GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-06-29 18:44:40 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 CT250BX100SSD1 rev.MU02 232,89GB Running: ilclow41.exe; Driver: C:\Users\R\AppData\Local\Temp\axloauog.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!XFORMOBJ_iGetFloatObjXform + 82 fffff9600004fd12 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Windows\System32\win32k.sys!XFORMOBJ_iGetFloatObjXform + 498 fffff9600004feb2 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000105500 7 bytes [80, 57, F3, FF, 41, 64, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000105508 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075771401 2 bytes JMP 7671b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1328] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075771419 2 bytes JMP 7671b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075771431 2 bytes JMP 767990f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007577144a 2 bytes CALL 766f48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1328] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757714dd 2 bytes JMP 767989ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757714f5 2 bytes JMP 76798bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007577150d 2 bytes JMP 767988e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075771525 2 bytes JMP 76798caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007577153d 2 bytes JMP 7670fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1328] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075771555 2 bytes JMP 76716937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007577156d 2 bytes JMP 767991a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075771585 2 bytes JMP 76798d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007577159d 2 bytes JMP 767988a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757715b5 2 bytes JMP 7670fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757715cd 2 bytes JMP 7671b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757716b2 2 bytes JMP 7679906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757716bd 2 bytes JMP 76798839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Wifisrv\WifiService.exe[2420] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000766f8791 5 bytes [33, C0, C2, 04, 00] .text C:\Program Files (x86)\Wifisrv\WifiService.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075771401 2 bytes JMP 7671b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Wifisrv\WifiService.exe[2420] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075771419 2 bytes JMP 7671b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Wifisrv\WifiService.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075771431 2 bytes JMP 767990f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Wifisrv\WifiService.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007577144a 2 bytes CALL 766f48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Wifisrv\WifiService.exe[2420] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757714dd 2 bytes JMP 767989ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Wifisrv\WifiService.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757714f5 2 bytes JMP 76798bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Wifisrv\WifiService.exe[2420] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007577150d 2 bytes JMP 767988e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Wifisrv\WifiService.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075771525 2 bytes JMP 76798caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Wifisrv\WifiService.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007577153d 2 bytes JMP 7670fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Wifisrv\WifiService.exe[2420] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075771555 2 bytes JMP 76716937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Wifisrv\WifiService.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007577156d 2 bytes JMP 767991a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Wifisrv\WifiService.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075771585 2 bytes JMP 76798d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Wifisrv\WifiService.exe[2420] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007577159d 2 bytes JMP 767988a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Wifisrv\WifiService.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757715b5 2 bytes JMP 7670fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Wifisrv\WifiService.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757715cd 2 bytes JMP 7671b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Wifisrv\WifiService.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757716b2 2 bytes JMP 7679906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Wifisrv\WifiService.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757716bd 2 bytes JMP 76798839 C:\Windows\syswow64\kernel32.dll .text C:\Windows\Explorer.EXE[4520] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076bfdbf0 5 bytes JMP 0000000003930018 .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, 2B, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [2B, F8, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, 2B, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, 2B, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, 2B, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, 2B, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, 2B, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes {JMP QWORD [RIP-0x4a2e1]} .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes {JMP QWORD [RIP-0x4a2f7]} .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes {JMP QWORD [RIP-0x4a8f8]} .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes {JMP QWORD [RIP-0x4a732]} .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes {JMP QWORD [RIP-0x4a8c2]} .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes {JMP QWORD [RIP-0x4a5f2]} .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes {JMP QWORD [RIP-0x4aa1e]} .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes {JMP QWORD [RIP-0x4b4f1]} .