 771b8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000772a144a 2 bytes CALL 7711489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1944] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772a14dd 2 bytes JMP 771b8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772a14f5 2 bytes JMP 771b89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1944] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000772a150d 2 bytes JMP 771b8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000772a1525 2 bytes JMP 771b8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000772a153d 2 bytes JMP 7712fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1944] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000772a1555 2 bytes JMP 771368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000772a156d 2 bytes JMP 771b8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000772a1585 2 bytes JMP 771b8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1944] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000772a159d 2 bytes JMP 771b86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772a15b5 2 bytes JMP 7712fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772a15cd 2 bytes JMP 7713b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772a16b2 2 bytes JMP 771b8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772a16bd 2 bytes JMP 771b8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\XTab\ProtectService.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000772a1401 2 bytes JMP 7713b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\XTab\ProtectService.exe[952] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000772a1419 2 bytes JMP 7713b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\XTab\ProtectService.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000772a1431 2 bytes JMP 771b8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\XTab\ProtectService.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000772a144a 2 bytes CALL 7711489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\XTab\ProtectService.exe[952] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772a14dd 2 bytes JMP 771b8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\XTab\ProtectService.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772a14f5 2 bytes JMP 771b89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\XTab\ProtectService.exe[952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000772a150d 2 bytes JMP 771b8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\XTab\ProtectService.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000772a1525 2 bytes JMP 771b8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\XTab\ProtectService.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000772a153d 2 bytes JMP 7712fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\XTab\ProtectService.exe[952] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000772a1555 2 bytes JMP 771368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\XTab\ProtectService.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000772a156d 2 bytes JMP 771b8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\XTab\ProtectService.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000772a1585 2 bytes JMP 771b8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\XTab\ProtectService.exe[952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000772a159d 2 bytes JMP 771b86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\XTab\ProtectService.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772a15b5 2 bytes JMP 7712fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\XTab\ProtectService.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772a15cd 2 bytes JMP 7713b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\XTab\ProtectService.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772a16b2 2 bytes JMP 771b8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\XTab\ProtectService.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772a16bd 2 bytes JMP 771b8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000779313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077931544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000779318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077931ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077931d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077931e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077931f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077932238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 0000000077932683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779326c2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007793271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077932788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 4 .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077932b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077932b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007793306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000779331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 000000007793388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000779338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000779339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077933f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077934001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077934075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000779341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000779341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 0000000077934461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 000000007793464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077934713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077934807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077934926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077934a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077934aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077934ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077934ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077934fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 0000000077935193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077935f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 0000000077936016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007793610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000779362fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 000000007793633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077936354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000779363ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077936b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007797dc80 8 bytes {JMP QWORD [RIP-0x47949]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007797de00 8 bytes {JMP QWORD [RIP-0x47ab2]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007797de30 8 bytes {JMP QWORD [RIP-0x47e20]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007797df50 8 bytes {JMP QWORD [RIP-0x47c5a]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007797e000 8 bytes {JMP QWORD [RIP-0x47ef8]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007797e630 8 bytes {JMP QWORD [RIP-0x47102]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007797e880 8 bytes {JMP QWORD [RIP-0x47d10]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007797f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000740513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007405146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000740516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000740519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000740519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074051a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000772a1401 2 bytes JMP 7713b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000772a1419 2 bytes JMP 7713b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000772a1431 2 bytes JMP 771b8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000772a144a 2 bytes CALL 7711489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772a14dd 2 bytes JMP 771b8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772a14f5 2 bytes JMP 771b89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000772a150d 2 bytes JMP 771b8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000772a1525 2 bytes JMP 771b8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000772a153d 2 bytes JMP 7712fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000772a1555 2 bytes JMP 771368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000772a156d 2 bytes JMP 771b8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000772a1585 2 bytes JMP 771b8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000772a159d 2 bytes JMP 771b86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772a15b5 2 bytes JMP 7712fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772a15cd 2 bytes JMP 7713b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772a16b2 2 bytes JMP 771b8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772a16bd 2 bytes JMP 771b8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000779313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077931544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000779318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077931ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077931d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077931e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077931f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077932238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 0000000077932683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779326c2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007793271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077932788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 4 .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077932b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077932b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007793306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000779331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 000000007793388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000779338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000779339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077933f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077934001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077934075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000779341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000779341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 0000000077934461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 000000007793464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077934713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077934807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077934926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077934a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077934aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077934ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077934ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077934fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 0000000077935193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077935f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 0000000077936016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007793610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000779362fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 000000007793633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077936354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000779363ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077936b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007797dc80 8 bytes {JMP QWORD [RIP-0x47949]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007797de00 8 bytes {JMP QWORD [RIP-0x47ab2]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007797de30 8 bytes {JMP QWORD [RIP-0x47e20]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007797df50 8 bytes {JMP QWORD [RIP-0x47c5a]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007797e000 8 bytes {JMP QWORD [RIP-0x47ef8]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007797e630 8 bytes {JMP QWORD [RIP-0x47102]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007797e880 8 bytes {JMP QWORD [RIP-0x47d10]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007797f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000740513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007405146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000740516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000740519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000740519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[4444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074051a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000779313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077931544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000779318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077931ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077931d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077931e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077931f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077932238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 