GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-06-30 16:56:04 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000007f ATA_____ rev.LVD3 931,51GB Running: 7pubxq9c.exe; Driver: C:\Users\Kuba\AppData\Local\Temp\pwldypoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1508] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000775fa3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1508] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077603f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1508] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007761ffd0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1508] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007762f350 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1508] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077659aa0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1508] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077669530 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1508] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077688850 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1508] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd602db0 5 bytes JMP 000007fffd5f0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1508] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6037d0 7 bytes JMP 000007fffd5f00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1508] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd60a410 2 bytes JMP 000007fffd5f0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1508] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd60a413 2 bytes [FE, FF] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1508] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd60aec0 6 bytes JMP 000007fffd5f0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1508] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2489e0 8 bytes JMP 000007fffd5f01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1508] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe24be40 8 bytes JMP 000007fffd5f01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1508] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff937490 11 bytes JMP 000007fffd5f0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1508] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff94bf00 7 bytes JMP 000007fffd5f0260 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe[1912] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077a0faa4 5 bytes JMP 00000001728f2e30 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe[1912] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a10034 5 bytes JMP 00000001728f2df0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe[1912] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize + 779 000000007624b9f8 4 bytes [80, 40, 8F, 72] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779c1401 2 bytes JMP 7751b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe[1912] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779c1419 2 bytes JMP 7751b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779c1431 2 bytes JMP 77598f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779c144a 2 bytes CALL 774f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe[1912] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779c14dd 2 bytes JMP 77598822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779c14f5 2 bytes JMP 775989f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe[1912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779c150d 2 bytes JMP 77598718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779c1525 2 bytes JMP 77598ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779c153d 2 bytes JMP 7750fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe[1912] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779c1555 2 bytes JMP 775168ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779c156d 2 bytes JMP 77598fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779c1585 2 bytes JMP 77598b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe[1912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779c159d 2 bytes JMP 775986dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779c15b5 2 bytes JMP 7750fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779c15cd 2 bytes JMP 7751b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779c16b2 2 bytes JMP 77598ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779c16bd 2 bytes JMP 77598671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2024] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000774f8781 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000779c1401 2 bytes JMP 7751b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000779c1419 2 bytes JMP 7751b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000779c1431 2 bytes JMP 77598f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000779c144a 2 bytes CALL 774f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000779c14dd 2 bytes JMP 77598822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000779c14f5 2 bytes JMP 775989f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000779c150d 2 bytes JMP 77598718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000779c1525 2 bytes JMP 77598ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000779c153d 2 bytes JMP 7750fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000779c1555 2 bytes JMP 775168ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000779c156d 2 bytes JMP 77598fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000779c1585 2 bytes JMP 77598b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000779c159d 2 bytes JMP 775986dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000779c15b5 2 bytes JMP 7750fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000779c15cd 2 bytes JMP 7751b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000779c16b2 2 bytes JMP 77598ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000779c16bd 2 bytes JMP 77598671 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\Dwm.exe[3048] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd602db0 5 bytes JMP 000007fffd5f0180 .text C:\Windows\system32\Dwm.exe[3048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6037d0 7 bytes JMP 000007fffd5f00d8 .text C:\Windows\system32\Dwm.exe[3048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd60a410 2 bytes JMP 000007fffd5f0110 .text C:\Windows\system32\Dwm.exe[3048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd60a413 2 bytes [FE, FF] .text C:\Windows\system32\Dwm.exe[3048] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd60aec0 6 bytes JMP 000007fffd5f0148 .text C:\Windows\system32\Dwm.exe[3048] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2489e0 8 bytes JMP 000007fffd5f01f0 .text C:\Windows\system32\Dwm.exe[3048] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe24be40 8 bytes JMP 000007fffd5f01b8 .text C:\Windows\system32\Dwm.exe[3048] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef3dadc88 5 bytes JMP 000007fff3ba00d8 .text C:\Windows\system32\Dwm.exe[3048] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef3dade10 5 bytes JMP 000007fff3ba0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4184] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000775fa3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4184] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077603f00 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4184] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007761ffd0 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4184] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007762f350 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4184] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077659aa0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4184] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077669530 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4184] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077688850 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4184] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd602db0 5 bytes JMP 000007fffd5f0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4184] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6037d0 7 bytes JMP 000007fffd5f00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4184] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd60a410 2 bytes JMP 000007fffd5f0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4184] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd60a413 2 bytes [FE, FF] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4184] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd60aec0 6 bytes JMP 000007fffd5f0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4184] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2489e0 8 bytes JMP 000007fffd5f01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4184] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe24be40 8 bytes JMP 000007fffd5f01b8 .text C:\Windows\System32\igfxpers.exe[4228] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd602db0 5 bytes JMP 000007fffd5f0180 .text C:\Windows\System32\igfxpers.exe[4228] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6037d0 7 bytes JMP 000007fffd5f00d8 .text C:\Windows\System32\igfxpers.exe[4228] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd60a410 2 bytes JMP 000007fffd5f0110 .text C:\Windows\System32\igfxpers.exe[4228] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd60a413 2 bytes [FE, FF] .text C:\Windows\System32\igfxpers.exe[4228] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd60aec0 6 bytes JMP 000007fffd5f0148 .text C:\Windows\System32\igfxpers.exe[4228] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2489e0 8 bytes JMP 000007fffd5f01f0 .text C:\Windows\System32\igfxpers.exe[4228] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe24be40 8 bytes JMP 000007fffd5f01b8 .text C:\Windows\System32\igfxpers.exe[4228] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff937490 11 bytes JMP 000007fffd5f0228 .text C:\Windows\System32\igfxpers.exe[4228] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff94bf00 7 bytes JMP 000007fffd5f0260 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4288] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000774f1efe 7 bytes JMP 00000001710e4b10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4288] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000774f5b9d 