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\MPC Cleaner\MPCTray.exe[4544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, 0B, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [0B, F5, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, 0B, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, 0B, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, 0B, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, 0B, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, 0B, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes {JMP QWORD [RIP-0x4a2e1]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes {JMP QWORD [RIP-0x4a2f7]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes {JMP QWORD [RIP-0x4a8f8]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes {JMP QWORD [RIP-0x4a732]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes {JMP QWORD [RIP-0x4a8c2]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes {JMP QWORD [RIP-0x4a5f2]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes {JMP QWORD [RIP-0x4aa1e]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes {JMP QWORD [RIP-0x4b4f1]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075771401 2 bytes JMP 7671b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075771419 2 bytes JMP 7671b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075771431 2 bytes JMP 767990f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007577144a 2 bytes CALL 766f48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757714dd 2 bytes JMP 767989ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757714f5 2 bytes JMP 76798bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007577150d 2 bytes JMP 767988e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075771525 2 bytes JMP 76798caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007577153d 2 bytes JMP 7670fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075771555 2 bytes JMP 76716937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007577156d 2 bytes JMP 767991a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075771585 2 bytes JMP 76798d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007577159d 2 bytes JMP 767988a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757715b5 2 bytes JMP 7670fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757715cd 2 bytes JMP 7671b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757716b2 2 bytes JMP 7679906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757716bd 2 bytes JMP 76798839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 000000006b7511a8 2 bytes [75, 6B] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 000000006b75127d 2 bytes CALL 766f14c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 000000006b751310 2 bytes CALL 766f14c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 000000006b7513a8 2 bytes [75, 6B] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 000000006b751422 2 bytes [75, 6B] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4928] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 000000006b751498 2 bytes [75, 6B] .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, DB, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [DB, F7, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, DB, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, DB, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, DB, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, DB, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, DB, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes {JMP QWORD [RIP-0x4a2e1]} .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes {JMP QWORD [RIP-0x4a2f7]} .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes {JMP QWORD [RIP-0x4a8f8]} .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes {JMP QWORD [RIP-0x4a732]} .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes {JMP QWORD [RIP-0x4a8c2]} .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes {JMP QWORD [RIP-0x4a5f2]} .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes {JMP QWORD [RIP-0x4aa1e]} .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes {JMP QWORD [RIP-0x4b4f1]} .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe[5056] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, FB, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [FB, EC, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, FB, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, FB, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, FB, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, FB, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, FB, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes {JMP QWORD [RIP-0x4a2e1]} .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes {JMP QWORD [RIP-0x4a2f7]} .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes {JMP QWORD [RIP-0x4a8f8]} .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes {JMP QWORD [RIP-0x4a732]} .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes {JMP QWORD [RIP-0x4a8c2]} .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes {JMP QWORD [RIP-0x4a5f2]} .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes {JMP QWORD [RIP-0x4aa1e]} .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes {JMP QWORD [RIP-0x4b4f1]} .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe[5088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, CB, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [CB, ED, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, CB, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, CB, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, CB, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, CB, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, CB, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes {JMP QWORD [RIP-0x4a2e1]} .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes {JMP QWORD [RIP-0x4a2f7]} .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes {JMP QWORD [RIP-0x4a8f8]} .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes {JMP QWORD [RIP-0x4a732]} .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes {JMP QWORD [RIP-0x4a8c2]} .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes {JMP QWORD [RIP-0x4a5f2]} .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes {JMP QWORD [RIP-0x4aa1e]} .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes {JMP QWORD [RIP-0x4b4f1]} .