GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-06-01 10:52:51 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Crucial_ rev.MU02 238,47GB Running: cm3q4qwb.exe; Driver: C:\Users\Maniek\AppData\Local\Temp\afriipob.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b31401 2 bytes JMP 76e8b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1784] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b31419 2 bytes JMP 76e8b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b31431 2 bytes JMP 76f090f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b3144a 2 bytes CALL 76e648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1784] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b314dd 2 bytes JMP 76f089ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b314f5 2 bytes JMP 76f08bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b3150d 2 bytes JMP 76f088e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b31525 2 bytes JMP 76f08caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b3153d 2 bytes JMP 76e7fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1784] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b31555 2 bytes JMP 76e86937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b3156d 2 bytes JMP 76f091a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b31585 2 bytes JMP 76f08d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b3159d 2 bytes JMP 76f088a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b315b5 2 bytes JMP 76e7fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b315cd 2 bytes JMP 76e8b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b316b2 2 bytes JMP 76f0906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b316bd 2 bytes JMP 76f08839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b31401 2 bytes JMP 76e8b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1892] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b31419 2 bytes JMP 76e8b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b31431 2 bytes JMP 76f090f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b3144a 2 bytes CALL 76e648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1892] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b314dd 2 bytes JMP 76f089ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b314f5 2 bytes JMP 76f08bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b3150d 2 bytes JMP 76f088e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b31525 2 bytes JMP 76f08caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b3153d 2 bytes JMP 76e7fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1892] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b31555 2 bytes JMP 76e86937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b3156d 2 bytes JMP 76f091a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b31585 2 bytes JMP 76f08d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b3159d 2 bytes JMP 76f088a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b315b5 2 bytes JMP 76e7fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b315cd 2 bytes JMP 76e8b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b316b2 2 bytes JMP 76f0906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b316bd 2 bytes JMP 76f08839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3408] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075b31401 2 bytes JMP 76e8b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3408] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075b31419 2 bytes JMP 76e8b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3408] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075b31431 2 bytes JMP 76f090f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3408] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075b3144a 2 bytes CALL 76e648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3408] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075b314dd 2 bytes JMP 76f089ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3408] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075b314f5 2 bytes JMP 76f08bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3408] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075b3150d 2 bytes JMP 76f088e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3408] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075b31525 2 bytes JMP 76f08caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3408] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075b3153d 2 bytes JMP 76e7fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3408] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075b31555 2 bytes JMP 76e86937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3408] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075b3156d 2 bytes JMP 76f091a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3408] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075b31585 2 bytes JMP 76f08d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3408] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075b3159d 2 bytes JMP 76f088a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3408] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075b315b5 2 bytes JMP 76e7fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3408] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075b315cd 2 bytes JMP 76e8b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3408] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075b316b2 2 bytes JMP 76f0906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3408] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075b316bd 2 bytes JMP 76f08839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077e9fab8 5 bytes JMP 0000000071932e30 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077ea0048 5 bytes JMP 0000000071932df0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077ca1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077ca12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077ca1434 8 bytes [A0, 0B, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 0000000077ca17bf 7 bytes [0B, F4, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077ca19c4 8 bytes [80, 0B, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077ca1aa4 8 bytes [70, 0B, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077ca1c25 8 bytes [60, 0B, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077ca1d8f 8 bytes [50, 0B, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077ca1e75 8 bytes [40, 0B, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077ca20d8 8 bytes [30, 0B, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cebc00 8 bytes {JMP QWORD [RIP-0x4a162]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cebd80 8 bytes {JMP QWORD [RIP-0x4a161]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cebdb0 8 bytes {JMP QWORD [RIP-0x4a982]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cebed0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cebf80 8 bytes {JMP QWORD [RIP-0x4a7c8]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cec5b0 8 bytes {JMP QWORD [RIP-0x4a4de]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cec800 8 bytes {JMP QWORD [RIP-0x4a991]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ced060 8 bytes {JMP QWORD [RIP-0x4b2d7]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000750013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007500146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000750016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000750019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000750019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075001a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077ca1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077ca12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077ca1434 8 bytes [A0, 2B, EB, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 0000000077ca17bf 7 bytes [2B, EB, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077ca19c4 8 bytes [80, 2B, EB, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077ca1aa4 8 bytes {JO 0x2d; JMP 0x82} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077ca1c25 8 bytes [60, 2B, EB, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077ca1d8f 8 bytes [50, 2B, EB, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077ca1e75 8 bytes [40, 