7 bytes JMP 00000001710e54b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4288] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000775013f9 7 bytes JMP 00000001710e4e50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4288] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007750ea45 7 bytes JMP 00000001710e4b00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4288] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077598ea4 7 bytes JMP 00000001710e45c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4288] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077598f29 5 bytes JMP 00000001710e4670 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4288] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077599281 5 bytes JMP 00000001710e45d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4288] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075771d29 5 bytes JMP 00000001710e4580 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4288] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075771dd7 5 bytes JMP 00000001710e4540 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4288] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075772ab1 5 bytes JMP 0000000100322ac0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4288] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075772d1d 5 bytes JMP 00000001710e4360 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4288] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076248a29 5 bytes JMP 00000001710e3a40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4288] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076254572 5 bytes JMP 00000001710e42e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4288] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007626e567 5 bytes JMP 00000001710e4350 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4288] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000762907d7 5 bytes JMP 00000001710e3850 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4288] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000762a7a5c 5 bytes JMP 00000001710e42d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4288] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007745e96b 5 bytes JMP 00000001710e3b60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4288] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007745eba5 5 bytes JMP 00000001710e3b80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4288] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fc5ea5 5 bytes JMP 00000001710e3a00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4288] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ff9d0b 5 bytes JMP 00000001710e3990 .text C:\Program Files\Elantech\ETDCtrl.exe[4396] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000775fa3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrl.exe[4396] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077603f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrl.exe[4396] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007761ffd0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[4396] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007762f350 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrl.exe[4396] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077659aa0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[4396] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077669530 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrl.exe[4396] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077688850 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[4396] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd602db0 5 bytes JMP 000007fffd5f0180 .text C:\Program Files\Elantech\ETDCtrl.exe[4396] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6037d0 7 bytes JMP 000007fffd5f00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[4396] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd60a410 2 bytes JMP 000007fffd5f0110 .text C:\Program Files\Elantech\ETDCtrl.exe[4396] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd60a413 2 bytes [FE, FF] .text C:\Program Files\Elantech\ETDCtrl.exe[4396] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd60aec0 6 bytes JMP 000007fffd5f0148 .text C:\Program Files\Elantech\ETDCtrl.exe[4396] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2489e0 8 bytes JMP 000007fffd5f01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[4396] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe24be40 8 bytes JMP 000007fffd5f01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[4396] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff937490 11 bytes JMP 000007fffd5f0228 .text C:\Program Files\Elantech\ETDCtrl.exe[4396] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff94bf00 7 bytes JMP 000007fffd5f0260 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4496] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000775fa3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4496] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077603f00 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4496] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007761ffd0 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4496] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007762f350 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4496] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077659aa0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4496] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077669530 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4496] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077688850 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4496] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd602db0 5 bytes JMP 000007fffd5f0180 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6037d0 7 bytes JMP 000007fffd5f00d8 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd60a410 2 bytes JMP 000007fffd5f0110 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd60a413 2 bytes [FE, FF] .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4496] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd60aec0 6 bytes JMP 000007fffd5f0148 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4496] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2489e0 8 bytes JMP 000007fffd5f01f0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4496] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe24be40 8 bytes JMP 000007fffd5f01b8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[4556] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000775fa3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[4556] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077603f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[4556] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007761ffd0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[4556] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007762f350 5 bytes JMP 000000016fff0110 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[4556] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077659aa0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[4556] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077669530 5 bytes JMP 000000016fff0148 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[4556] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077688850 7 bytes JMP 000000016fff01f0 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[4556] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd602db0 5 bytes JMP 000007fffd5f0180 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[4556] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6037d0 7 bytes JMP 000007fffd5f00d8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[4556] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd60a410 2 bytes JMP 000007fffd5f0110 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[4556] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd60a413 2 bytes [FE, FF] .text C:\Program Files\ESET\ESET Smart Security\egui.exe[4556] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd60aec0 6 bytes JMP 000007fffd5f0148 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[4556] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2489e0 8 bytes JMP 000007fffd5f01f0 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[4556] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe24be40 8 bytes JMP 000007fffd5f01b8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[4556] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff937490 11 bytes JMP 000007fffd5f0228 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[4556] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff94bf00 7 bytes JMP 000007fffd5f0260 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4772] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000774f1efe 7 bytes JMP 00000001710e4b10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4772] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000774f5b9d 7 bytes JMP 00000001710e54b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4772] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000775013f9 7 bytes JMP 00000001710e4e50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4772] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007750ea45 7 bytes JMP 00000001710e4b00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4772] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077598ea4 7 bytes JMP 00000001710e45c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4772] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077598f29 5 bytes JMP 00000001710e4670 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4772] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077599281 5 bytes JMP 00000001710e45d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4772] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075771d29 5 bytes JMP 00000001710e4580 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4772] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075771dd7 5 bytes JMP 00000001710e4540 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4772] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075772ab1 5 bytes JMP 00000001710e4680 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4772] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075772d1d 5 bytes JMP 00000001710e4360 