GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-07 22:53:58 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000073 SanDisk_ rev.2.0. 119,24GB Running: hw7j5kdl.exe; Driver: C:\Users\Efik\AppData\Local\Temp\pwddqpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000772efaa8 5 bytes JMP 0000000171c618dd .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000772f0038 5 bytes JMP 0000000171c61ed6 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074e49d0b 5 bytes JMP 000000011000a4d0 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000074e49d4e 5 bytes JMP 000000011000a630 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000071e2451e 5 bytes JMP 000000011000ab40 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000071e24b6d 5 bytes JMP 000000011000abb0 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000071e24bf2 5 bytes JMP 000000011000ac90 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000071e24f0f 5 bytes JMP 000000011000ac50 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000071e24f7b 5 bytes JMP 000000011000ac10 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000071e29054 5 bytes JMP 000000011000ad10 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000071e2adf9 5 bytes JMP 000000011000abe0 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000071e452e8 5 bytes JMP 000000011000acd0 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000071e4535f 5 bytes JMP 000000011000acf0 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000071e459cc 5 bytes JMP 000000011000ae40 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000071e45a6a 5 bytes JMP 000000011000aec0 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000071e45ad7 5 bytes JMP 000000011000af00 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000071e45b5b 5 bytes JMP 000000011000af40 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000071e45bba 5 bytes JMP 000000011000af80 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000071e45bee 5 bytes JMP 000000011000b000 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000071e45c22 5 bytes JMP 000000011000b060 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000071e45c67 5 bytes JMP 000000011000b0d0 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000072747e3d 5 bytes JMP 000000011000a690 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000007277de69 5 bytes JMP 000000011000a770 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000007278d2c5 5 bytes JMP 000000011000a8a0 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000007278d371 5 bytes JMP 000000011000a990 .text C:\Windows\SysWOW64\HsMgr.exe[2760] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000007278d429 5 bytes JMP 000000011000aa80 .text C:\Windows\system\HsMgr64.exe[2768] C:\Windows\system32\WINMM.dll!waveOutClose 000007fef98936ac 5 bytes JMP 000007fefec901f0 .text C:\Windows\system\HsMgr64.exe[2768] C:\Windows\system32\WINMM.dll!waveOutUnprepareHeader 000007fef9893770 5 bytes JMP 000007fefec90298 .text C:\Windows\system\HsMgr64.exe[2768] C:\Windows\system32\WINMM.dll!waveOutOpen 000007fef98938d0 5 bytes JMP 000007fefec901b8 .text C:\Windows\system\HsMgr64.exe[2768] C:\Windows\system32\WINMM.dll!waveOutPrepareHeader 000007fef9893ca4 5 bytes JMP 000007fefec90260 .text C:\Windows\system\HsMgr64.exe[2768] C:\Windows\system32\WINMM.dll!waveOutWrite 000007fef9893d40 5 bytes JMP 000007fefec90228 .text C:\Windows\system\HsMgr64.exe[2768] C:\Windows\system32\WINMM.dll!waveInOpen 000007fef9897fe0 7 bytes JMP 000007fefec90378 .text C:\Windows\system\HsMgr64.exe[2768] C:\Windows\system32\WINMM.dll!waveOutReset 000007fef989a38c 5 bytes JMP 000007fefec902d0 .text C:\Windows\system\HsMgr64.exe[2768] C:\Windows\system32\WINMM.dll!waveOutGetVolume 000007fef98b49f0 5 bytes JMP 000007fefec90308 .text C:\Windows\system\HsMgr64.exe[2768] C:\Windows\system32\WINMM.dll!waveOutSetVolume 000007fef98b4ab0 5 bytes JMP 000007fefec90340 .text C:\Windows\system\HsMgr64.exe[2768] C:\Windows\system32\WINMM.dll!waveInClose 000007fef98b52e0 5 bytes JMP 000007fefec903b0 .text C:\Windows\system\HsMgr64.exe[2768] C:\Windows\system32\WINMM.dll!waveInPrepareHeader 000007fef98b53c0 5 bytes JMP 000007fefec90490 .text C:\Windows\system\HsMgr64.exe[2768] C:\Windows\system32\WINMM.dll!waveInUnprepareHeader 000007fef98b5454 5 bytes JMP 000007fefec904c8 .text C:\Windows\system\HsMgr64.exe[2768] C:\Windows\system32\WINMM.dll!waveInAddBuffer 000007fef98b5514 5 bytes JMP 000007fefec90500 .text C:\Windows\system\HsMgr64.exe[2768] C:\Windows\system32\WINMM.dll!waveInStart 000007fef98b55a4 6 bytes JMP 000007fefec903e8 .text C:\Windows\system\HsMgr64.exe[2768] C:\Windows\system32\WINMM.dll!waveInStop 000007fef98b55e4 6 bytes JMP 000007fefec90420 .text C:\Windows\system\HsMgr64.exe[2768] C:\Windows\system32\WINMM.dll!waveInReset 000007fef98b5624 5 bytes JMP 000007fefec90458 .text C:\Windows\system\HsMgr64.exe[2768] C:\Windows\system32\WINMM.dll!waveInGetPosition 000007fef98b567c 5 bytes JMP 000007fefec90538 .text C:\Windows\system\HsMgr64.exe[2768] C:\Windows\system32\DSOUND.dll!DirectSoundCreate8 000007fef3c76944 7 bytes JMP 000007fefec90180 .text C:\Windows\system\HsMgr64.exe[2768] C:\Windows\system32\DSOUND.dll!DirectSoundCreate 000007fef3c95a84 7 bytes JMP 000007fefec90148 .text C:\Windows\system\HsMgr64.exe[2768] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate 000007fef3c95b90 7 bytes JMP 000007fefec90570 .text C:\Windows\system\HsMgr64.exe[2768] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate8 000007fef3c95c94 7 bytes JMP 000007fefec905a8 .text C:\Windows\system\HsMgr64.exe[2768] C:\Windows\system32\DSOUND.dll!DirectSoundFullDuplexCreate 000007fef3c95da8 5 bytes JMP 000007fefec905e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074e49d0b 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000074e49d4e 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000071e2451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000071e24b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000071e24bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000071e24f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000071e24f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000071e29054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000071e2adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000071e452e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000071e4535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000071e459cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000071e45a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000071e45ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000071e45b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000071e45bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000071e45bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000071e45c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000071e45c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000072747e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000007277de69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000007278d2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000007278d371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000007278d429 5 bytes JMP 000000011000aa80 .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000772ef9e0 5 bytes JMP 000000016fa5f270 .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 00000000772efa28 5 bytes JMP 000000016fa5f8d2 .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 00000000772efa40 5 bytes JMP 000000016fa5e00d .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 00000000772efa90 5 bytes JMP 000000016fa5db69 .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000772efaa8 5 bytes JMP 000000016fa5de5a .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 00000000772efb40 5 bytes JMP 000000016fa5fb12 .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 00000000772efc38 5 bytes JMP 000000016fa6accc .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 00000000772efd4c 5 bytes JMP 000000016fa5d9b1 .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000772efd64 5 bytes JMP 000000016fa6a2ee .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 00000000772efd98 5 bytes JMP 000000016fa6a5e9 .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000772efe44 5 bytes JMP 000000016fa5ee45 .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 00000000772efe5c 5 bytes JMP 000000016fa6a417 .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000772f00b4 5 bytes JMP 000000016fa6a133 .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000772f01c4 5 bytes JMP 000000016fa5e1b5 .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtCreateKeyTransacted 00000000772f0754 5 bytes JMP 000000016fa5fbb4 .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 00000000772f09e4 5 bytes JMP 000000016fa6a32b .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 00000000772f09fc 5 bytes JMP 000000016fa5d785 .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 00000000772f0a44 5 bytes JMP 000000016fa5e36b .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 00000000772f0b80 5 bytes JMP 000000016fa5d89b .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 00000000772f0f70 5 bytes JMP 000000016fa5e7f8 .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772f0f88 5 bytes JMP 000000016fa5e994 .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 00000000772f1018 5 bytes JMP 000000016fa5f95f .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransacted 00000000772f1030 5 bytes JMP 000000016fa5fa82 .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransactedEx 00000000772f1048 5 bytes JMP 000000016fa5f9ef .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 00000000772f133c 5 bytes JMP 000000016fa6a500 .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 00000000772f147c 5 bytes JMP 000000016fa5e66b .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 00000000772f1528 5 bytes JMP 000000016fa5eb58 .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey 00000000772f1718 5 bytes JMP 000000016fa5e4e3 .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 00000000772f1a58 5 bytes JMP 000000016fa5dd12 .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 00000000772f1b9c 5 bytes JMP 000000016fa5ecda .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 000000016fa435da .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 000000016fa43a3e .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c965 5 bytes JMP 000000016fa436f4 .text C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[2684] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075482c51 5 bytes JMP 000000016fa43938 .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770f11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770f1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770f143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770f158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770f191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770f1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770f1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770f1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770f1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770f1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770f1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770f1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770f1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770f2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770f2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770f2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770f27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770f27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770f282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770f2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770f2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770f2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770f3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770f323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770f33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770f3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770f3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770f3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770f3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770f4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077141380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077141500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077141530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077141650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077141700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077141d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077141f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771427e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074c213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074c2146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074c216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074c216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074c219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074c219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074c21a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074c21a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074c21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[4480] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074c21a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770f11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770f1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770f143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770f158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770f191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770f1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770f1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770f1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770f1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770f1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770f1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770f1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770f1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770f2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770f2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770f2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770f27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770f27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770f282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770f2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770f2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770f2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770f3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770f323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770f33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770f3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770f3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770f3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770f3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770f4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077141380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077141500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077141530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077141650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077141700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