GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-04 00:18:55 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000079 Samsung_ rev.EXM0 238,47GB Running: dy8j249l.exe; Driver: C:\Users\Kabuto\AppData\Local\Temp\fxtdypow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076631401 2 bytes JMP 76b7b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076631419 2 bytes JMP 76b7b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076631431 2 bytes JMP 76bf9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007663144a 2 bytes CALL 76b54885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766314dd 2 bytes JMP 76bf8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766314f5 2 bytes JMP 76bf8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007663150d 2 bytes JMP 76bf8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076631525 2 bytes JMP 76bf8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007663153d 2 bytes JMP 76b6fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076631555 2 bytes JMP 76b76907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007663156d 2 bytes JMP 76bf9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076631585 2 bytes JMP 76bf8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007663159d 2 bytes JMP 76bf88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766315b5 2 bytes JMP 76b6fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766315cd 2 bytes JMP 76b7b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766316b2 2 bytes JMP 76bf90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766316bd 2 bytes JMP 76bf8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077c91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c91434 8 bytes [50, FE, EA, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c917be 8 bytes [40, FE, EA, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c91a94 8 bytes [30, FE, EA, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c91c15 8 bytes [20, FE, EA, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c91d7f 8 bytes [10, FE, EA, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c91e65 8 bytes [00, FE, EA, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077c920c8 8 bytes [F0, FD, EA, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cdbe00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cdbf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cdbfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cdc0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cdc180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cdc7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cdca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cdd260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007432146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1500] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074321a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077c91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c91434 8 bytes [50, CE, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c917be 8 bytes [40, CE, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c91a94 8 bytes [30, CE, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c91c15 8 bytes [20, CE, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c91d7f 8 bytes [10, CE, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c91e65 8 bytes [00, CE, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077c920c8 8 bytes [F0, CD, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cdbe00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cdbf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cdbfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cdc0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cdc180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cdc7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cdca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cdd260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007432146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074321a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077c91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c91434 8 bytes [50, 7E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c917be 8 bytes [40, 7E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c91a94 8 bytes [30, 7E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c91c15 8 bytes [20, 7E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c91d7f 8 bytes [10, 7E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c91e65 8 bytes [00, 7E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077c920c8 8 bytes [F0, 7D, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cdbe00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cdbf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cdbfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cdc0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cdc180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cdc7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cdca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cdd260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007432146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074321a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077c91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c91434 8 bytes [50, CE, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c917be 8 bytes [40, CE, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c91a94 8 bytes [30, CE, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c91c15 8 bytes [20, CE, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c91d7f 8 bytes [10, CE, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c91e65 8 bytes [00, CE, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077c920c8 8 bytes [F0, CD, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cdbe00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cdbf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cdbfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cdc0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cdc180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cdc7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cdca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cdd260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007432146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074321a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076631401 2 bytes JMP 76b7b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076631419 2 bytes JMP 76b7b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076631431 2 bytes JMP 76bf9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007663144a 2 bytes CALL 76b54885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766314dd 2 bytes JMP 76bf8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766314f5 2 bytes JMP 76bf8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007663150d 2 bytes JMP 76bf8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076631525 2 bytes JMP 76bf8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007663153d 2 bytes JMP 76b6fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076631555 2 bytes JMP 76b76907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007663156d 2 bytes JMP 76bf9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076631585 2 bytes JMP 76bf8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007663159d 2 bytes JMP 76bf88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766315b5 2 bytes JMP 76b6fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766315cd 2 bytes JMP 76b7b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766316b2 2 bytes JMP 76bf90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766316bd 2 bytes JMP 76bf8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077c91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c91434 8 bytes [50, 5E, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c917be 