GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-11 21:58:15 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 OCZ-VERTEX4 rev.1.5 238,47GB Running: 06jvf4pi.exe; Driver: C:\Users\NASTOW~1\AppData\Local\Temp\uwddqpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Users\NAS Tower\AppData\Roaming\03000200-1426602356-0500-0006-000700080009\jnsd5E64.tmp[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b01401 2 bytes JMP 7678b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\NAS Tower\AppData\Roaming\03000200-1426602356-0500-0006-000700080009\jnsd5E64.tmp[1836] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b01419 2 bytes JMP 7678b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\NAS Tower\AppData\Roaming\03000200-1426602356-0500-0006-000700080009\jnsd5E64.tmp[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b01431 2 bytes JMP 76808ea9 C:\Windows\syswow64\kernel32.dll .text C:\Users\NAS Tower\AppData\Roaming\03000200-1426602356-0500-0006-000700080009\jnsd5E64.tmp[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b0144a 2 bytes CALL 767648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\NAS Tower\AppData\Roaming\03000200-1426602356-0500-0006-000700080009\jnsd5E64.tmp[1836] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b014dd 2 bytes JMP 768087a2 C:\Windows\syswow64\kernel32.dll .text C:\Users\NAS Tower\AppData\Roaming\03000200-1426602356-0500-0006-000700080009\jnsd5E64.tmp[1836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b014f5 2 bytes JMP 76808978 C:\Windows\syswow64\kernel32.dll .text C:\Users\NAS Tower\AppData\Roaming\03000200-1426602356-0500-0006-000700080009\jnsd5E64.tmp[1836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b0150d 2 bytes JMP 76808698 C:\Windows\syswow64\kernel32.dll .text C:\Users\NAS Tower\AppData\Roaming\03000200-1426602356-0500-0006-000700080009\jnsd5E64.tmp[1836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b01525 2 bytes JMP 76808a62 C:\Windows\syswow64\kernel32.dll .text C:\Users\NAS Tower\AppData\Roaming\03000200-1426602356-0500-0006-000700080009\jnsd5E64.tmp[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b0153d 2 bytes JMP 7677fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\NAS Tower\AppData\Roaming\03000200-1426602356-0500-0006-000700080009\jnsd5E64.tmp[1836] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b01555 2 bytes JMP 767868ef C:\Windows\syswow64\kernel32.dll .text C:\Users\NAS Tower\AppData\Roaming\03000200-1426602356-0500-0006-000700080009\jnsd5E64.tmp[1836] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b0156d 2 bytes JMP 76808f61 C:\Windows\syswow64\kernel32.dll .text C:\Users\NAS Tower\AppData\Roaming\03000200-1426602356-0500-0006-000700080009\jnsd5E64.tmp[1836] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b01585 2 bytes JMP 76808ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\NAS Tower\AppData\Roaming\03000200-1426602356-0500-0006-000700080009\jnsd5E64.tmp[1836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b0159d 2 bytes JMP 7680865c C:\Windows\syswow64\kernel32.dll .text C:\Users\NAS Tower\AppData\Roaming\03000200-1426602356-0500-0006-000700080009\jnsd5E64.tmp[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b015b5 2 bytes JMP 7677fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\NAS Tower\AppData\Roaming\03000200-1426602356-0500-0006-000700080009\jnsd5E64.tmp[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b015cd 2 bytes JMP 7678b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\NAS Tower\AppData\Roaming\03000200-1426602356-0500-0006-000700080009\jnsd5E64.tmp[1836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b016b2 2 bytes JMP 76808e24 C:\Windows\syswow64\kernel32.dll .text C:\Users\NAS Tower\AppData\Roaming\03000200-1426602356-0500-0006-000700080009\jnsd5E64.tmp[1836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b016bd 2 bytes JMP 768085f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b01401 2 bytes JMP 7678b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[1908] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b01419 2 bytes JMP 7678b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b01431 2 bytes JMP 76808ea9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b0144a 2 bytes CALL 767648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\rundll32.exe[1908] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b014dd 2 bytes JMP 768087a2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b014f5 2 bytes JMP 76808978 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[1908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b0150d 2 bytes JMP 76808698 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b01525 2 bytes JMP 76808a62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b0153d 2 bytes JMP 7677fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[1908] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b01555 2 bytes JMP 767868ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b0156d 2 bytes JMP 76808f61 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b01585 2 bytes JMP 76808ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[1908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b0159d 2 bytes JMP 7680865c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b015b5 2 bytes JMP 7677fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b015cd 2 bytes JMP 7678b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b016b2 2 bytes JMP 76808e24 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b016bd 2 bytes JMP 768085f1 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b01401 2 bytes JMP 7678b21b C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2104] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b01419 2 bytes JMP 7678b346 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b01431 2 bytes JMP 76808ea9 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b0144a 2 bytes CALL 767648ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2104] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b014dd 2 bytes JMP 768087a2 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b014f5 2 bytes JMP 76808978 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b0150d 2 bytes JMP 76808698 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b01525 2 bytes JMP 76808a62 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b0153d 2 bytes JMP 7677fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2104] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b01555 2 bytes JMP 767868ef C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b0156d 2 bytes JMP 76808f61 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b01585 2 bytes JMP 76808ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b0159d 2 bytes JMP 7680865c C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b015b5 2 bytes JMP 7677fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b015cd 2 bytes JMP 7678b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b016b2 2 bytes JMP 76808e24 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b016bd 2 bytes JMP 768085f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b01401 2 bytes JMP 7678b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe[2260] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b01419 2 bytes JMP 7678b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b01431 2 bytes JMP 76808ea9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b0144a 2 bytes CALL 767648ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe[2260] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b014dd 2 bytes JMP 768087a2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b014f5 2 bytes JMP 76808978 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe[2260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b0150d 2 bytes JMP 76808698 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b01525 2 bytes JMP 76808a62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b0153d 2 bytes JMP 7677fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe[2260] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b01555 2 bytes JMP 767868ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b0156d 2 bytes JMP 76808f61 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b01585 2 bytes JMP 76808ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe[2260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b0159d 2 bytes JMP 7680865c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b015b5 2 bytes JMP 7677fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b015cd 2 bytes JMP 7678b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b016b2 2 bytes JMP 76808e24 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b016bd 2 bytes JMP 768085f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d327d2 8 bytes {JMP 0x10} .