2B, EB, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077ca20d8 8 bytes {XOR [RBX], CH; JMP 0x82} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cebc00 8 bytes {JMP QWORD [RIP-0x4a162]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cebd80 8 bytes {JMP QWORD [RIP-0x4a161]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cebdb0 8 bytes {JMP QWORD [RIP-0x4a982]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cebed0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cebf80 8 bytes {JMP QWORD [RIP-0x4a7c8]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cec5b0 8 bytes {JMP QWORD [RIP-0x4a4de]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cec800 8 bytes {JMP QWORD [RIP-0x4a991]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ced060 8 bytes {JMP QWORD [RIP-0x4b2d7]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000750013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007500146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000750016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000750019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000750019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075001a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077ca1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077ca12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077ca1434 8 bytes [A0, 8B, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 0000000077ca17bf 7 bytes [8B, EA, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077ca19c4 8 bytes [80, 8B, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077ca1aa4 8 bytes [70, 8B, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077ca1c25 8 bytes [60, 8B, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077ca1d8f 8 bytes [50, 8B, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077ca1e75 8 bytes [40, 8B, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077ca20d8 8 bytes [30, 8B, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cebc00 8 bytes {JMP QWORD [RIP-0x4a162]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cebd80 8 bytes {JMP QWORD [RIP-0x4a161]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cebdb0 8 bytes {JMP QWORD [RIP-0x4a982]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cebed0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cebf80 8 bytes {JMP QWORD [RIP-0x4a7c8]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cec5b0 8 bytes {JMP QWORD [RIP-0x4a4de]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cec800 8 bytes {JMP QWORD [RIP-0x4a991]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ced060 8 bytes {JMP QWORD [RIP-0x4b2d7]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000750013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007500146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000750016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000750019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000750019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075001a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeb86d10 5 bytes JMP 000007fefb1a0060 .text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\dwmapi.dll!DwmExtendFrameIntoClientArea 000007fefb1b3430 5 bytes JMP 000007fefb1a0010 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077ca1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077ca12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077ca1434 8 bytes [A0, 9B, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 0000000077ca17bf 7 bytes [9B, F0, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077ca19c4 8 bytes [80, 9B, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077ca1aa4 8 bytes [70, 9B, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077ca1c25 8 bytes [60, 9B, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077ca1d8f 8 bytes [50, 9B, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077ca1e75 8 bytes [40, 9B, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077ca20d8 8 bytes [30, 9B, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cebc00 8 bytes {JMP QWORD [RIP-0x4a162]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cebd80 8 bytes {JMP QWORD [RIP-0x4a161]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cebdb0 8 bytes {JMP QWORD [RIP-0x4a982]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cebed0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cebf80 8 bytes {JMP QWORD [RIP-0x4a7c8]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cec5b0 8 bytes {JMP QWORD [RIP-0x4a4de]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cec800 8 bytes {JMP QWORD [RIP-0x4a991]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ced060 8 bytes {JMP QWORD [RIP-0x4b2d7]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000750013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007500146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000750016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000750019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000750019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075001a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077ca1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077ca12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077ca1434 8 bytes [A0, FB, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 0000000077ca17bf 7 bytes [FB, F0, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077ca19c4 8 bytes [80, FB, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077ca1aa4 8 bytes [70, FB, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077ca1c25 8 bytes [60, FB, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077ca1d8f 8 bytes [50, FB, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077ca1e75 8 bytes [40, FB, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077ca20d8 8 bytes [30, FB, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cebc00 8 bytes {JMP QWORD [RIP-0x4a162]} .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cebd80 8 bytes {JMP QWORD [RIP-0x4a161]} .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cebdb0 8 bytes {JMP QWORD [RIP-0x4a982]} .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cebed0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cebf80 8 bytes {JMP QWORD [RIP-0x4a7c8]} .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cec5b0 8 bytes {JMP QWORD [RIP-0x4a4de]} .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cec800 8 bytes {JMP QWORD [RIP-0x4a991]} .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ced060 8 bytes {JMP QWORD [RIP-0x4b2d7]} .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000750013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007500146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000750016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000750019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000750019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\LockKey\LockKey.exe[5148] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075001a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077ca1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077ca12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077ca1434 8 bytes [A0, 0B, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 0000000077ca17bf 7 bytes [0B, F6, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077ca19c4 8 bytes [80, 0B, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077ca1aa4 8 bytes [70, 0B, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077ca1c25 8 bytes [60, 0B, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077ca1d8f 8 bytes [50, 0B, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077ca1e75 8 bytes [40, 0B, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077ca20d8 8 bytes [30, 0B, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cebc00 8 bytes {JMP QWORD [RIP-0x4a162]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cebd80 8 bytes {JMP QWORD [RIP-0x4a161]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cebdb0 8 bytes {JMP QWORD [RIP-0x4a982]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cebed0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cebf80 8 bytes {JMP QWORD [RIP-0x4a7c8]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cec5b0 8 bytes {JMP QWORD [RIP-0x4a4de]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cec800 8 bytes {JMP QWORD [RIP-0x4a991]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ced060 8 bytes {JMP QWORD [RIP-0x4b2d7]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000750013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007500146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000750016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000750019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000750019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5228] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075001a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077ca1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077ca12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077ca1434 8 bytes [A0, EB, F1, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 0000000077ca17bf 7 bytes {JMP 0xfffffffffffffff3} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077ca19c4 8 bytes [80, EB, F1, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077ca1aa4 8 bytes [70, EB, F1, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077ca1c25 8 bytes [60, EB, F1, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077ca1d8f 8 bytes {PUSH RAX; JMP 0xfffffffffffffff4} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077ca1e75 8 bytes {JMP 0xfffffffffffffff4} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077ca20d8 8 bytes [30, EB, F1, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cebc00 8 bytes {JMP QWORD [RIP-0x4a162]} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cebd80 8 bytes {JMP QWORD [RIP-0x4a161]} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cebdb0 8 bytes {JMP QWORD [RIP-0x4a982]} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cebed0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cebf80 8 bytes {JMP QWORD [RIP-0x4a7c8]} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cec5b0 8 bytes {JMP QWORD [RIP-0x4a4de]} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cec800 8 bytes {JMP QWORD [RIP-0x4a991]} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ced060 8 bytes {JMP QWORD [RIP-0x4b2d7]} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000750013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007500146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000750016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000750019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000750019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5340] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075001a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077ca1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077ca12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077ca1434 8 bytes [A0, 6B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 0000000077ca17bf 7 bytes [6B, ED, 7E, 00, 00, 00, 00] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077ca19c4 8 bytes [80, 6B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077ca1aa4 8 bytes [70, 6B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077ca1c25 8 bytes [60, 6B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077ca1d8f 8 bytes [50, 6B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077ca1e75 8 bytes [40, 6B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077ca20d8 8 bytes [30, 6B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cebc00 8 bytes {JMP QWORD [RIP-0x4a162]} .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cebd80 8 bytes {JMP QWORD [RIP-0x4a161]} .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cebdb0 8 bytes {JMP QWORD [RIP-0x4a982]} .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cebed0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cebf80 8 bytes {JMP QWORD [RIP-0x4a7c8]} .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cec5b0 8 bytes {JMP QWORD [RIP-0x4a4de]} .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cec800 8 bytes {JMP QWORD [RIP-0x4a991]} .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ced060 8 bytes {JMP QWORD [RIP-0x4b2d7]} .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000750013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007500146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000750016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000750019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000750019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075001a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b31401 2 bytes JMP 76e8b263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b31419 2 bytes JMP 76e8b38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b31431 2 bytes JMP 76f090f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b3144a 2 bytes CALL 76e648ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b314dd 2 bytes JMP 76f089ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b314f5 2 bytes JMP 76f08bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b3150d 2 bytes JMP 76f088e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b31525 2 bytes JMP 76f08caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b3153d 2 bytes JMP 76e7fce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b31555 2 bytes JMP 76e86937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b3156d 2 bytes JMP 76f091a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b31585 2 bytes JMP 76f08d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b3159d 2 bytes JMP 76f088a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b315b5 2 bytes JMP 76e7fd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b315cd 2 bytes JMP 76e8b324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b316b2 2 bytes JMP 76f0906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b316bd 2 bytes JMP 76f08839 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077ca1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077ca12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077ca1434 8 bytes [A0, AB, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 0000000077ca17bf 7 bytes [AB, F5, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077ca19c4 8 bytes [80, AB, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077ca1aa4 8 bytes [70, AB, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077ca1c25 8 bytes [60, AB, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077ca1d8f 8 bytes [50, AB, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077ca1e75 8 bytes [40, AB, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077ca20d8 8 bytes [30, AB, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cebc00 8 bytes {JMP QWORD [RIP-0x4a162]} .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cebd80 8 bytes {JMP QWORD [RIP-0x4a161]} .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cebdb0 8 bytes {JMP QWORD [RIP-0x4a982]} .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cebed0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cebf80 8 bytes {JMP QWORD [RIP-0x4a7c8]} .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cec5b0 8 bytes {JMP QWORD [RIP-0x4a4de]} .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cec800 8 bytes {JMP QWORD [RIP-0x4a991]} .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ced060 8 bytes {JMP QWORD [RIP-0x4b2d7]} .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000750013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007500146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000750016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000750019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000750019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075001a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b31401 2 bytes JMP 76e8b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b31419 2 bytes JMP 76e8b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b31431 2 bytes JMP 76f090f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b3144a 2 bytes CALL 76e648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b314dd 2 bytes JMP 76f089ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b314f5 2 bytes JMP 76f08bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b3150d 2 bytes JMP 76f088e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b31525 2 bytes JMP 76f08caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b3153d 2 bytes JMP 76e7fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b31555 2 bytes JMP 76e86937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b3156d 2 bytes JMP 76f091a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b31585 2 bytes JMP 76f08d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b3159d 2 bytes JMP 76f088a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b315b5 2 bytes JMP 76e7fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b315cd 2 bytes JMP 76e8b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b316b2 2 bytes JMP 76f0906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clover\clover.