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4772] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007745e96b 5 bytes JMP 00000001710e3b60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4772] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007745eba5 5 bytes JMP 00000001710e3b80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4772] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076248a29 5 bytes JMP 00000001710e3a40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4772] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076254572 5 bytes JMP 00000001710e42e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4772] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007626e567 5 bytes JMP 00000001710e4350 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4772] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000762907d7 5 bytes JMP 00000001710e3850 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4772] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000762a7a5c 5 bytes JMP 00000001710e42d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4772] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fc5ea5 5 bytes JMP 00000001710e3a00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4772] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ff9d0b 5 bytes JMP 00000001710e3990 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4872] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000775fa3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4872] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077603f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4872] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007761ffd0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4872] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007762f350 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4872] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077659aa0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4872] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077669530 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4872] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077688850 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4872] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd602db0 5 bytes JMP 000007fffd5c0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6037d0 7 bytes JMP 000007fffd5c00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd60a410 2 bytes JMP 000007fffd5c0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd60a413 2 bytes [FB, FF] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd60aec0 6 bytes JMP 000007fffd5c0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4872] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2489e0 8 bytes JMP 000007fffd5c01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4872] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe24be40 8 bytes JMP 000007fffd5c01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5016] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000775fa3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5016] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077603f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5016] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007761ffd0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5016] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007762f350 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5016] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077659aa0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5016] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077669530 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5016] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077688850 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5016] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd602db0 5 bytes JMP 000007fffd5b0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5016] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6037d0 7 bytes JMP 000007fffd5b00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5016] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd60a410 2 bytes JMP 000007fffd5b0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5016] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd60a413 2 bytes [FA, FF] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5016] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd60aec0 6 bytes JMP 000007fffd5b0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5016] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff937490 11 bytes JMP 000007fffd5b0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5016] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff94bf00 7 bytes JMP 000007fffd5b0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5016] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2489e0 8 bytes JMP 000007fffd5b01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5016] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe24be40 8 bytes JMP 000007fffd5b01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5016] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef7402460 5 bytes JMP 000007fefd5b02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5016] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef74396b0 6 bytes JMP 000007fefd5b0298 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3408] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000775fa3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3408] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077603f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3408] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007761ffd0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3408] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007762f350 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3408] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077659aa0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3408] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077669530 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3408] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077688850 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3408] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd602db0 5 bytes JMP 000007fffd5f0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3408] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6037d0 7 bytes JMP 000007fffd5f00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3408] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd60a410 2 bytes JMP 000007fffd5f0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3408] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd60a413 2 bytes [FE, FF] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3408] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd60aec0 6 bytes JMP 000007fffd5f0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3408] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2489e0 8 bytes JMP 000007fffd5f01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3408] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe24be40 8 bytes JMP 000007fffd5f01b8 .text C:\Program Files\Elantech\ETDIntelligent.exe[1684] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000775fa3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDIntelligent.exe[1684] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077603f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDIntelligent.exe[1684] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007761ffd0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDIntelligent.exe[1684] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007762f350 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDIntelligent.exe[1684] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077659aa0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDIntelligent.exe[1684] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077669530 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDIntelligent.exe[1684] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077688850 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDIntelligent.exe[1684] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd602db0 5 bytes JMP 000007fffd5f0180 .text C:\Program Files\Elantech\ETDIntelligent.exe[1684] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6037d0 7 bytes JMP 000007fffd5f00d8 .text C:\Program Files\Elantech\ETDIntelligent.exe[1684] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd60a410 2 bytes JMP 000007fffd5f0110 .text C:\Program Files\Elantech\ETDIntelligent.exe[1684] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd60a413 2 bytes [FE, FF] .text C:\Program Files\Elantech\ETDIntelligent.exe[1684] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd60aec0 6 bytes JMP 000007fffd5f0148 .text C:\Program Files\Elantech\ETDIntelligent.exe[1684] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2489e0 8 bytes JMP 000007fffd5f01f0 .text C:\Program Files\Elantech\ETDIntelligent.exe[1684] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe24be40 8 bytes JMP 000007fffd5f01b8 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779c1401 2 bytes JMP 7751b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5500] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779c1419 2 bytes JMP 7751b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779c1431 2 bytes JMP 77598f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779c144a 2 bytes CALL 774f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5500] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779c14dd 2 bytes JMP 77598822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779c14f5 2 bytes JMP 775989f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5500] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779c150d 2 bytes JMP 77598718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779c1525 2 bytes JMP 77598ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779c153d 2 bytes JMP 7750fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5500] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779c1555 2 bytes JMP 775168ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779c156d 2 bytes JMP 77598fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779c1585 2 bytes JMP 77598b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5500] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779c159d 2 bytes JMP 775986dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779c15b5 