8 bytes [40, 5E, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c91a94 8 bytes [30, 5E, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c91c15 8 bytes [20, 5E, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c91d7f 8 bytes [10, 5E, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c91e65 8 bytes [00, 5E, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077c920c8 8 bytes [F0, 5D, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cdbe00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cdbf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cdbfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cdc0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cdc180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cdc7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cdca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cdd260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007432146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074321a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077c91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c91434 8 bytes [50, 1E, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c917be 8 bytes [40, 1E, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c91a94 8 bytes [30, 1E, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c91c15 8 bytes [20, 1E, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c91d7f 8 bytes [10, 1E, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c91e65 8 bytes [00, 1E, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077c920c8 8 bytes [F0, 1D, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cdbe00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cdbf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cdbfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cdc0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cdc180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cdc7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cdca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cdd260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007432146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[5004] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074321a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077c91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c91434 8 bytes [50, 9E, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c917be 8 bytes [40, 9E, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c91a94 8 bytes [30, 9E, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c91c15 8 bytes [20, 9E, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c91d7f 8 bytes [10, 9E, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c91e65 8 bytes [00, 9E, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077c920c8 8 bytes [F0, 9D, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cdbe00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cdbf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cdbfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cdc0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cdc180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cdc7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cdca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cdd260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007432146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[5012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074321a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077c91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c91434 8 bytes [50, 1E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c917be 8 bytes [40, 1E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c91a94 8 bytes [30, 1E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c91c15 8 bytes [20, 1E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c91d7f 8 bytes [10, 1E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c91e65 8 bytes [00, 1E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077c920c8 8 bytes [F0, 1D, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cdbe00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cdbf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cdbfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cdc0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cdc180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cdc7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cdca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cdd260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007432146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5044] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074321a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077c91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c91434 8 bytes [50, 6E, EF, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c917be 8 bytes [40, 6E, EF, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c91a94 8 bytes [30, 6E, EF, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c91c15 8 bytes [20, 6E, EF, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c91d7f 8 bytes [10, 6E, EF, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c91e65 8 bytes [00, 6E, EF, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077c920c8 8 bytes [F0, 6D, EF, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cdbe00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cdbf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cdbfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cdc0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cdc180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cdc7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cdca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cdd260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007432146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074321a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076631401 2 bytes JMP 76b7b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076631419 2 bytes JMP 76b7b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076631431 2 bytes JMP 76bf9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007663144a 2 bytes CALL 76b54885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766314dd 2 bytes JMP 76bf8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766314f5 2 bytes JMP 76bf8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007663150d 2 bytes JMP 76bf8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076631525 2 bytes JMP 76bf8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007663153d 2 bytes JMP 76b6fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076631555 2 bytes JMP 76b76907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007663156d 2 bytes JMP 76bf9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076631585 2 bytes JMP 76bf8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007663159d 2 bytes JMP 76bf88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766315b5 2 bytes JMP 76b6fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766315cd 2 bytes JMP 76b7b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766316b2 2 bytes JMP 76bf90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766316bd 2 bytes JMP 76bf8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077c91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c91434 8 bytes [50, 0E, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c917be 8 bytes [40, 0E, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c91a94 8 bytes [30, 0E, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c91c15 8 bytes [20, 0E, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c91d7f 8 bytes [10, 0E, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c91e65 8 bytes [00, 0E, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077c920c8 8 bytes [F0, 