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe[3272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, 9B, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [9B, EC, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, 9B, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, 9B, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, 9B, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, 9B, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, 9B, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes {JMP QWORD [RIP-0x4a2e1]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes {JMP QWORD [RIP-0x4a2f7]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes {JMP QWORD [RIP-0x4a8f8]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes {JMP QWORD [RIP-0x4a732]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes {JMP QWORD [RIP-0x4a8c2]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes {JMP QWORD [RIP-0x4a5f2]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes {JMP QWORD [RIP-0x4aa1e]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes {JMP QWORD [RIP-0x4b4f1]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3836] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, 5B, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [5B, F3, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, 5B, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, 5B, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, 5B, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, 5B, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, 5B, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes {JMP QWORD [RIP-0x4a2e1]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes {JMP QWORD [RIP-0x4a2f7]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes {JMP QWORD [RIP-0x4a8f8]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes {JMP QWORD [RIP-0x4a732]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes {JMP QWORD [RIP-0x4a8c2]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes {JMP QWORD [RIP-0x4a5f2]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes {JMP QWORD [RIP-0x4aa1e]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes {JMP QWORD [RIP-0x4b4f1]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, BB, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [BB, EA, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, BB, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, BB, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, BB, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, BB, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, BB, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes {JMP QWORD [RIP-0x4a2e1]} .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes {JMP QWORD [RIP-0x4a2f7]} .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes {JMP QWORD [RIP-0x4a8f8]} .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes {JMP QWORD [RIP-0x4a732]} .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes {JMP QWORD [RIP-0x4a8c2]} .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes {JMP QWORD [RIP-0x4a5f2]} .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes {JMP QWORD [RIP-0x4aa1e]} .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes {JMP QWORD [RIP-0x4b4f1]} .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4516] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, AB, F3, 7E, 00, 00, 00, ...] .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [AB, F3, 7E, 00, 00, 00, 00] .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, AB, F3, 7E, 00, 00, 00, ...] .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, AB, F3, 7E, 00, 00, 00, ...] .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, AB, F3, 7E, 00, 00, 00, ...] .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, AB, F3, 7E, 00, 00, 00, ...] .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, AB, F3, 7E, 00, 00, 00, ...] .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes {JMP QWORD [RIP-0x4a2e1]} .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes {JMP QWORD [RIP-0x4a2f7]} .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes {JMP QWORD [RIP-0x4a8f8]} .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes {JMP QWORD [RIP-0x4a732]} .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes {JMP QWORD [RIP-0x4a8c2]} .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes {JMP QWORD [RIP-0x4a5f2]} .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes {JMP QWORD [RIP-0x4aa1e]} .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes {JMP QWORD [RIP-0x4b4f1]} .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4580] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, 2B, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [2B, F4, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, 2B, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, 2B, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, 2B, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, 2B, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, 2B, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes {JMP QWORD [RIP-0x4a2e1]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes {JMP QWORD [RIP-0x4a2f7]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes {JMP QWORD [RIP-0x4a8f8]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes {JMP QWORD [RIP-0x4a732]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes {JMP QWORD [RIP-0x4a8c2]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes {JMP QWORD [RIP-0x4a5f2]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes {JMP QWORD [RIP-0x4aa1e]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes {JMP QWORD [RIP-0x4b4f1]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075771401 2 bytes JMP 7671b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075771419 2 bytes JMP 7671b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075771431 2 bytes JMP 767990f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007577144a 2 bytes CALL 766f48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757714dd 2 bytes JMP 767989ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757714f5 2 bytes JMP 76798bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007577150d 2 bytes JMP 767988e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075771525 2 bytes JMP 76798caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007577153d 2 bytes JMP 7670fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075771555 2 bytes JMP 76716937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007577156d 2 bytes JMP 767991a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075771585 2 bytes JMP 76798d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007577159d 2 bytes JMP 767988a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757715b5 2 bytes JMP 7670fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757715cd 2 bytes JMP 7671b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757716b2 2 bytes JMP 7679906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757716bd 2 bytes JMP 76798839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, EB, EB, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes {JMP 0xffffffffffffffed} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, EB, EB, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes {JO 0xffffffffffffffed; JMP 0x82} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, EB, EB, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes {PUSH RAX; JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes {JMP QWORD [RIP-0x4a2e1]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes {JMP QWORD [RIP-0x4a2f7]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes {JMP QWORD [RIP-0x4a8f8]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes {JMP QWORD [RIP-0x4a732]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes {JMP QWORD [RIP-0x4a8c2]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes {JMP QWORD [RIP-0x4a5f2]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes {JMP QWORD [RIP-0x4aa1e]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes {JMP QWORD [RIP-0x4b4f1]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4440] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, 3B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [3B, EE, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, 3B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, 3B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, 3B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, 3B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, 3B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, AB, F1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [AB, F1, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, AB, F1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, AB, F1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, AB, F1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, AB, F1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, AB, F1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, AB, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [AB, ED, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, AB, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, AB, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, AB, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, AB, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, AB, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes {JMP QWORD [RIP-0x4a2e1]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes {JMP QWORD [RIP-0x4a2f7]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes {JMP QWORD [RIP-0x4a8f8]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes {JMP QWORD [RIP-0x4a732]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes {JMP QWORD [RIP-0x4a8c2]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes {JMP QWORD [RIP-0x4a5f2]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes {JMP QWORD [RIP-0x4aa1e]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes {JMP QWORD [RIP-0x4b4f1]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075771401 2 bytes JMP 7671b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075771419 2 bytes JMP 7671b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075771431 2 bytes JMP 767990f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007577144a 2 bytes CALL 766f48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757714dd 2 bytes JMP 767989ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757714f5 2 bytes JMP 76798bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007577150d 2 bytes JMP 767988e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075771525 2 bytes JMP 76798caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007577153d 2 bytes JMP 7670fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075771555 2 bytes JMP 76716937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007577156d 2 bytes JMP 767991a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075771585 2 bytes JMP 76798d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007577159d 2 bytes JMP 767988a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757715b5 2 bytes JMP 7670fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757715cd 2 bytes JMP 7671b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757716b2 2 bytes JMP 7679906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757716bd 2 bytes JMP 76798839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, 2B, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [2B, EE, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, 2B, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, 2B, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, 2B, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, 2B, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, 2B, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes {JMP QWORD [RIP-0x4a2e1]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes {JMP QWORD [RIP-0x4a2f7]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes {JMP QWORD [RIP-0x4a8f8]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes {JMP QWORD [RIP-0x4a732]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes {JMP QWORD [RIP-0x4a8c2]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes {JMP QWORD [RIP-0x4a5f2]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes {JMP QWORD [RIP-0x4aa1e]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes {JMP QWORD [RIP-0x4b4f1]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075771401 2 bytes JMP 7671b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075771419 2 bytes JMP 7671b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075771431 2 bytes JMP 767990f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007577144a 2 bytes CALL 766f48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757714dd 2 bytes JMP 767989ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757714f5 2 bytes JMP 76798bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007577150d 2 bytes JMP 767988e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075771525 2 bytes JMP 76798caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007577153d 2 bytes JMP 7670fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075771555 2 bytes JMP 76716937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007577156d 2 bytes JMP 767991a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075771585 2 bytes JMP 76798d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007577159d 2 bytes JMP 767988a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757715b5 2 bytes JMP 7670fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757715cd 2 bytes JMP 7671b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757716b2 2 bytes JMP 7679906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757716bd 2 bytes JMP 76798839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, 1B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [1B, F2, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, 1B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, 1B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, 1B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, 1B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, 1B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe[5420] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, AB, EB, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes {STOSD ; JMP 0x2} .