2 bytes JMP 7750fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779c15cd 2 bytes JMP 7751b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779c16b2 2 bytes JMP 77598ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779c16bd 2 bytes JMP 77598671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5616] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000774f1efe 7 bytes JMP 00000001710e4b10 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5616] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000774f5b9d 7 bytes JMP 00000001710e54b0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5616] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000775013f9 7 bytes JMP 00000001710e4e50 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5616] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007750ea45 7 bytes JMP 00000001710e4b00 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5616] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077598ea4 7 bytes JMP 00000001710e45c0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5616] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077598f29 5 bytes JMP 00000001710e4670 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5616] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077599281 5 bytes JMP 00000001710e45d0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5616] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075771d29 5 bytes JMP 00000001710e4580 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5616] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075771dd7 5 bytes JMP 00000001710e4540 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5616] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075772ab1 5 bytes JMP 00000001710e4680 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5616] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075772d1d 5 bytes JMP 00000001710e4360 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5616] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007745e96b 5 bytes JMP 00000001710e3b60 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5616] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007745eba5 5 bytes JMP 00000001710e3b80 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5616] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076248a29 5 bytes JMP 00000001710e3a40 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5616] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076254572 5 bytes JMP 00000001710e42e0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5616] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007626e567 5 bytes JMP 00000001710e4350 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5616] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000762907d7 5 bytes JMP 00000001710e3850 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5616] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000762a7a5c 5 bytes JMP 00000001710e42d0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5616] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fc5ea5 5 bytes JMP 00000001710e3a00 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5616] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ff9d0b 5 bytes JMP 00000001710e3990 .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000774f1efe 7 bytes JMP 00000001710e4b10 .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000774f5b9d 7 bytes JMP 00000001710e54b0 .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000775013f9 7 bytes JMP 00000001710e4e50 .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007750ea45 7 bytes JMP 00000001710e4b00 .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077598ea4 7 bytes JMP 00000001710e45c0 .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077598f29 5 bytes JMP 00000001710e4670 .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077599281 5 bytes JMP 00000001710e45d0 .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075771d29 5 bytes JMP 00000001710e4580 .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075771dd7 5 bytes JMP 00000001710e4540 .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075772ab1 5 bytes JMP 00000001710e4680 .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075772d1d 5 bytes JMP 00000001710e4360 .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076248a29 5 bytes JMP 00000001710e3a40 .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076254572 5 bytes JMP 00000001710e42e0 .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007626e567 5 bytes JMP 00000001710e4350 .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000762907d7 5 bytes JMP 00000001710e3850 .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000762a7a5c 5 bytes JMP 00000001710e42d0 .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007745e96b 5 bytes JMP 00000001710e3b60 .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007745eba5 5 bytes JMP 00000001710e3b80 .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fc5ea5 5 bytes JMP 00000001710e3a00 .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ff9d0b 5 bytes JMP 00000001710e3990 .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779c1401 2 bytes JMP 7751b21b C:\Windows\syswow64\kernel32.dll .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779c1419 2 bytes JMP 7751b346 C:\Windows\syswow64\kernel32.dll .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779c1431 2 bytes JMP 77598f29 C:\Windows\syswow64\kernel32.dll .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779c144a 2 bytes CALL 774f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779c14dd 2 bytes JMP 77598822 C:\Windows\syswow64\kernel32.dll .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779c14f5 2 bytes JMP 775989f8 C:\Windows\syswow64\kernel32.dll .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779c150d 2 bytes JMP 77598718 C:\Windows\syswow64\kernel32.dll .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779c1525 2 bytes JMP 77598ae2 C:\Windows\syswow64\kernel32.dll .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779c153d 2 bytes JMP 7750fca8 C:\Windows\syswow64\kernel32.dll .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779c1555 2 bytes JMP 775168ef C:\Windows\syswow64\kernel32.dll .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779c156d 2 bytes JMP 77598fe3 C:\Windows\syswow64\kernel32.dll .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779c1585 2 bytes JMP 77598b42 C:\Windows\syswow64\kernel32.dll .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779c159d 2 bytes JMP 775986dc C:\Windows\syswow64\kernel32.dll .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779c15b5 2 bytes JMP 7750fd41 C:\Windows\syswow64\kernel32.dll .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779c15cd 2 bytes JMP 7751b2dc C:\Windows\syswow64\kernel32.dll .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779c16b2 2 bytes JMP 77598ea4 C:\Windows\syswow64\kernel32.dll .text D:\Last.fm\Last.fm Scrobbler.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779c16bd 2 bytes JMP 77598671 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\wuauclt.exe[3980] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd602db0 5 bytes JMP 000007fffd5f0180 .text C:\Windows\system32\wuauclt.exe[3980] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6037d0 7 bytes JMP 000007fffd5f00d8 .text C:\Windows\system32\wuauclt.exe[3980] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd60a410 2 bytes JMP 000007fffd5f0110 .text C:\Windows\system32\wuauclt.exe[3980] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd60a413 2 bytes [FE, FF] .text C:\Windows\system32\wuauclt.exe[3980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd60aec0 6 bytes JMP 000007fffd5f0148 .text C:\Windows\system32\wuauclt.exe[3980] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff937490 11 bytes JMP 000007fffd5f0228 .text C:\Windows\system32\wuauclt.exe[3980] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff94bf00 7 bytes JMP 000007fffd5f0260 .text C:\Windows\system32\wuauclt.exe[3980] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2489e0 8 bytes JMP 000007fffd5f01f0 .text C:\Windows\system32\wuauclt.exe[3980] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe24be40 8 bytes JMP 000007fffd5f01b8 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000778113ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077811544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000778118ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077811ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077811bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077811d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077811e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077811f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077812248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000778126f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077812712 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007781276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000778127d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077812b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077812be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000778130bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077813248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000778137c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000778138b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077813a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077813fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077814061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000778140d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077814216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077814254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000778144c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000778146ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077814773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077814867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077814986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077814ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077814b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077814d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077814f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077815007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000778151f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077816006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000778161be 