0000000077932683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779326c2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007793271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077932788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077932b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077932b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007793306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000779331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 000000007793388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000779338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000779339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077933f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077934001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077934075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000779341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000779341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 0000000077934461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 000000007793464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077934713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077934807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077934926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077934a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077934aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077934ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077934ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077934fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 0000000077935193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077935f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 0000000077936016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007793610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000779362fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 000000007793633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077936354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000779363ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077936b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007797dc80 8 bytes {JMP QWORD [RIP-0x47949]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007797de00 8 bytes {JMP QWORD [RIP-0x47ab2]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007797de30 8 bytes {JMP QWORD [RIP-0x47e20]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007797df50 8 bytes {JMP QWORD [RIP-0x47c5a]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007797e000 8 bytes {JMP QWORD [RIP-0x47ef8]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007797e630 8 bytes {JMP QWORD [RIP-0x47102]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007797e880 8 bytes {JMP QWORD [RIP-0x47d10]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007797f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000740513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007405146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000740516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000740519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000740519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074051a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000779313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077931544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000779318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077931ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077931d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077931e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077931f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077932238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 0000000077932683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779326c2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007793271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077932788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077932b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077932b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007793306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000779331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 000000007793388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000779338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000779339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077933f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077934001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077934075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000779341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000779341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 0000000077934461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 000000007793464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077934713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077934807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077934926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077934a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077934aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077934ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077934ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077934fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 0000000077935193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077935f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 0000000077936016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007793610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000779362fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 000000007793633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077936354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000779363ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077936b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007797dc80 8 bytes {JMP QWORD [RIP-0x47949]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007797de00 8 bytes {JMP QWORD [RIP-0x47ab2]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007797de30 8 bytes {JMP QWORD [RIP-0x47e20]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007797df50 8 bytes {JMP QWORD [RIP-0x47c5a]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007797e000 8 bytes {JMP QWORD [RIP-0x47ef8]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007797e630 8 bytes {JMP QWORD [RIP-0x47102]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007797e880 8 bytes {JMP QWORD [RIP-0x47d10]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007797f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000740513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007405146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000740516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000740519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000740519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074051a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000779313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077931544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000779318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077931ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077931d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077931e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077931f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077932238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 0000000077932683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779326c2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007793271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077932788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 4 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077932b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077932b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007793306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000779331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 000000007793388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000779338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000779339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077933f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077934001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077934075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000779341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000779341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 0000000077934461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 000000007793464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077934713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077934807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077934926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077934a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077934aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077934ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077934ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077934fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 0000000077935193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077935f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 0000000077936016 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007793610e 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000779362fc 8 bytes [50, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 000000007793633d 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077936354 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000779363ac 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077936b76 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007797dc80 8 bytes {JMP QWORD [RIP-0x47949]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007797de00 8 bytes {JMP QWORD [RIP-0x47ab2]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007797de30 8 bytes {JMP QWORD [RIP-0x47e20]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007797df50 8 bytes {JMP QWORD [RIP-0x47c5a]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007797e000 8 bytes {JMP QWORD [RIP-0x47ef8]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007797e630 8 bytes {JMP QWORD [RIP-0x47102]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007797e880 8 bytes {JMP QWORD [RIP-0x47d10]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007797f0e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000740513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007405146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000740516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000740519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000740519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[2692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074051a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000779313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077931544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000779318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077931ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077931d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077931e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077931f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077932238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 0000000077932683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779326c2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007793271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077932788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 4 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077932b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077932b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007793306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000779331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 000000007793388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000779338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000779339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077933f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077934001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077934075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000779341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000779341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 0000000077934461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 