077141d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077141f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771427e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074c213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074c2146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074c216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074c216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074c219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074c219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074c21a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074c21a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074c21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074c21a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770f11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770f1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770f143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770f158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770f191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770f1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770f1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770f1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770f1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770f1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770f1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770f1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770f1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770f2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770f2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770f2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770f27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770f27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770f282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770f2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770f2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770f2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770f3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770f323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770f33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770f3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770f3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770f3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770f3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770f4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077141380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077141500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077141530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077141650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077141700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077141d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077141f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771427e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074c213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074c2146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074c216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074c216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074c219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074c219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074c21a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074c21a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074c21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074c21a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c11465 2 bytes [C1, 76] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c114bb 2 bytes [C1, 76] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770f11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770f1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770f143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770f158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770f191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770f1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770f1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770f1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770f1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770f1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770f1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770f1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770f1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770f2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770f2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770f2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770f27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770f27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770f282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770f2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770f2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770f2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770f3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770f323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770f33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770f3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770f3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770f3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770f3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770f4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077141380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077141500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077141530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077141650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077141700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077141d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077141f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771427e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074c213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074c2146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074c216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074c216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074c219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074c219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074c21a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074c21a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074c21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074c21a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770f11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770f1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770f143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770f158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770f191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770f1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770f1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770f1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770f1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770f1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770f1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770f1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770f1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770f2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770f2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770f2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770f27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770f27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770f282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770f2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770f2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770f2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770f3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770f323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770f33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770f3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770f3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770f3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770f3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770f4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077141380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077141500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077141530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077141650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077141700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077141d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077141f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771427e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074c213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074c2146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074c216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074c216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074c219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074c219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074c21a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074c21a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074c21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[5124] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074c21a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770f11f5 8 bytes {JMP 0xd} .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770f1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770f143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770f158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770f191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770f1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770f1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770f1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770f1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770f1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770f1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770f1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770f1fd7 8 bytes {JMP 0xb} .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770f2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770f2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770f2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770f27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770f27d2 8 bytes {JMP 0x10} .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770f282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770f2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770f2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770f2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770f3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770f323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770f33c0 16 bytes {JMP 0x4e} .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770f3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770f3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770f3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770f3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770f4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077141380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077141500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077141530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077141650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077141700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077141d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077141f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771427e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074c213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074c2146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074c216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074c216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074c219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074c219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074c21a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074c21a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074c21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074c21a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074e49d0b 5 bytes JMP 000000011000a4d0 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000074e49d4e 5 bytes JMP 000000011000a630 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000071e2451e 5 bytes JMP 000000011000ab40 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000071e24b6d 5 bytes JMP 000000011000abb0 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000071e24bf2 5 bytes JMP 000000011000ac90 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000071e24f0f 5 bytes JMP 000000011000ac50 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000071e24f7b 5 bytes JMP 000000011000ac10 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000071e29054 5 bytes JMP 000000011000ad10 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000071e2adf9 5 bytes JMP 000000011000abe0 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000071e452e8 5 bytes JMP 000000011000acd0 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000071e4535f 5 bytes JMP 000000011000acf0 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000071e459cc 5 bytes JMP 000000011000ae40 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000071e45a6a 5 bytes JMP 000000011000aec0 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000071e45ad7 5 bytes JMP 000000011000af00 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000071e45b5b 5 bytes JMP 000000011000af40 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000071e45bba 5 bytes JMP 000000011000af80 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000071e45bee 5 bytes JMP 000000011000b000 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000071e45c22 5 bytes JMP 000000011000b060 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000071e45c67 5 bytes JMP 000000011000b0d0 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000072747e3d 5 bytes JMP 000000011000a690 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000007277de69 5 bytes JMP 000000011000a770 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000007278d2c5 5 bytes JMP 000000011000a8a0 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000007278d371 5 bytes JMP 000000011000a990 .text