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b316bd 2 bytes JMP 76f08839 C:\Windows\syswow64\kernel32.dll ? C:\Windows\system32\mssprxy.dll [5516] entry point in ".rdata" section 000000005fea71e6 .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077ca1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077ca12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077ca1434 8 bytes [A0, DB, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 0000000077ca17bf 7 bytes [DB, F3, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077ca19c4 8 bytes [80, DB, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077ca1aa4 8 bytes [70, DB, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077ca1c25 8 bytes [60, DB, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077ca1d8f 8 bytes [50, DB, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077ca1e75 8 bytes [40, DB, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077ca20d8 8 bytes [30, DB, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cebc00 8 bytes {JMP QWORD [RIP-0x4a162]} .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cebd80 8 bytes {JMP QWORD [RIP-0x4a161]} .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cebdb0 8 bytes {JMP QWORD [RIP-0x4a982]} .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cebed0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cebf80 8 bytes {JMP QWORD [RIP-0x4a7c8]} .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cec5b0 8 bytes {JMP QWORD [RIP-0x4a4de]} .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cec800 8 bytes {JMP QWORD [RIP-0x4a991]} .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ced060 8 bytes {JMP QWORD [RIP-0x4b2d7]} .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000750013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007500146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000750016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000750019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000750019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe[5748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075001a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077ca1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077ca12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077ca1434 8 bytes [A0, 7B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 0000000077ca17bf 7 bytes [7B, ED, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077ca19c4 8 bytes [80, 7B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077ca1aa4 8 bytes [70, 7B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077ca1c25 8 bytes [60, 7B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077ca1d8f 8 bytes [50, 7B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077ca1e75 8 bytes [40, 7B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077ca20d8 8 bytes [30, 7B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cebc00 8 bytes {JMP QWORD [RIP-0x4a162]} .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cebd80 8 bytes {JMP QWORD [RIP-0x4a161]} .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cebdb0 8 bytes {JMP QWORD [RIP-0x4a982]} .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cebed0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cebf80 8 bytes {JMP QWORD [RIP-0x4a7c8]} .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cec5b0 8 bytes {JMP QWORD [RIP-0x4a4de]} .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cec800 8 bytes {JMP QWORD [RIP-0x4a991]} .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ced060 8 bytes {JMP QWORD [RIP-0x4b2d7]} .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000750013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007500146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000750016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000750019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000750019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5788] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075001a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077ca1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077ca12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077ca1434 8 bytes [A0, 4B, EB, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 0000000077ca17bf 7 bytes {JMP 0x2} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077ca19c4 8 bytes [80, 4B, EB, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077ca1aa4 8 bytes {JO 0x4d; JMP 0x3} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077ca1c25 8 bytes [60, 4B, EB, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077ca1d8f 8 bytes {PUSH RAX; JMP 0x3} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077ca1e75 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077ca20d8 8 bytes [30, 4B, EB, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cebc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cebd80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cebdb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cebed0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cebf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cec5b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cec800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ced060 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000750013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007500146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000750016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000750019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000750019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3020] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075001a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077ca1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077ca12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077ca1434 8 bytes [A0, 5B, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 0000000077ca17bf 7 bytes [5B, F4, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077ca19c4 8 bytes [80, 5B, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077ca1aa4 8 bytes [70, 5B, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077ca1c25 8 bytes [60, 5B, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077ca1d8f 8 bytes [50, 5B, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077ca1e75 8 bytes [40, 5B, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077ca20d8 8 bytes [30, 5B, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cebc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cebd80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cebdb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cebed0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cebf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cec5b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cec800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ced060 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000750013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007500146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000750016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000750019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000750019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4156] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075001a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077ca1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077ca12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077ca1434 8 bytes [A0, 1B, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 0000000077ca17bf 7 bytes [1B, E9, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077ca19c4 8 bytes [80, 1B, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077ca1aa4 8 bytes {JO 0x1d; JMP 