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000778163ac 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000778163ed 8 bytes [50, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077816404 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007781645c 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077816c26 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007785dca0 8 bytes {JMP QWORD [RIP-0x478a2]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007785de20 8 bytes {JMP QWORD [RIP-0x479ca]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007785de50 8 bytes {JMP QWORD [RIP-0x47c98]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785df70 8 bytes {JMP QWORD [RIP-0x47b89]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007785e020 8 bytes {JMP QWORD [RIP-0x47c7a]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785e650 8 bytes {JMP QWORD [RIP-0x46b93]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e8a0 8 bytes {JMP QWORD [RIP-0x472a2]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785f100 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000778113ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077811544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000778118ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077811ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077811bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077811d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077811e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077811f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077812248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000778126f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077812712 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007781276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000778127d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077812b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077812be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000778130bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077813248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000778137c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000778138b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077813a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077813fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077814061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000778140d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077814216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077814254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000778144c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000778146ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077814773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077814867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077814986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077814ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077814b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077814d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077814f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077815007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000778151f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077816006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000778161be 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000778163ac 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000778163ed 8 bytes [50, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077816404 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007781645c 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077816c26 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007785dca0 8 bytes {JMP QWORD [RIP-0x478a2]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007785de20 8 bytes {JMP QWORD [RIP-0x479ca]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007785de50 8 bytes {JMP QWORD [RIP-0x47c98]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785df70 8 bytes {JMP QWORD [RIP-0x47b89]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007785e020 8 bytes {JMP QWORD [RIP-0x47c7a]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785e650 8 bytes {JMP QWORD [RIP-0x46b93]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e8a0 8 bytes {JMP QWORD [RIP-0x472a2]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785f100 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000778113ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077811544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000778118ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077811ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077811bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077811d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077811e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077811f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077812248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000778126f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077812712 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007781276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000778127d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077812b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077812be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000778130bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077813248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000778137c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000778138b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077813a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077813fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077814061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000778140d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077814216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077814254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000778144c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000778146ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077814773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077814867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077814986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077814ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077814b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077814d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077814f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077815007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000778151f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077816006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000778161be 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000778163ac 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000778163ed 8 bytes [50, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077816404 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007781645c 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077816c26 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007785dca0 8 bytes {JMP QWORD [RIP-0x478a2]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007785de20 8 bytes {JMP QWORD [RIP-0x479ca]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007785de50 8 bytes {JMP QWORD [RIP-0x47c98]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785df70 8 bytes {JMP QWORD [RIP-0x47b89]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007785e020 8 bytes {JMP QWORD [RIP-0x47c7a]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785e650 8 bytes {JMP QWORD [RIP-0x46b93]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e8a0 8 bytes {JMP QWORD [RIP-0x472a2]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785f100 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2996] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000778113ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077811544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000778118ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077811ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077811bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077811d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077811e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077811f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077812248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000778126f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077812712 8 bytes {JMP 0x10} .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007781276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000778127d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077812b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077812be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000778130bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077813248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000778137c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000778138b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077813a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077813fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077814061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000778140d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077814216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077814254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000778144c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000778146ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077814773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077814867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077814986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077814ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077814b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077814d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077814f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077815007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000778151f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077816006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000778161be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000778163ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000778163ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077816404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007781645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077816c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007785dca0 8 bytes {JMP QWORD [RIP-0x478a2]} .