000000007793464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077934713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077934807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077934926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077934a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077934aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077934ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077934ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077934fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 0000000077935193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077935f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 0000000077936016 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007793610e 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000779362fc 8 bytes [50, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 000000007793633d 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077936354 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000779363ac 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077936b76 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007797dc80 8 bytes {JMP QWORD [RIP-0x47949]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007797de00 8 bytes {JMP QWORD [RIP-0x47ab2]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007797de30 8 bytes {JMP QWORD [RIP-0x47e20]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007797df50 8 bytes {JMP QWORD [RIP-0x47c5a]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007797e000 8 bytes {JMP QWORD [RIP-0x47ef8]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007797e630 8 bytes {JMP QWORD [RIP-0x47102]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007797e880 8 bytes {JMP QWORD [RIP-0x47d10]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007797f0e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000740513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007405146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000740516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000740519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000740519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2296] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074051a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000779313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077931544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000779318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077931ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077931d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077931e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077931f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077932238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 0000000077932683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779326c2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007793271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077932788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 4 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077932b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077932b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007793306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000779331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 000000007793388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000779338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000779339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077933f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077934001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077934075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000779341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000779341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 0000000077934461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 000000007793464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077934713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077934807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077934926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077934a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077934aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077934ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077934ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077934fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 0000000077935193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077935f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 0000000077936016 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007793610e 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000779362fc 8 bytes [50, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 000000007793633d 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077936354 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000779363ac 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077936b76 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007797dc80 8 bytes {JMP QWORD [RIP-0x47949]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007797de00 8 bytes {JMP QWORD [RIP-0x47ab2]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007797de30 8 bytes {JMP QWORD [RIP-0x47e20]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007797df50 8 bytes {JMP QWORD [RIP-0x47c5a]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007797e000 8 bytes {JMP QWORD [RIP-0x47ef8]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007797e630 8 bytes {JMP QWORD [RIP-0x47102]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007797e880 8 bytes {JMP QWORD [RIP-0x47d10]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007797f0e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000740513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007405146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000740516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000740519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000740519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074051a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000779313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077931544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000779318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077931ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077931d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077931e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077931f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077932238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 0000000077932683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779326c2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007793271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077932788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 4 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077932b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077932b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007793306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000779331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 000000007793388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000779338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000779339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077933f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077934001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077934075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000779341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000779341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 0000000077934461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 000000007793464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077934713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077934807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077934926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077934a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077934aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077934ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077934ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077934fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 0000000077935193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077935f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 0000000077936016 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007793610e 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000779362fc 8 bytes [50, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 000000007793633d 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077936354 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000779363ac 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077936b76 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007797dc80 8 bytes {JMP QWORD [RIP-0x47949]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007797de00 8 bytes {JMP QWORD [RIP-0x47ab2]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007797de30 8 bytes {JMP QWORD [RIP-0x47e20]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007797df50 8 bytes {JMP QWORD [RIP-0x47c5a]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007797e000 8 bytes {JMP QWORD [RIP-0x47ef8]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007797e630 8 bytes {JMP QWORD [RIP-0x47102]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007797e880 8 bytes {JMP QWORD [RIP-0x47d10]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007797f0e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000740513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007405146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000740516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000740519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000740519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074051a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000779313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077931544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000779318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077931ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077931d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077931e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077931f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077932238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 0000000077932683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779326c2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007793271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077932788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 4 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077932b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077932b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007793306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000779331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 000000007793388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000779338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000779339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077933f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077934001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077934075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000779341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000779341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 0000000077934461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 000000007793464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077934713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077934807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077934926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077934a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077934aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077934ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077934ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077934fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 0000000077935193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077935f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 0000000077936016 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007793610e 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000779362fc 8 bytes [50, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 000000007793633d 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077936354 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000779363ac 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077936b76 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007797dc80 8 bytes {JMP QWORD [RIP-0x47949]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007797de00 8 bytes {JMP QWORD [RIP-0x47ab2]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007797de30 8 bytes {JMP QWORD [RIP-0x47e20]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007797df50 8 bytes {JMP QWORD [RIP-0x47c5a]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007797e000 8 bytes {JMP QWORD [RIP-0x47ef8]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007797e630 8 bytes {JMP QWORD [RIP-0x47102]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007797e880 8 bytes {JMP QWORD [RIP-0x47d10]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007797f0e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000740513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007405146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000740516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000740519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000740519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074051a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000779313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077931544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000779318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077931ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077931d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077931e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077931f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077932238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 0000000077932683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779326c2 8 bytes {JMP 0x10} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007793271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077932788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 4 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077932b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077932b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007793306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000779331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 000000007793388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000779338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000779339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077933f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077934001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077934075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000779341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000779341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 0000000077934461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 000000007793464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077934713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077934807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077934926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077934a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077934aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077934ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077934ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077934fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 0000000077935193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077935f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 0000000077936016 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007793610e 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000779362fc 8 bytes [50, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 000000007793633d 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077936354 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000779363ac 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077936b76 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007797dc80 8 bytes {JMP QWORD [RIP-0x47949]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007797de00 8 bytes {JMP QWORD [RIP-0x47ab2]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007797de30 8 bytes {JMP QWORD [RIP-0x47e20]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007797df50 8 bytes {JMP QWORD [RIP-0x47c5a]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007797e000 8 bytes {JMP QWORD [RIP-0x47ef8]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007797e630 8 bytes {JMP QWORD [RIP-0x47102]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007797e880 8 bytes {JMP QWORD [RIP-0x47d10]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007797f0e0 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000740513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007405146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000740516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000740519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000740519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[2952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074051a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000779313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077931544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000779318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077931ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077931d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077931e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077931f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077932238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 0000000077932683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779326c2 8 bytes {JMP 0x10} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007793271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077932788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 4 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077932b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077932b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007793306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000779331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 000000007793388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000779338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000779339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077933f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077934001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077934075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000779341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000779341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 0000000077934461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 000000007793464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077934713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077934807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077934926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077934a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077934aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077934ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077934ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077934fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 0000000077935193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077935f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 0000000077936016 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007793610e 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000779362fc 8 bytes [50, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 000000007793633d 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077936354 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000779363ac 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077936b76 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007797dc80 8 bytes {JMP QWORD [RIP-0x47949]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007797de00 8 bytes {JMP QWORD [RIP-0x47ab2]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007797de30 8 bytes {JMP QWORD [RIP-0x47e20]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007797df50 8 bytes {JMP QWORD [RIP-0x47c5a]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007797e000 8 bytes {JMP QWORD [RIP-0x47ef8]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007797e630 8 bytes {JMP QWORD [RIP-0x47102]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007797e880 8 bytes {JMP QWORD [RIP-0x47d10]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007797f0e0 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000740513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007405146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000740516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000740519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000740519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe[1028] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074051a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000779313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077931544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000779318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077931ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077931d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077931e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077931f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077932238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 0000000077932683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779326c2 8 bytes {JMP 0x10} .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007793271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077932788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 4 .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077932b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077932b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007793306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000779331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 000000007793388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000779338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000779339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077933f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077934001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077934075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000779341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000779341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 0000000077934461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 000000007793464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077934713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077934807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077934926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077934a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077934aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077934ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077934ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077934fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 0000000077935193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077935f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 0000000077936016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007793610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000779362fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 000000007793633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077936354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000779363ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077936b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007797dc80 8 bytes {JMP QWORD [RIP-0x47949]} .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007797de00 8 bytes {JMP QWORD [RIP-0x47ab2]} .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007797de30 8 bytes {JMP QWORD [RIP-0x47e20]} .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007797df50 8 bytes {JMP QWORD [RIP-0x47c5a]} .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007797e000 8 bytes {JMP QWORD [RIP-0x47ef8]} .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007797e630 8 bytes {JMP QWORD [RIP-0x47102]} .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007797e880 8 bytes {JMP QWORD [RIP-0x47d10]} .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007797f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]} .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000740513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007405146b 8 bytes {JMP 0xffffffffffffffb0} .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000740516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000740519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000740519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\download\gmer\gmer.exe[3880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074051a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88004731ec0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [3656:2604] 000007feeffe9688 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1604] (GG drive overlay/GG Network S.A.)(2015-03-31 19:44:40) 000000005c080000 Library C:\Users\cfirek\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1604] (GG drive menu/GG Network S.A.)(2 000000005ff80000 Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Program Files\NetLimiter 3\NLClientApp.exe [1152] (GG drive overlay/GG Network S.A.)(2015-03-31 19:44:40) 000000005c080000 Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Program Files\totalcmd\TOTALCMD64.EXE [2640] (GG drive overlay/GG Network S.A.)(2015-03-31 19:44:40) 000000005c080000 Library C:\Users\cfirek\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Program Files\totalcmd\TOTALCMD64.EXE [2640] (GG drive menu/GG Network S.A.)(2015-03-26 03:46:34) 000000005ff80000 ---- EOF - GMER 2.1 ----