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d368d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d3692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d37166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d37dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d37e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d81380 8 bytes {JMP QWORD [RIP-0x4a220]} .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d81500 8 bytes {JMP QWORD [RIP-0x49cef]} .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d81530 8 bytes {JMP QWORD [RIP-0x4ac62]} .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d81650 8 bytes {JMP QWORD [RIP-0x4a80f]} .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d81700 8 bytes {JMP QWORD [RIP-0x4adda]} .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d81d30 8 bytes {JMP QWORD [RIP-0x49edf]} .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d81f80 8 bytes {JMP QWORD [RIP-0x4a1b5]} .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d827e0 8 bytes {JMP QWORD [RIP-0x4ab13]} .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000733a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000733a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000733a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000733a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000733a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000733a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000070a817fa 2 bytes CALL 767611a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000070a81860 2 bytes CALL 767611a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000070a81942 2 bytes JMP 74907089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000070a8194d 2 bytes JMP 7490cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d327d2 8 bytes {JMP 0x10} .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d368d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d3692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d37166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d37dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d37e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d81380 8 bytes {JMP QWORD [RIP-0x4a220]} .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d81500 8 bytes {JMP QWORD [RIP-0x49cef]} .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d81530 8 bytes {JMP QWORD [RIP-0x4ac62]} .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d81650 8 bytes {JMP QWORD [RIP-0x4a80f]} .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d81700 8 bytes {JMP QWORD [RIP-0x4adda]} .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d81d30 8 bytes {JMP QWORD [RIP-0x49edf]} .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d81f80 8 bytes {JMP QWORD [RIP-0x4a1b5]} .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d827e0 8 bytes {JMP QWORD [RIP-0x4ab13]} .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000733a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000733a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000733a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000733a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000733a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000733a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d327d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d368d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d3692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d37166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d37dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d37e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d81380 8 bytes {JMP QWORD [RIP-0x4a220]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d81500 8 bytes {JMP QWORD [RIP-0x49cef]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d81530 8 bytes {JMP QWORD [RIP-0x4ac62]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d81650 8 bytes {JMP QWORD [RIP-0x4a80f]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d81700 8 bytes {JMP QWORD [RIP-0x4adda]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d81d30 8 bytes {JMP QWORD [RIP-0x49edf]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d81f80 8 bytes {JMP QWORD [RIP-0x4a1b5]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d827e0 8 bytes {JMP QWORD [RIP-0x4ab13]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000733a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000733a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000733a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000733a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000733a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[2928] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000733a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d327d2 8 bytes {JMP 0x10} .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d368d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d3692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d37166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d37dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d37e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d81380 8 bytes {JMP QWORD [RIP-0x4a220]} .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d81500 8 bytes {JMP QWORD [RIP-0x49cef]} .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d81530 8 bytes {JMP QWORD [RIP-0x4ac62]} .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d81650 8 bytes {JMP QWORD [RIP-0x4a80f]} .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d81700 8 bytes {JMP QWORD [RIP-0x4adda]} .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d81d30 8 bytes {JMP QWORD [RIP-0x49edf]} .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d81f80 8 bytes {JMP QWORD [RIP-0x4a1b5]} .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d827e0 8 bytes {JMP QWORD [RIP-0x4ab13]} .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000733a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000733a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000733a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000733a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000733a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\gghub.exe[4016] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000733a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d327d2 8 bytes {JMP 0x10} .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d368d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d3692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d37166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d37dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d37e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d81380 8 bytes JMP 3f3f3f3f .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d81500 8 bytes JMP 3f3f3f3f .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d81530 8 bytes JMP 3f3f3f3f .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d81650 8 bytes JMP 3f3f3f3f .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d81700 8 bytes JMP 3f3f3f3f .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d81d30 8 bytes JMP 3f3f3f3f .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d81f80 8 bytes JMP 3f3f3f3f .