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007785de20 8 bytes {JMP QWORD [RIP-0x479ca]} .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007785de50 8 bytes {JMP QWORD [RIP-0x47c98]} .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785df70 8 bytes {JMP QWORD [RIP-0x47b89]} .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007785e020 8 bytes {JMP QWORD [RIP-0x47c7a]} .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785e650 8 bytes {JMP QWORD [RIP-0x46b93]} .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e8a0 8 bytes {JMP QWORD [RIP-0x472a2]} .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785f100 8 bytes {JMP QWORD [RIP-0x484e0]} .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000774f1efe 7 bytes JMP 00000001710e4b10 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000774f5b9d 7 bytes JMP 00000001710e54b0 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000775013f9 7 bytes JMP 00000001710e4e50 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007750ea45 7 bytes JMP 00000001710e4b00 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077598ea4 7 bytes JMP 00000001710e45c0 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077598f29 5 bytes JMP 00000001710e4670 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077599281 5 bytes JMP 00000001710e45d0 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075771d29 5 bytes JMP 00000001710e4580 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075771dd7 5 bytes JMP 00000001710e4540 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075772ab1 5 bytes JMP 00000001710e4680 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075772d1d 5 bytes JMP 00000001710e4360 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076248a29 5 bytes JMP 00000001710e3a40 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076254572 5 bytes JMP 00000001710e42e0 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007626e567 5 bytes JMP 00000001710e4350 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000762907d7 5 bytes JMP 00000001710e3850 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000762a7a5c 5 bytes JMP 00000001710e42d0 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007745e96b 5 bytes JMP 00000001710e3b60 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007745eba5 5 bytes JMP 00000001710e3b80 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fc5ea5 5 bytes JMP 00000001710e3a00 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ff9d0b 5 bytes JMP 00000001710e3990 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779c1401 2 bytes JMP 7751b21b C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779c1419 2 bytes JMP 7751b346 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779c1431 2 bytes JMP 77598f29 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779c144a 2 bytes CALL 774f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779c14dd 2 bytes JMP 77598822 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779c14f5 2 bytes JMP 775989f8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779c150d 2 bytes JMP 77598718 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779c1525 2 bytes JMP 77598ae2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779c153d 2 bytes JMP 7750fca8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779c1555 2 bytes JMP 775168ef C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779c156d 2 bytes JMP 77598fe3 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779c1585 2 bytes JMP 77598b42 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779c159d 2 bytes JMP 775986dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779c15b5 2 bytes JMP 7750fd41 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779c15cd 2 bytes JMP 7751b2dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779c16b2 2 bytes JMP 77598ea4 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe[6984] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779c16bd 2 bytes JMP 77598671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000778113ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077811544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000778118ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077811ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077811bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077811d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077811e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077811f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077812248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000778126f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077812712 8 bytes {JMP 0x10} .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007781276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000778127d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077812b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077812be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000778130bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077813248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000778137c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000778138b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077813a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077813fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077814061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000778140d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077814216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077814254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000778144c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000778146ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077814773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077814867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077814986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077814ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077814b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077814d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077814f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077815007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000778151f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077816006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000778161be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000778163ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000778163ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077816404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007781645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077816c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007785dca0 8 bytes {JMP QWORD [RIP-0x478a2]} .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007785de20 8 bytes {JMP QWORD [RIP-0x479ca]} .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007785de50 8 bytes {JMP QWORD [RIP-0x47c98]} .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785df70 8 bytes {JMP QWORD [RIP-0x47b89]} .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007785e020 8 bytes {JMP QWORD [RIP-0x47c7a]} .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785e650 8 bytes {JMP QWORD [RIP-0x46b93]} .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e8a0 8 bytes {JMP QWORD [RIP-0x472a2]} .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785f100 8 bytes {JMP QWORD [RIP-0x484e0]} .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000774f1efe 7 bytes JMP 00000001710e4b10 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000774f5b9d 7 bytes JMP 00000001710e54b0 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000775013f9 7 bytes JMP 00000001710e4e50 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007750ea45 7 bytes JMP 00000001710e4b00 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077598ea4 7 bytes JMP 00000001710e45c0 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077598f29 5 bytes JMP 00000001710e4670 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077599281 5 bytes JMP 00000001710e45d0 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075771d29 5 bytes JMP 00000001710e4580 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075771dd7 5 bytes JMP 00000001710e4540 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075772ab1 5 bytes JMP 00000001710e4680 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075772d1d 5 bytes JMP 00000001710e4360 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007745e96b 5 bytes JMP 00000001710e3b60 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007745eba5 5 bytes JMP 00000001710e3b80 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076248a29 5 bytes JMP 00000001710e3a40 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076254572 5 bytes JMP 00000001710e42e0 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007626e567 5 bytes JMP 00000001710e4350 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000762907d7 5 bytes JMP 00000001710e3850 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000762a7a5c 5 bytes JMP 00000001710e42d0 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fc5ea5 5 bytes JMP 00000001710e3a00 .text C:\Program Files\NVIDIA Corporation\Installer2\installer.