C:\Users\Efik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6060] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000007278d429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770f11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770f1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770f143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770f158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770f191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770f1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770f1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770f1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770f1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770f1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770f1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770f1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770f1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770f2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770f2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770f2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770f27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770f27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770f282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770f2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770f2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770f2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770f3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770f323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770f33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770f3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770f3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770f3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770f3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770f4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077141380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077141500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077141530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077141650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077141700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077141d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077141f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771427e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074c213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074c2146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074c216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074c216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074c219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074c219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074c21a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074c21a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074c21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074c21a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770f11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770f1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770f143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770f158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770f191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770f1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770f1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770f1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770f1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770f1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770f1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770f1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770f1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770f2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770f2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770f2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770f27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770f27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770f282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770f2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770f2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770f2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770f3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770f323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770f33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770f3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770f3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770f3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770f3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770f4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077141380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077141500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077141530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077141650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077141700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077141d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077141f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771427e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074c213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074c2146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074c216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074c216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074c219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074c219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074c21a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074c21a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074c21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074c21a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770f11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770f1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770f143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770f158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770f191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770f1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770f1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770f1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770f1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770f1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770f1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770f1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770f1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770f2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770f2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770f2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770f27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770f27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770f282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770f2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770f2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770f2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770f3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770f323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770f33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770f3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770f3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770f3b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770f3d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770f4190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077141380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077141500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077141530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077141650 8 bytes JMP a23f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077141700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077141d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077141f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771427e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074c213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074c2146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074c216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074c216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074c219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074c219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074c21a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074c21a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074c21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074c21a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770f11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770f1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770f143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770f158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770f191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770f1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770f1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770f1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770f1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770f1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770f1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770f1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770f1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770f2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770f2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770f2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770f27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770f27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770f282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770f2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770f2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770f2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770f3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770f323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770f33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770f3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770f3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770f3b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770f3d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770f4190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077141380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077141500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077141530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077141650 8 bytes JMP a23f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077141700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077141d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077141f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771427e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074c213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074c2146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074c216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074c216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074c219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074c219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074c21a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074c21a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074c21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074c21a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770f11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770f1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770f143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770f158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770f191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770f1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770f1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770f1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770f1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770f1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770f1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770f1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770f1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770f2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770f2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770f2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770f27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770f27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770f282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770f2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770f2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770f2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770f3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770f323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770f33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770f3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770f3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770f3b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770f3d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770f4190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077141380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077141500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077141530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077141650 8 bytes JMP a23f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077141700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077141d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077141f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771427e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074c213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074c2146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074c216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074c216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074c219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074c219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074c21a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074c21a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074c21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074c21a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770f11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770f1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770f143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770f158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770f191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770f1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770f1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770f1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770f1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770f1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770f1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770f1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770f1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770f2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770f2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770f2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770f27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770f27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770f282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770f2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770f2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770f2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770f3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770f323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770f33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770f3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770f3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770f3b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770f3d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770f4190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077141380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077141500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077141530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077141650 8 bytes JMP