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d827e0 8 bytes JMP 3f3f3f3f .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000733a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000733a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000733a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000733a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000733a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\AppData\Local\GG\Application\ggapp.exe[3152] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000733a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d327d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d368d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d3692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d37166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d37dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d37e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d81380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d81500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d81530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d81650 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d81700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d81d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d81f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d827e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000733a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000733a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000733a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000733a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000733a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4064] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000733a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d327d2 8 bytes {JMP 0x10} .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d368d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d3692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d37166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d37dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d37e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d81380 8 bytes {JMP QWORD [RIP-0x4a220]} .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d81500 8 bytes {JMP QWORD [RIP-0x49cef]} .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d81530 8 bytes {JMP QWORD [RIP-0x4ac62]} .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d81650 8 bytes {JMP QWORD [RIP-0x4a80f]} .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d81700 8 bytes {JMP QWORD [RIP-0x4adda]} .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d81d30 8 bytes {JMP QWORD [RIP-0x49edf]} .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d81f80 8 bytes {JMP QWORD [RIP-0x4a1b5]} .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d827e0 8 bytes {JMP QWORD [RIP-0x4ab13]} .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000733a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000733a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000733a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000733a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000733a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000733a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b01401 2 bytes JMP 7678b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b01419 2 bytes JMP 7678b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b01431 2 bytes JMP 76808ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b0144a 2 bytes CALL 767648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b014dd 2 bytes JMP 768087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b014f5 2 bytes JMP 76808978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b0150d 2 bytes JMP 76808698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b01525 2 bytes JMP 76808a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b0153d 2 bytes JMP 7677fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b01555 2 bytes JMP 767868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b0156d 2 bytes JMP 76808f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b01585 2 bytes JMP 76808ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b0159d 2 bytes JMP 7680865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b015b5 2 bytes JMP 7677fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b015cd 2 bytes JMP 7678b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b016b2 2 bytes JMP 76808e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b016bd 2 bytes JMP 768085f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d327d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d368d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d3692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d37166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d37dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d37e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d81380 8 bytes {JMP QWORD [RIP-0x4a220]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d81500 8 bytes {JMP QWORD [RIP-0x49cef]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d81530 8 bytes {JMP QWORD [RIP-0x4ac62]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d81650 8 bytes {JMP QWORD [RIP-0x4a80f]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d81700 8 bytes {JMP QWORD [RIP-0x4adda]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d81d30 8 bytes {JMP QWORD [RIP-0x49edf]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d81f80 8 bytes {JMP QWORD [RIP-0x4a1b5]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d827e0 8 bytes {JMP QWORD [RIP-0x4ab13]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000733a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000733a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000733a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000733a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000733a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000733a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d327d2 8 bytes {JMP 0x10} .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d368d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d3692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d37166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d37dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d37e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d81380 8 bytes {JMP QWORD [RIP-0x4a220]} .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d81500 8 bytes {JMP QWORD [RIP-0x49cef]} .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d81530 8 bytes {JMP QWORD [RIP-0x4ac62]} .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d81650 8 bytes {JMP QWORD [RIP-0x4a80f]} .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d81700 8 bytes {JMP QWORD [RIP-0x4adda]} .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d81d30 8 bytes {JMP QWORD [RIP-0x49edf]} .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d81f80 8 bytes {JMP QWORD [RIP-0x4a1b5]} .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d827e0 8 bytes {JMP QWORD [RIP-0x4ab13]} .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000733a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000733a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000733a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000733a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000733a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\OEM05Mon.exe[4604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000733a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d327d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d368d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d3692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d37166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d37dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d37e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d81380 8 bytes {JMP QWORD [RIP-0x4a220]} .