{20FC362A-89BF-42C6-BCB3-7FB3B93A2098}\NVNetworkService.exe[2132] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ff9d0b 5 bytes JMP 00000001710e3990 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000778113ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077811544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000778118ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077811ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077811bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077811d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077811e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077811f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077812248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000778126f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077812712 8 bytes {JMP 0x10} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007781276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000778127d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077812b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077812be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000778130bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077813248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000778137c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000778138b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077813a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077813fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077814061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000778140d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077814216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077814254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000778144c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000778146ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077814773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077814867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077814986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077814ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077814b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077814d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077814f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077815007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000778151f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077816006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000778161be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000778163ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000778163ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077816404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007781645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077816c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007785dca0 8 bytes {JMP QWORD [RIP-0x478a2]} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007785de20 8 bytes {JMP QWORD [RIP-0x479ca]} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007785de50 8 bytes {JMP QWORD [RIP-0x47c98]} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785df70 8 bytes {JMP QWORD [RIP-0x47b89]} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007785e020 8 bytes {JMP QWORD [RIP-0x47c7a]} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785e650 8 bytes {JMP QWORD [RIP-0x46b93]} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e8a0 8 bytes {JMP QWORD [RIP-0x472a2]} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785f100 8 bytes {JMP QWORD [RIP-0x484e0]} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[6012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\FRST64.exe[6756] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000775fa3e0 7 bytes JMP 000000016fff0228 .text C:\Users\Kuba\Desktop\FRST64.exe[6756] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077603f00 5 bytes JMP 000000016fff0180 .text C:\Users\Kuba\Desktop\FRST64.exe[6756] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007761ffd0 5 bytes JMP 000000016fff01b8 .text C:\Users\Kuba\Desktop\FRST64.exe[6756] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007762f350 5 bytes JMP 000000016fff0110 .text C:\Users\Kuba\Desktop\FRST64.exe[6756] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077659aa0 7 bytes JMP 000000016fff00d8 .text C:\Users\Kuba\Desktop\FRST64.exe[6756] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077669530 5 bytes JMP 000000016fff0148 .text C:\Users\Kuba\Desktop\FRST64.exe[6756] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077688850 7 bytes JMP 000000016fff01f0 .text C:\Users\Kuba\Desktop\FRST64.exe[6756] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd602db0 5 bytes JMP 000007fffd5c0180 .text C:\Users\Kuba\Desktop\FRST64.exe[6756] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6037d0 7 bytes JMP 000007fffd5c00d8 .text C:\Users\Kuba\Desktop\FRST64.exe[6756] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd60a410 2 bytes JMP 000007fffd5c0110 .text C:\Users\Kuba\Desktop\FRST64.exe[6756] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd60a413 2 bytes [FB, FF] .text C:\Users\Kuba\Desktop\FRST64.exe[6756] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd60aec0 6 bytes JMP 000007fffd5c0148 .text C:\Users\Kuba\Desktop\FRST64.exe[6756] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2489e0 8 bytes JMP 000007fffd5c01f0 .text C:\Users\Kuba\Desktop\FRST64.exe[6756] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe24be40 8 bytes JMP 000007fffd5c01b8 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000778113ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077811544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000778118ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077811ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077811bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077811d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077811e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077811f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077812248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000778126f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077812712 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007781276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000778127d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077812b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077812be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000778130bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077813248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000778137c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000778138b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077813a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077813fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077814061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000778140d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077814216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077814254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000778144c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000778146ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077814773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077814867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077814986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077814ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077814b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077814d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077814f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077815007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000778151f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077816006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000778161be 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000778163ac 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000778163ed 8 bytes [50, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077816404 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007781645c 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077816c26 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007785dca0 8 bytes {JMP QWORD [RIP-0x478a2]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007785de20 8 bytes {JMP QWORD [RIP-0x479ca]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007785de50 8 bytes {JMP QWORD [RIP-0x47c98]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785df70 8 bytes {JMP QWORD [RIP-0x47b89]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007785e020 8 bytes {JMP QWORD [RIP-0x47c7a]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785e650 8 bytes {JMP QWORD [RIP-0x46b93]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e8a0 8 bytes {JMP QWORD [RIP-0x472a2]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785f100 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000778113ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077811544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000778118ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077811ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077811bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077811d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077811e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077811f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077812248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000778126f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077812712 8 bytes {JMP 0x10} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007781276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000778127d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077812b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077812be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000778130bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077813248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000778137c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000778138b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077813a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077813fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077814061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000778140d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077814216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077814254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000778144c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000778146ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077814773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077814867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077814986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077814ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077814b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077814d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077814f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077815007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000778151f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077816006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000778161be 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000778163ac 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000778163ed 8 bytes [50, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077816404 