a23f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077141700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077141d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077141f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771427e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074c213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074c2146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074c216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074c216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074c219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074c219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074c21a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074c21a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074c21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074c21a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770f11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770f1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770f143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770f158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770f191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770f1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770f1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770f1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770f1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770f1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770f1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770f1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770f1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770f2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770f2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770f2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770f27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770f27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770f282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770f2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770f2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770f2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770f3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770f323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770f33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770f3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770f3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770f3b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770f3d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770f4190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077141380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077141500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077141530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077141650 8 bytes JMP a23f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077141700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077141d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077141f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771427e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074c213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074c2146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074c216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074c216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074c219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074c219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074c21a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074c21a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074c21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074c21a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770f11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770f1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770f143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770f158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770f191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770f1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770f1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770f1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770f1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770f1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770f1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770f1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770f1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770f2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770f2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770f2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770f27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770f27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770f282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770f2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770f2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770f2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770f3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770f323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770f33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770f3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770f3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770f3b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770f3d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770f4190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077141380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077141500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077141530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077141650 8 bytes JMP a23f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077141700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077141d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077141f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771427e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074c213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074c2146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074c216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074c216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074c219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074c219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074c21a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074c21a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074c21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074c21a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770f11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770f1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770f143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770f158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770f191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770f1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770f1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770f1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770f1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770f1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770f1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770f1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770f1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770f2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770f2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770f2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770f27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770f27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770f282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770f2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770f2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770f2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770f3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770f323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770f33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770f3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770f3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770f3b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770f3d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770f4190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077141380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077141500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077141530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077141650 8 bytes JMP a23f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077141700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077141d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077141f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771427e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074c213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074c2146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074c216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074c216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074c219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074c219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074c21a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074c21a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074c21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074c21a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770f11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770f1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770f143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770f158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770f191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770f1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770f1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770f1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770f1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770f1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770f1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770f1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770f1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770f2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770f2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770f2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770f27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770f27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770f282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770f2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770f2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770f2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770f3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770f323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770f33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770f3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770f3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770f3b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770f3d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770f4190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077141380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077141500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077141530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077141650 8 bytes JMP a23f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077141700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077141d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077141f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771427e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074c213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074c2146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074c216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074c216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074c219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074c219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074c21a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074c21a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074c21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2168] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074c21a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770f11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770f1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770f143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770f158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770f191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770f1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770f1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770f1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770f1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770f1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770f1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770f1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770f1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770f2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770f2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770f2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770f27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770f27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770f282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770f2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770f2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770f2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770f3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770f323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770f33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770f3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770f3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770f3b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770f3d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770f4190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077141380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077141500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077141530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077141650 8 bytes JMP a23f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077141700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077141d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077141f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771427e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074c213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074c2146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074c216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074c216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074c219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074c219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074c21a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074c21a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074c21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074c21a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770f11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770f1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770f143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770f158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770f191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770f1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770f1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770f1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770f1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770f1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770f1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770f1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770f1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770f2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770f2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770f2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770f27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770f27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770f282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770f2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770f2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770f2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770f3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770f323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770f33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770f3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770f3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770f3b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770f3d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770f4190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077141380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077141500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077141530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077141650 