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d81500 8 bytes {JMP QWORD [RIP-0x49cef]} .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d81530 8 bytes {JMP QWORD [RIP-0x4ac62]} .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d81650 8 bytes {JMP QWORD [RIP-0x4a80f]} .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d81700 8 bytes {JMP QWORD [RIP-0x4adda]} .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d81d30 8 bytes {JMP QWORD [RIP-0x49edf]} .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d81f80 8 bytes {JMP QWORD [RIP-0x4a1b5]} .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d827e0 8 bytes {JMP QWORD [RIP-0x4ab13]} .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000733a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000733a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000733a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000733a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000733a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000733a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d327d2 8 bytes {JMP 0x10} .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d368d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d3692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d37166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d37dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d37e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d81380 8 bytes {JMP QWORD [RIP-0x4a220]} .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d81500 8 bytes {JMP QWORD [RIP-0x49cef]} .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d81530 8 bytes {JMP QWORD [RIP-0x4ac62]} .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d81650 8 bytes {JMP QWORD [RIP-0x4a80f]} .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d81700 8 bytes {JMP QWORD [RIP-0x4adda]} .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d81d30 8 bytes {JMP QWORD [RIP-0x49edf]} .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d81f80 8 bytes {JMP QWORD [RIP-0x4a1b5]} .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d827e0 8 bytes {JMP QWORD [RIP-0x4ab13]} .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000733a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000733a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000733a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000733a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000733a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000733a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b01401 2 bytes JMP 7678b21b C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b01419 2 bytes JMP 7678b346 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b01431 2 bytes JMP 76808ea9 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b0144a 2 bytes CALL 767648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b014dd 2 bytes JMP 768087a2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b014f5 2 bytes JMP 76808978 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b0150d 2 bytes JMP 76808698 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b01525 2 bytes JMP 76808a62 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b0153d 2 bytes JMP 7677fca8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b01555 2 bytes JMP 767868ef C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b0156d 2 bytes JMP 76808f61 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b01585 2 bytes JMP 76808ac2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b0159d 2 bytes JMP 7680865c C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b015b5 2 bytes JMP 7677fd41 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b015cd 2 bytes JMP 7678b2dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b016b2 2 bytes JMP 76808e24 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{30654808-2713-30a2-3065-548082712020}\SuperOptimizer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b016bd 2 bytes JMP 768085f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d327d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d368d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d3692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d37166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d37dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d37e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d81380 8 bytes {JMP QWORD [RIP-0x4a220]} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d81500 8 bytes {JMP QWORD [RIP-0x49cef]} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d81530 8 bytes {JMP QWORD [RIP-0x4ac62]} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d81650 8 bytes {JMP QWORD [RIP-0x4a80f]} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d81700 8 bytes {JMP QWORD [RIP-0x4adda]} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d81d30 8 bytes {JMP QWORD [RIP-0x49edf]} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d81f80 8 bytes {JMP QWORD [RIP-0x4a1b5]} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d827e0 8 bytes {JMP QWORD [RIP-0x4ab13]} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000733a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000733a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000733a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000733a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000733a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000733a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d327d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d368d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d3692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d37166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d37dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d37e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d81380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d81500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d81530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d81650 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d81700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d81d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d81f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d827e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000733a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000733a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000733a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000733a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000733a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5496] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000733a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d327d2 8 bytes {JMP 0x10} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d368d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d3692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d37166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d37dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d37e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d81380 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d81500 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d81530 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d81650 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d81700 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d81d30 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d81f80 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d827e0 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000733a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000733a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000733a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000733a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000733a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[5292] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000733a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d327d2 8 bytes {JMP 