0D, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cdbe00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cdbf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cdbfb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cdc0d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cdc180 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cdc7b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cdca00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cdd260 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007432146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074321a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077c91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c91434 8 bytes [50, 4E, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c917be 8 bytes [40, 4E, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c91a94 8 bytes [30, 4E, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c91c15 8 bytes [20, 4E, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c91d7f 8 bytes [10, 4E, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c91e65 8 bytes [00, 4E, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077c920c8 8 bytes [F0, 4D, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cdbe00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cdbf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cdbfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cdc0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cdc180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cdc7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cdca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cdd260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007432146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074321a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076631401 2 bytes JMP 76b7b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076631419 2 bytes JMP 76b7b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076631431 2 bytes JMP 76bf9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007663144a 2 bytes CALL 76b54885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766314dd 2 bytes JMP 76bf8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766314f5 2 bytes JMP 76bf8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007663150d 2 bytes JMP 76bf8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076631525 2 bytes JMP 76bf8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007663153d 2 bytes JMP 76b6fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076631555 2 bytes JMP 76b76907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007663156d 2 bytes JMP 76bf9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076631585 2 bytes JMP 76bf8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007663159d 2 bytes JMP 76bf88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766315b5 2 bytes JMP 76b6fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766315cd 2 bytes JMP 76b7b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766316b2 2 bytes JMP 76bf90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766316bd 2 bytes JMP 76bf8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077c91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c91434 8 bytes [50, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c917be 8 bytes [40, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c91a94 8 bytes [30, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c91c15 8 bytes [20, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c91d7f 8 bytes [10, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c91e65 8 bytes [00, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077c920c8 8 bytes [F0, 3D, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cdbe00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cdbf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cdbfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cdc0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cdc180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cdc7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cdca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cdd260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007432146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074321a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076631401 2 bytes JMP 76b7b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076631419 2 bytes JMP 76b7b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076631431 2 bytes JMP 76bf9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007663144a 2 bytes CALL 76b54885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766314dd 2 bytes JMP 76bf8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766314f5 2 bytes JMP 76bf8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007663150d 2 bytes JMP 76bf8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076631525 2 bytes JMP 76bf8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007663153d 2 bytes JMP 76b6fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076631555 2 bytes JMP 76b76907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007663156d 2 bytes JMP 76bf9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076631585 2 bytes JMP 76bf8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007663159d 2 bytes JMP 76bf88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766315b5 2 bytes JMP 76b6fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766315cd 2 bytes JMP 76b7b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766316b2 2 bytes JMP 76bf90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766316bd 2 bytes JMP 76bf8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077c91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c91434 8 bytes [50, 4E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c917be 8 bytes [40, 4E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c91a94 8 bytes [30, 4E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c91c15 8 bytes [20, 4E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c91d7f 8 bytes [10, 4E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c91e65 8 bytes [00, 4E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077c920c8 8 bytes [F0, 4D, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cdbe00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cdbf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cdbfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cdc0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cdc180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cdc7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cdca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cdd260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007432146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074321a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076631401 2 bytes JMP 76b7b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076631419 2 bytes JMP 76b7b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076631431 2 bytes JMP 76bf9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007663144a 2 bytes CALL 76b54885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766314dd 2 bytes JMP 76bf8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766314f5 2 bytes JMP 76bf8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007663150d 2 bytes JMP 76bf8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076631525 2 bytes JMP 76bf8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007663153d 2 bytes JMP 76b6fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076631555 2 bytes JMP 76b76907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007663156d 2 bytes JMP 76bf9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076631585 2 bytes JMP 76bf8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007663159d 2 bytes JMP 76bf88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766315b5 2 bytes JMP 