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, AB, EB, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes {JO 0xffffffffffffffad; JMP 0x3} .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, AB, EB, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes {PUSH RAX; STOSD ; JMP 0x3} .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes {STOSD ; JMP 0x3} .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, 5B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [5B, F2, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, 5B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, 5B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, 5B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, 5B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, 5B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, 0B, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [0B, F4, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, 0B, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, 0B, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, 0B, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, 0B, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, 0B, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6592] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, EB, F1, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes {JMP 0xfffffffffffffff3} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, EB, F1, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, EB, F1, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, EB, F1, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes {PUSH RAX; JMP 0xfffffffffffffff4} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes {JMP 0xfffffffffffffff4} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes {JMP QWORD [RIP-0x4a2e1]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes {JMP QWORD [RIP-0x4a2f7]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes {JMP QWORD [RIP-0x4a8f8]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes {JMP QWORD [RIP-0x4a732]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes {JMP QWORD [RIP-0x4a8c2]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes {JMP QWORD [RIP-0x4a5f2]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes {JMP QWORD [RIP-0x4aa1e]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes {JMP QWORD [RIP-0x4b4f1]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[7088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, EB, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes {JMP 0xfffffffffffffff6} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, EB, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, EB, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, EB, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes {PUSH RAX; JMP 0xfffffffffffffff7} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes {JMP 0xfffffffffffffff7} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes {JMP QWORD [RIP-0x4a2e1]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes {JMP QWORD [RIP-0x4a2f7]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes {JMP QWORD [RIP-0x4a8f8]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes {JMP QWORD [RIP-0x4a732]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes {JMP QWORD [RIP-0x4a8c2]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes {JMP QWORD [RIP-0x4a5f2]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes {JMP QWORD [RIP-0x4aa1e]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes {JMP QWORD [RIP-0x4b4f1]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[7096] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, 0B, F1, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [0B, F1, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, 0B, F1, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, 0B, F1, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, 0B, F1, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, 0B, F1, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, 0B, F1, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes {JMP QWORD [RIP-0x4a2e1]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes {JMP QWORD [RIP-0x4a2f7]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes {JMP QWORD [RIP-0x4a8f8]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes {JMP QWORD [RIP-0x4a732]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes {JMP QWORD [RIP-0x4a8c2]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes {JMP QWORD [RIP-0x4a5f2]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes {JMP QWORD [RIP-0x4aa1e]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes {JMP QWORD [RIP-0x4b4f1]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075771401 2 bytes JMP 7671b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075771419 2 bytes JMP 7671b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075771431 2 bytes JMP 767990f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007577144a 2 bytes CALL 766f48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757714dd 2 bytes JMP 767989ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757714f5 2 bytes JMP 76798bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007577150d 2 bytes JMP 767988e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075771525 2 bytes JMP 76798caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007577153d 2 bytes JMP 7670fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075771555 2 bytes JMP 76716937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007577156d 2 bytes JMP 767991a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075771585 2 bytes JMP 76798d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007577159d 2 bytes JMP 767988a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757715b5 2 bytes JMP 7670fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757715cd 2 bytes JMP 