0x10} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d368d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d3692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d37166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d37dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d37e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d81380 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d81500 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d81530 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d81650 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d81700 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d81d30 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d81f80 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d827e0 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000733a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000733a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000733a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000733a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000733a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6024] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000733a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d327d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d368d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d3692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d37166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d37dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d37e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d81380 8 bytes {JMP QWORD [RIP-0x4a220]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d81500 8 bytes {JMP QWORD [RIP-0x49cef]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d81530 8 bytes {JMP QWORD [RIP-0x4ac62]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d81650 8 bytes {JMP QWORD [RIP-0x4a80f]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d81700 8 bytes {JMP QWORD [RIP-0x4adda]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d81d30 8 bytes {JMP QWORD [RIP-0x49edf]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d81f80 8 bytes {JMP QWORD [RIP-0x4a1b5]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d827e0 8 bytes {JMP QWORD [RIP-0x4ab13]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000733a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000733a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000733a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000733a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000733a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000733a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b01401 2 bytes JMP 7678b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b01419 2 bytes JMP 7678b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b01431 2 bytes JMP 76808ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b0144a 2 bytes CALL 767648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b014dd 2 bytes JMP 768087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b014f5 2 bytes JMP 76808978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b0150d 2 bytes JMP 76808698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b01525 2 bytes JMP 76808a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b0153d 2 bytes JMP 7677fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b01555 2 bytes JMP 767868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b0156d 2 bytes JMP 76808f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b01585 2 bytes JMP 76808ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b0159d 2 bytes JMP 7680865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b015b5 2 bytes JMP 7677fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b015cd 2 bytes JMP 7678b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b016b2 2 bytes JMP 76808e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b016bd 2 bytes JMP 768085f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d327d2 8 bytes {JMP 0x10} .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d368d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d3692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d37166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d37dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d37e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d81380 8 bytes {JMP QWORD [RIP-0x4a220]} .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d81500 8 bytes {JMP QWORD [RIP-0x49cef]} .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d81530 8 bytes {JMP QWORD [RIP-0x4ac62]} .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d81650 8 bytes {JMP QWORD [RIP-0x4a80f]} .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d81700 8 bytes {JMP QWORD [RIP-0x4adda]} .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d81d30 8 bytes {JMP QWORD [RIP-0x49edf]} .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d81f80 8 bytes {JMP QWORD [RIP-0x4a1b5]} .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d827e0 8 bytes {JMP QWORD [RIP-0x4ab13]} .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000733a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000733a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000733a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000733a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000733a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\NAS Tower\Downloads\06jvf4pi.exe[7108] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000733a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88004584fb0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3100] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fefa03741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3100] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fefa035f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3100] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fefa035674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3100] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fefa035e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3100] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fefa037f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3100] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fefa036a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3100] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fefa036ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3100] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fefa037b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3100] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fefa037ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3100] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fefa0378b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3100] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fefa034fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3100] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fefa035d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3100] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fefa037584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Processes - GMER 2.1 ---- Process C:\Users\NAS Tower\AppData\Roaming\03000200-1426602356-0500-0006-000700080009\jnsd5E64.tmp (*** suspicious ***) @ C:\Users\NAS Tower\AppData\Roaming\03000200-1426602356-0500-0006-000700080009\jnsd5E64.tmp [1836](2015-03-17 14:26:18) 00000000002c0000 Process C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (*** suspicious ***) @ C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2104] (FreemakeUtilsService/Freemake)(2015-01-25 14:09:40) 00000000000a0000 Library c:\users\nastow~1\appdata\local\temp\7zs75fe\hpslpsvc64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [6348] (HP Network Devices Support/Hewlett-Packard Co.)(2014-12-09 20:03:29) 0000000180000000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\KLIF\Parameters@LastProcessedRevision 141169279 ---- EOF - GMER 2.1 ----