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007781645c 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077816c26 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007785dca0 8 bytes {JMP QWORD [RIP-0x478a2]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007785de20 8 bytes {JMP QWORD [RIP-0x479ca]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007785de50 8 bytes {JMP QWORD [RIP-0x47c98]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785df70 8 bytes {JMP QWORD [RIP-0x47b89]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007785e020 8 bytes {JMP QWORD [RIP-0x47c7a]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785e650 8 bytes {JMP QWORD [RIP-0x46b93]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e8a0 8 bytes {JMP QWORD [RIP-0x472a2]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785f100 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6488] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000778113ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077811544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000778118ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077811ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077811bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077811d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077811e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077811f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077812248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000778126f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077812712 8 bytes {JMP 0x10} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007781276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000778127d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077812b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077812be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000778130bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077813248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000778137c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000778138b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077813a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077813fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077814061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000778140d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077814216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077814254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000778144c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000778146ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077814773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077814867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077814986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077814ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077814b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077814d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077814f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077815007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000778151f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077816006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000778161be 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000778163ac 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000778163ed 8 bytes [50, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077816404 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007781645c 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077816c26 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007785dca0 8 bytes {JMP QWORD [RIP-0x478a2]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007785de20 8 bytes {JMP QWORD [RIP-0x479ca]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007785de50 8 bytes {JMP QWORD [RIP-0x47c98]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785df70 8 bytes {JMP QWORD [RIP-0x47b89]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007785e020 8 bytes {JMP QWORD [RIP-0x47c7a]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785e650 8 bytes {JMP QWORD [RIP-0x46b93]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e8a0 8 bytes {JMP QWORD [RIP-0x472a2]} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785f100 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe[6584] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000778113ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077811544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000778118ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077811ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077811bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077811d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077811e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077811f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077812248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000778126f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077812712 8 bytes {JMP 0x10} .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007781276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000778127d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077812b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077812be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000778130bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077813248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000778137c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000778138b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077813a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077813fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077814061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000778140d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077814216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077814254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000778144c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000778146ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077814773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077814867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077814986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077814ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077814b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077814d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077814f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077815007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000778151f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077816006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000778161be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000778163ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000778163ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077816404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007781645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077816c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007785dca0 8 bytes {JMP QWORD [RIP-0x478a2]} .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007785de20 8 bytes {JMP QWORD [RIP-0x479ca]} .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007785de50 8 bytes {JMP QWORD [RIP-0x47c98]} .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785df70 8 bytes {JMP QWORD [RIP-0x47b89]} .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007785e020 8 bytes {JMP QWORD [RIP-0x47c7a]} .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785e650 8 bytes {JMP QWORD [RIP-0x46b93]} .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e8a0 8 bytes {JMP QWORD [RIP-0x472a2]} .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785f100 8 bytes {JMP QWORD [RIP-0x484e0]} .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000774f1efe 7 bytes JMP 00000001710e4b10 .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000774f5b9d 7 bytes JMP 00000001710e54b0 .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000775013f9 7 bytes JMP 00000001710e4e50 .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007750ea45 7 bytes JMP 00000001710e4b00 .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077598ea4 7 bytes JMP 00000001710e45c0 .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077598f29 5 bytes JMP 00000001710e4670 .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077599281 5 bytes JMP 00000001710e45d0 .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075771d29 5 bytes JMP 00000001710e4580 .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075771dd7 5 bytes JMP 00000001710e4540 .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075772ab1 5 bytes JMP 00000001710e4680 .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075772d1d 5 bytes JMP 00000001710e4360 .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007745e96b 5 bytes JMP 00000001710e3b60 .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007745eba5 5 bytes JMP 00000001710e3b80 .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076248a29 5 bytes JMP 00000001710e3a40 .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076254572 5 bytes JMP 00000001710e42e0 .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007626e567 5 bytes JMP 00000001710e4350 .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000762907d7 5 bytes JMP 00000001710e3850 .text C:\Users\Kuba\Desktop\7pubxq9c.exe[6752] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000762a7a5c 5 bytes JMP 00000001710e42d0 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff8800799bf58] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00c2c60e5c76 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00c2c60e5c76@64899ac487df 0x74 0xA7 0x2C 0x7A ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00c2c60e5c76@fc58fa416bcc 0x30 0xCA 0x43 0x32 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\681729f39f6b Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00c2c60e5c76 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00c2c60e5c76@64899ac487df 0x74 0xA7 0x2C 0x7A ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00c2c60e5c76@fc58fa416bcc 0x30 0xCA 0x43 0x32 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\681729f39f6b (not active ControlSet) ---- Files - GMER 2.1 ---- File C:\Users\Kuba\AppData\Local\Mozilla\Firefox\Profiles\5qbnjlud.default\cache2\entries\FB184FF2A849AB537296A274D72F78227F432B2C 0 bytes ---- EOF - GMER 2.1 ----