76b6fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766315cd 2 bytes JMP 76b7b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766316b2 2 bytes JMP 76bf90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766316bd 2 bytes JMP 76bf8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077c91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c91434 8 bytes [50, BE, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c917be 8 bytes [40, BE, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c91a94 8 bytes [30, BE, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c91c15 8 bytes [20, BE, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c91d7f 8 bytes [10, BE, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c91e65 8 bytes [00, BE, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077c920c8 8 bytes [F0, BD, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cdbe00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cdbf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cdbfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cdc0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cdc180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cdc7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cdca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cdd260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007432146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5356] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074321a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077c91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c91434 8 bytes {PUSH RAX; OUT DX, AL; JMP 0x82} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c917be 8 bytes {OUT DX, AL; JMP 0x82} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c91a94 8 bytes {XOR DH, CH; JMP 0x82} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c91c15 8 bytes {AND DH, CH; JMP 0x82} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c91d7f 8 bytes {ADC DH, CH; JMP 0x82} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c91e65 8 bytes {ADD DH, CH; JMP 0x82} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077c920c8 8 bytes {IN EAX, DX; JMP 0x82} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cdbe00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cdbf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cdbfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cdc0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cdc180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cdc7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cdca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cdd260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007432146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe[5364] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074321a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077c91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c91434 8 bytes [50, 1E, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c917be 8 bytes [40, 1E, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c91a94 8 bytes [30, 1E, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c91c15 8 bytes [20, 1E, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c91d7f 8 bytes [10, 1E, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c91e65 8 bytes [00, 1E, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077c920c8 8 bytes [F0, 1D, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cdbe00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cdbf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cdbfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cdc0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cdc180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cdc7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cdca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cdd260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007432146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074321a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076631401 2 bytes JMP 76b7b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076631419 2 bytes JMP 76b7b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076631431 2 bytes JMP 76bf9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007663144a 2 bytes CALL 76b54885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766314dd 2 bytes JMP 76bf8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766314f5 2 bytes JMP 76bf8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007663150d 2 bytes JMP 76bf8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076631525 2 bytes JMP 76bf8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007663153d 2 bytes JMP 76b6fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076631555 2 bytes JMP 76b76907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007663156d 2 bytes JMP 76bf9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076631585 2 bytes JMP 76bf8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007663159d 2 bytes JMP 76bf88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766315b5 2 bytes JMP 76b6fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766315cd 2 bytes JMP 76b7b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766316b2 2 bytes JMP 76bf90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766316bd 2 bytes JMP 76bf8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077c91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c91434 8 bytes [50, 1E, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c917be 8 bytes [40, 1E, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c91a94 8 bytes [30, 1E, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c91c15 8 bytes [20, 1E, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c91d7f 8 bytes [10, 1E, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c91e65 8 bytes [00, 1E, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077c920c8 8 bytes [F0, 1D, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cdbe00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cdbf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cdbfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cdc0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cdc180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cdc7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cdca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cdd260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007432146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074321a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076631401 2 bytes JMP 76b7b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076631419 2 bytes JMP 76b7b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076631431 2 bytes JMP 76bf9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007663144a 2 bytes CALL 76b54885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766314dd 2 bytes JMP 76bf8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766314f5 2 bytes JMP 76bf8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007663150d 2 bytes JMP 76bf8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076631525 2 bytes JMP 76bf8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007663153d 2 bytes JMP 76b6fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076631555 2 bytes JMP 76b76907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007663156d 2 bytes JMP 76bf9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076631585 2 bytes JMP 76bf8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007663159d 2 bytes JMP 76bf88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766315b5 2 bytes JMP 76b6fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766315cd 2 bytes JMP 76b7b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766316b2 2 bytes JMP 76bf90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766316bd 2 bytes JMP 