7671b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757716b2 2 bytes JMP 7679906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[7116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757716bd 2 bytes JMP 76798839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, DB, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [DB, F7, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, DB, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, DB, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, DB, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, DB, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, DB, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes {JMP QWORD [RIP-0x4a2e1]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes {JMP QWORD [RIP-0x4a2f7]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes {JMP QWORD [RIP-0x4a8f8]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes {JMP QWORD [RIP-0x4a732]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes {JMP QWORD [RIP-0x4a8c2]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes {JMP QWORD [RIP-0x4a5f2]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes {JMP QWORD [RIP-0x4aa1e]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes {JMP QWORD [RIP-0x4b4f1]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075771401 2 bytes JMP 7671b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075771419 2 bytes JMP 7671b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075771431 2 bytes JMP 767990f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007577144a 2 bytes CALL 766f48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757714dd 2 bytes JMP 767989ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757714f5 2 bytes JMP 76798bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007577150d 2 bytes JMP 767988e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075771525 2 bytes JMP 76798caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007577153d 2 bytes JMP 7670fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075771555 2 bytes JMP 76716937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007577156d 2 bytes JMP 767991a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075771585 2 bytes JMP 76798d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007577159d 2 bytes JMP 767988a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757715b5 2 bytes JMP 7670fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757715cd 2 bytes JMP 7671b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757716b2 2 bytes JMP 7679906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[7508] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757716bd 2 bytes JMP 76798839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, 4B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [4B, F2, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, 4B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, 4B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, 4B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, 4B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, 4B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, 6B, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [6B, F6, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, 6B, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, 6B, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, 6B, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, 6B, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, 6B, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[5344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, 4B, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes {JMP 0x105} .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, 4B, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes {JO 0x4d; JMP 0x106} .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, 4B, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes {PUSH RAX; JMP 0x106} .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes {JMP 0x106} .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[7152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, 4B, F1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [4B, F1, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, 4B, F1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, 4B, F1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, 4B, F1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, 4B, F1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, 4B, F1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, 0B, F7, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [0B, F7, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, 0B, F7, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, 0B, F7, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, 0B, F7, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, 0B, F7, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, 0B, F7, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[6068] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, 6B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [6B, EE, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, 6B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, 6B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, 6B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, 6B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, 6B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe[4856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e01434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e017be 8 bytes [A0, 1B, ED, 7E, 00, 00, 00, ...] .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 645 0000000076e019c5 7 bytes [1B, ED, 7E, 00, 00, 00, 00] .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e01aa4 8 bytes [80, 1B, ED, 7E, 00, 00, 00, ...] .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e01c25 8 bytes [70, 1B, ED, 7E, 00, 00, 00, ...] .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e01d8f 8 bytes [60, 1B, ED, 7E, 00, 00, 00, ...] .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e01e75 8 bytes [50, 1B, ED, 7E, 00, 00, 00, ...] .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 600 0000000076e020e8 8 bytes [40, 1B, ED, 7E, 00, 00, 00, ...] .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076e4bf00 8 bytes {JMP QWORD [RIP-0x4a2e1]} .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076e4c080 8 bytes {JMP QWORD [RIP-0x4a2f7]} .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076e4c0b0 8 bytes {JMP QWORD [RIP-0x4a8f8]} .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e4c1d0 8 bytes {JMP QWORD [RIP-0x4a732]} .