0x106} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077ca1c25 8 bytes [60, 1B, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077ca1d8f 8 bytes [50, 1B, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077ca1e75 8 bytes [40, 1B, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077ca20d8 8 bytes {XOR [RBX], BL; JMP 0x106} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cebc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cebd80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cebdb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cebed0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cebf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cec5b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cec800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ced060 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000750013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007500146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000750016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000750019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000750019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5460] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075001a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077ca1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077ca12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077ca1434 8 bytes [A0, 9B, EB, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 0000000077ca17bf 7 bytes {WAIT ; JMP 0x2} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077ca19c4 8 bytes [80, 9B, EB, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077ca1aa4 8 bytes {JO 0xffffffffffffff9d; JMP 0x3} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077ca1c25 8 bytes [60, 9B, EB, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077ca1d8f 8 bytes {PUSH RAX; WAIT ; JMP 0x3} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077ca1e75 8 bytes {WAIT ; JMP 0x3} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077ca20d8 8 bytes [30, 9B, EB, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cebc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cebd80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cebdb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cebed0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cebf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cec5b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cec800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ced060 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000750013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007500146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000750016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000750019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000750019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075001a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077ca1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077ca12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077ca1434 8 bytes [A0, 8B, F6, 7E, 00, 00, 00, ...] .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 0000000077ca17bf 7 bytes [8B, F6, 7E, 00, 00, 00, 00] .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077ca19c4 8 bytes [80, 8B, F6, 7E, 00, 00, 00, ...] .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077ca1aa4 8 bytes [70, 8B, F6, 7E, 00, 00, 00, ...] .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077ca1c25 8 bytes [60, 8B, F6, 7E, 00, 00, 00, ...] .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077ca1d8f 8 bytes [50, 8B, F6, 7E, 00, 00, 00, ...] .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077ca1e75 8 bytes [40, 8B, F6, 7E, 00, 00, 00, ...] .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077ca20d8 8 bytes [30, 8B, F6, 7E, 00, 00, 00, ...] .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cebc00 8 bytes {JMP QWORD [RIP-0x4a162]} .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cebd80 8 bytes {JMP QWORD [RIP-0x4a161]} .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cebdb0 8 bytes {JMP QWORD [RIP-0x4a982]} .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cebed0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cebf80 8 bytes {JMP QWORD [RIP-0x4a7c8]} .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cec5b0 8 bytes {JMP QWORD [RIP-0x4a4de]} .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cec800 8 bytes {JMP QWORD [RIP-0x4a991]} .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ced060 8 bytes {JMP QWORD [RIP-0x4b2d7]} .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000750013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007500146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000750016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000750019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000750019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Maniek\Desktop\fixit\cm3q4qwb.exe[6840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075001a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff8800393aef8] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Threads - GMER 2.2 ---- Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:3400] 0000000077ed7ad8 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:3416] 0000000077ed1697 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:3208] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:3164] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:3192] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:2876] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:3264] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:3276] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:3284] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:3280] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:816] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:2356] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4124] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4128] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4148] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4176] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4180] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4184] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4188] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4192] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4196] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4200] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4248] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4252] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4256] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4300] 0000000077ed7ad8 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4304] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4308] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4312] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4316] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4320] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4332] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4340] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4684] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4688] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4692] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4852] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4856] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4860] 00000000721c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3384:4864] 00000000721c29e1 Thread C:\Windows\System32\svchost.exe [784:4100] 000007fef3679688 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2704:4172] 000007fefaa52af4 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2704:2552] 000007fef39a8f70 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2704:2992] 000007fef60e5124 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9d74ff4 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{C58DBF24-2981-4DCE-877E-3B437800D88C}@InterfaceName isatap.{B409879A-3835-4DFD-82DC-7F694CDB0193} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{C58DBF24-2981-4DCE-877E-3B437800D88C}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9d74ff4 (not active ControlSet) ---- EOF - GMER 2.2 ----