8 bytes JMP a23f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077141700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077141d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077141f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771427e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074c213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074c2146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074c216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074c216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074c219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074c219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074c21a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074c21a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074c21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074c21a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770f11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770f1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770f143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770f158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770f191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770f1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770f1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770f1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770f1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770f1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770f1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770f1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770f1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770f2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770f2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770f2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770f27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770f27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770f282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770f2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770f2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770f2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770f3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770f323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770f33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770f3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770f3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770f3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770f3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770f4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077141380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077141500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077141530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077141650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077141700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077141d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077141f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771427e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074c213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074c2146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074c216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074c216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074c219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074c219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074c21a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074c21a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074c21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074c21a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074e49d0b 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000074e49d4e 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000071e2451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000071e24b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000071e24bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000071e24f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000071e24f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000071e29054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000071e2adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000071e452e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000071e4535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000071e459cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000071e45a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000071e45ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000071e45b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000071e45bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000071e45bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000071e45c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000071e45c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000072747e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000007277de69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000007278d2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000007278d371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe[6452] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000007278d429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770f11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770f1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770f143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770f158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770f191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770f1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770f1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770f1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770f1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770f1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770f1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770f1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770f1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770f2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770f2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770f2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770f27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770f27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770f282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770f2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770f2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770f2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770f3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770f323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770f33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770f3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770f3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770f3b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770f3d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770f4190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077141380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077141500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077141530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077141650 8 bytes JMP a23f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077141700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077141d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077141f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771427e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074c213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074c2146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074c216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074c216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074c219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074c219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074c21a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074c21a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074c21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074c21a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770f11f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770f1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770f143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770f158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770f191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770f1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770f1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770f1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770f1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770f1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770f1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770f1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770f1fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770f2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770f2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770f2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770f27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770f27d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770f282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770f2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770f2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770f2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770f3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770f323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770f33c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770f3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770f3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770f3b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770f3d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770f4190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077141380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077141500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077141530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077141650 8 bytes JMP a23f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077141700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077141d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077141f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771427e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074c213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074c2146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074c216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074c216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074c219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074c219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074c21a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074c21a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074c21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074c21a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770f11f5 8 bytes {JMP 0xd} .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770f1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770f143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770f158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770f191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770f1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770f1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770f1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770f1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770f1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770f1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770f1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770f1fd7 8 bytes {JMP 0xb} .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770f2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770f2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770f2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770f27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770f27d2 8 bytes {JMP 0x10} .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770f282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770f2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770f2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770f2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770f3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770f323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770f33c0 16 bytes {JMP 0x4e} .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770f3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770f3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770f3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770f3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770f4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077141380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077141500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077141530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077141650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077141700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077141d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077141f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771427e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074c213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074c2146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074c216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074c216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074c219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074c219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074c21a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074c21a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074c21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Efik\Desktop\hw7\hw7j5kdl.exe[5452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074c21a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88004a7ffb0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5492:5872] 000007fefb212a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5492:5880] 000007fee6ef4830 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2008] (GG drive overlay/GG Network S.A.)(2013-05-15 12:39:16) 000000005c080000 ---- EOF - GMER 2.1 ----