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e4c280 8 bytes {JMP QWORD [RIP-0x4a8c2]} .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e4c8b0 8 bytes {JMP QWORD [RIP-0x4a5f2]} .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076e4cb00 8 bytes {JMP QWORD [RIP-0x4aa1e]} .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e4d360 8 bytes {JMP QWORD [RIP-0x4b4f1]} .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007351146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\R\AppData\Local\Temp\scoped_dir5868_22273\ilclow41.exe[7496] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073511a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff880034cfad8] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\AUDIODG.EXE[552] @ C:\Windows\system32\AUDIODG.EXE[ntdll.dll!NtClose] [76fb0010] IAT C:\Windows\system32\AUDIODG.EXE[552] @ C:\Windows\system32\AUDIODG.EXE[ntdll.dll!NtAlpcSendWaitReceivePort] [76fb0000] IAT C:\Windows\system32\AUDIODG.EXE[552] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtClose] [76fb0010] IAT C:\Windows\system32\AUDIODG.EXE[552] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtClose] [76fb0010] IAT C:\Windows\system32\AUDIODG.EXE[552] @ C:\Windows\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [76fb0000] IAT C:\Windows\system32\AUDIODG.EXE[552] @ C:\Windows\system32\RPCRT4.dll[ntdll.dll!NtClose] [76fb0010] IAT C:\Windows\system32\AUDIODG.EXE[552] @ C:\Windows\system32\USER32.dll[ntdll.dll!NtClose] [76fb0010] IAT C:\Windows\system32\AUDIODG.EXE[552] @ C:\Windows\system32\GDI32.dll[ntdll.dll!NtClose] [76fb0010] IAT C:\Windows\system32\AUDIODG.EXE[552] @ C:\Windows\system32\ole32.dll[ntdll.dll!NtClose] [76fb0010] IAT C:\Windows\system32\AUDIODG.EXE[552] @ C:\Windows\system32\MSCTF.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [76fb0000] IAT C:\Windows\system32\AUDIODG.EXE[552] @ C:\Windows\system32\MSCTF.dll[ntdll.dll!NtClose] [76fb0010] IAT C:\Windows\system32\AUDIODG.EXE[552] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtClose] [76fb0010] IAT C:\Windows\system32\AUDIODG.EXE[552] @ C:\Windows\system32\CRYPTBASE.dll[ntdll.dll!NtClose] [76fb0010] IAT C:\Windows\system32\AUDIODG.EXE[552] @ C:\Windows\system32\RpcRtRemote.dll[ntdll.dll!NtClose] [76fb0010] IAT C:\Windows\system32\AUDIODG.EXE[552] @ C:\Windows\system32\ntmarta.dll[ntdll.dll!NtClose] [76fb0010] IAT C:\Windows\system32\AUDIODG.EXE[552] @ C:\Windows\system32\CRYPTSP.dll[ntdll.dll!NtClose] [76fb0010] IAT C:\Windows\system32\AUDIODG.EXE[552] @ C:\Windows\system32\rsaenh.dll[ntdll.dll!NtClose] [76fb0010] IAT C:\Windows\system32\AUDIODG.EXE[552] @ C:\Windows\System32\audioses.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [76fb0000] IAT C:\Windows\system32\AUDIODG.EXE[552] @ C:\Windows\System32\AVRT.dll[ntdll.dll!NtClose] [76fb0010] IAT C:\Windows\system32\AUDIODG.EXE[552] @ C:\Windows\System32\AVRT.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [76fb0000] IAT C:\Windows\system32\AUDIODG.EXE[552] @ C:\Windows\system32\SETUPAPI.dll[ntdll.dll!NtClose] [76fb0010] IAT C:\Windows\system32\AUDIODG.EXE[552] @ C:\Windows\system32\CRYPT32.dll[ntdll.dll!NtClose] [76fb0010] ---- Files - GMER 2.2 ---- File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Dwie.Twierdze\01.mp3 3596582 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Dwie.Twierdze\02.mp3 19457870 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Dwie.Twierdze\03.mp3 10637965 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Dwie.Twierdze\04.mp3 5995918 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Dwie.Twierdze\05.mp3 10626695 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Dwie.Twierdze\06.mp3 28957855 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Dwie.Twierdze\07.mp3 18481921 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Dwie.Twierdze\08.mp3 19002740 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Dwie.Twierdze\09.mp3 5509944 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Dwie.Twierdze\10.mp3 3755117 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-General\01.mp3 27121868 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-General\02.mp3 18316613 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-General\03.mp3 28585416 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-General\04.mp3 16245934 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-General\05.mp3 22758501 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-General\06.mp3 11390717 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-General\07.mp3 23575944 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Gniew\01.mp3 97596759 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Gniew\02.mp3 18238245 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Gniew\03.mp3 43346416 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Korzenie.wojny\01.mp3 25870694 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Korzenie.wojny\02.mp3 28641397 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Korzenie.wojny\03.mp3 33459262 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Korzenie.wojny\04.mp3 16641340 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Korzenie.wojny\05.mp3 41804363 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Odrodzenie\01.mp3 19308836 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Odrodzenie\02.mp3 12093848 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Odrodzenie\03.mp3 12704903 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Odrodzenie\04.mp3 24339197 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Odrodzenie\05.mp3 64821573 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Szabla.polska\01.mp3 6932420 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Szabla.polska\02.mp3 37126231 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Szabla.polska\03.mp3 95134320 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Szpieg\01.mp3 25012527 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Szpieg\02.mp3 17128846 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Szpieg\03.mp3 20671265 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Szpieg\04.mp3 31145392 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Szpieg\05.mp3 31031284 bytes File C:\Users\R\Downloads\Boguslaw.woloszanski.-.zolnierze.honoru._sluchowisko.pl_._up.by.equalizer_\Boguslaw.Woloszanski.-.Zolnierze.honoru.(Sluchowisko.PL).(up.by.Equalizer)\Boguslaw.Woloszanski.-.Zolnierze.honoru\Boguslaw.Woloszan´ski.-.Z˙olnierze.honoru\Woloszanski.Boguslaw-Zolnierze.Honoru-Szpieg\06.mp3 21162123 bytes ---- EOF - GMER 2.2 ----