76bf8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077c91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c91434 8 bytes [50, 6E, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c917be 8 bytes [40, 6E, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c91a94 8 bytes [30, 6E, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c91c15 8 bytes [20, 6E, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c91d7f 8 bytes [10, 6E, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c91e65 8 bytes [00, 6E, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077c920c8 8 bytes [F0, 6D, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cdbe00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cdbf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cdbfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cdc0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cdc180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cdc7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cdca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cdd260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007432146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074321a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077c91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c91434 8 bytes [50, FE, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c917be 8 bytes [40, FE, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c91a94 8 bytes [30, FE, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c91c15 8 bytes [20, FE, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c91d7f 8 bytes [10, FE, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c91e65 8 bytes [00, FE, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077c920c8 8 bytes [F0, FD, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cdbe00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cdbf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cdbfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cdc0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cdc180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cdc7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cdca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cdd260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007432146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe[4888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074321a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077c91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c91434 8 bytes [50, 2E, F4, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c917be 8 bytes [40, 2E, F4, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c91a94 8 bytes [30, 2E, F4, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c91c15 8 bytes [20, 2E, F4, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c91d7f 8 bytes [10, 2E, F4, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c91e65 8 bytes [00, 2E, F4, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077c920c8 8 bytes [F0, 2D, F4, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cdbe00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cdbf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cdbfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cdc0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cdc180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cdc7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cdca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cdd260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007432146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5772] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074321a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000077c91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c91434 8 bytes [50, 6E, F6, 7E, 00, 00, 00, ...] .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c917be 8 bytes [40, 6E, F6, 7E, 00, 00, 00, ...] .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c91a94 8 bytes [30, 6E, F6, 7E, 00, 00, 00, ...] .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c91c15 8 bytes [20, 6E, F6, 7E, 00, 00, 00, ...] .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c91d7f 8 bytes [10, 6E, F6, 7E, 00, 00, 00, ...] .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c91e65 8 bytes [00, 6E, F6, 7E, 00, 00, 00, ...] .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000077c920c8 8 bytes [F0, 6D, F6, 7E, 00, 00, 00, ...] .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cdbe00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cdbf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cdbfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cdc0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cdc180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cdc7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cdca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cdd260 8 bytes {JMP QWORD [RIP-0x4b401]} .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007432146b 8 bytes {JMP 0xffffffffffffffb0} .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text F:\7. FIXITPC_PL\GMER\dy8j249l.exe[5728] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074321a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88004efe750] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\AUDIODG.EXE[1408] @ C:\Windows\system32\AUDIODG.EXE[ntdll.dll!NtClose] [77e40010] IAT C:\Windows\system32\AUDIODG.EXE[1408] @ C:\Windows\system32\AUDIODG.EXE[ntdll.dll!NtAlpcSendWaitReceivePort] [77e40000] IAT C:\Windows\system32\AUDIODG.EXE[1408] @ C:\Windows\System32\kernel32.dll[ntdll.dll!NtClose] [77e40010] IAT C:\Windows\system32\AUDIODG.EXE[1408] @ C:\Windows\System32\KERNELBASE.dll[ntdll.dll!NtClose] [77e40010] IAT C:\Windows\system32\AUDIODG.EXE[1408] @ C:\Windows\System32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [77e40000] IAT C:\Windows\system32\AUDIODG.EXE[1408] @ C:\Windows\System32\RPCRT4.dll[ntdll.dll!NtClose] [77e40010] IAT C:\Windows\system32\AUDIODG.EXE[1408] @ C:\Windows\System32\USER32.dll[ntdll.dll!NtClose] [77e40010] IAT C:\Windows\system32\AUDIODG.EXE[1408] @ C:\Windows\System32\GDI32.dll[ntdll.dll!NtClose] [77e40010] IAT C:\Windows\system32\AUDIODG.EXE[1408] @ C:\Windows\System32\ole32.dll[ntdll.dll!NtClose] [77e40010] IAT C:\Windows\system32\AUDIODG.EXE[1408] @ C:\Windows\system32\MSCTF.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [77e40000] IAT C:\Windows\system32\AUDIODG.EXE[1408] @ C:\Windows\system32\MSCTF.dll[ntdll.dll!NtClose] [77e40010] IAT C:\Windows\system32\AUDIODG.EXE[1408] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtClose] [77e40010] IAT C:\Windows\system32\AUDIODG.EXE[1408] @ C:\Windows\system32\CRYPTBASE.dll[ntdll.dll!NtClose] [77e40010] IAT C:\Windows\system32\AUDIODG.EXE[1408] @ C:\Windows\system32\RpcRtRemote.dll[ntdll.dll!NtClose] [77e40010] IAT C:\Windows\system32\AUDIODG.EXE[1408] @ C:\Windows\system32\ntmarta.dll[ntdll.dll!NtClose] [77e40010] IAT C:\Windows\system32\AUDIODG.EXE[1408] @ C:\Windows\system32\CRYPTSP.dll[ntdll.dll!NtClose] [77e40010] IAT C:\Windows\system32\AUDIODG.EXE[1408] @ C:\Windows\system32\rsaenh.dll[ntdll.dll!NtClose] [77e40010] IAT C:\Windows\system32\AUDIODG.EXE[1408] @ C:\Windows\System32\audioses.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [77e40000] IAT C:\Windows\system32\AUDIODG.EXE[1408] @ C:\Windows\System32\AVRT.dll[ntdll.dll!NtClose] [77e40010] IAT C:\Windows\system32\AUDIODG.EXE[1408] @ C:\Windows\System32\AVRT.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [77e40000] IAT C:\Windows\system32\AUDIODG.EXE[1408] @ C:\Windows\system32\SETUPAPI.dll[ntdll.dll!NtClose] [77e40010] IAT C:\Windows\system32\AUDIODG.EXE[1408] @ C:\Windows\System32\CRYPT32.dll[ntdll.dll!NtClose] [77e40010] ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC2 0x24 0xAF 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC2 0x24 0xAF 0x00 ... ---- EOF - GMER 2.2 ----