GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-31 14:36:27 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006a WDC_____ rev.03.0 931,51GB Running: gr96dwem.exe; Driver: C:\Users\User\AppData\Local\Temp\pxldapow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1560] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076aea3f0 7 bytes JMP 000000006fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1560] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076af3f00 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1560] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076b0ffd0 5 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1560] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b1f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1560] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076b49c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1560] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076b59710 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1560] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076b59880 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1560] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076b78ab0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1560] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefca032f0 7 bytes JMP 000007fefc9f00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1560] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefca0aa60 5 bytes JMP 000007fefc9f0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1560] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefca0ac00 5 bytes JMP 000007fefc9f0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1560] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefca19ac0 5 bytes JMP 000007fefc9f0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1560] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcfc8840 8 bytes JMP 000007fefc9f01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1560] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcfcb9f0 8 bytes JMP 000007fefc9f01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1560] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe966d10 11 bytes JMP 000007fefc9f0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1560] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe97b4f0 7 bytes JMP 000007fefc9f0260 .text C:\Windows\system32\Dwm.exe[1952] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefca032f0 7 bytes JMP 000007fefc9f00d8 .text C:\Windows\system32\Dwm.exe[1952] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefca0aa60 5 bytes JMP 000007fefc9f0180 .text C:\Windows\system32\Dwm.exe[1952] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefca0ac00 5 bytes JMP 000007fefc9f0110 .text C:\Windows\system32\Dwm.exe[1952] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefca19ac0 5 bytes JMP 000007fefc9f0148 .text C:\Windows\system32\Dwm.exe[1952] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcfc8840 8 bytes JMP 000007fefc9f01f0 .text C:\Windows\system32\Dwm.exe[1952] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcfcb9f0 8 bytes JMP 000007fefc9f01b8 .text C:\Windows\system32\Dwm.exe[1952] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef823dc88 5 bytes JMP 000007fef80300d8 .text C:\Windows\system32\Dwm.exe[1952] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef823de10 5 bytes JMP 000007fef8030110 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2712] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000763b1401 2 bytes JMP 75a4b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2712] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000763b1419 2 bytes JMP 75a4b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2712] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000763b1431 2 bytes JMP 75ac9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2712] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000763b144a 2 bytes CALL 75a24885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2712] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000763b14dd 2 bytes JMP 75ac8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2712] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000763b14f5 2 bytes JMP 75ac8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2712] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000763b150d 2 bytes JMP 75ac8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2712] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000763b1525 2 bytes JMP 75ac8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2712] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000763b153d 2 bytes JMP 75a3fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2712] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000763b1555 2 bytes JMP 75a46907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2712] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000763b156d 2 bytes JMP 75ac9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2712] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000763b1585 2 bytes JMP 75ac8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2712] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000763b159d 2 bytes JMP 75ac88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2712] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000763b15b5 2 bytes JMP 75a3fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2712] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000763b15cd 2 bytes JMP 75a4b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2712] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000763b16b2 2 bytes JMP 75ac90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2712] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000763b16bd 2 bytes JMP 75ac8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763b1401 2 bytes JMP 75a4b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2924] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763b1419 2 bytes JMP 75a4b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763b1431 2 bytes JMP 75ac9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763b144a 2 bytes CALL 75a24885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2924] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763b14dd 2 bytes JMP 75ac8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763b14f5 2 bytes JMP 75ac8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2924] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763b150d 2 bytes JMP 75ac8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763b1525 2 bytes JMP 75ac8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763b153d 2 bytes JMP 75a3fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2924] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763b1555 2 bytes JMP 75a46907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763b156d 2 bytes JMP 75ac9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763b1585 2 bytes JMP 75ac8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2924] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763b159d 2 bytes JMP 75ac88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763b15b5 2 bytes JMP 75a3fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763b15cd 2 bytes JMP 75a4b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763b16b2 2 bytes JMP 75ac90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763b16bd 2 bytes JMP 75ac8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3044] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076aea3f0 7 bytes JMP 000000006fff0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3044] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076af3f00 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3044] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076b0ffd0 5 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3044] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b1f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3044] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076b49c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3044] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076b59710 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3044] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076b59880 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3044] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076b78ab0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3044] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefca032f0 7 bytes JMP 000007fefc9f00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3044] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefca0aa60 5 bytes JMP 000007fefc9f0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3044] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefca0ac00 5 bytes JMP 000007fefc9f0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3044] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefca19ac0 5 bytes JMP 000007fefc9f0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3044] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcfc8840 8 bytes JMP 000007fefc9f01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3044] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcfcb9f0 8 bytes JMP 000007fefc9f01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3044] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe966d10 11 bytes JMP 000007fefc9f0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3044] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe97b4f0 7 bytes JMP 000007fefc9f0260 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3068] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21eee 7 bytes JMP 000000006f3416b3 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3068] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25b85 7 bytes JMP 000000006f3411cc .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3068] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31409 7 bytes JMP 000000006f3412a8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3068] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 000000006f341262 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3068] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b233 5 bytes JMP 000000006f3415c8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3068] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac90c4 7 bytes JMP 000000006f341357 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3068] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac9149 5 bytes JMP 000000006f3416f4 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3068] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac949f 5 bytes JMP 000000006f34101e .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3068] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076091e4c 5 bytes JMP 000000006f3411e5 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3068] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076091efa 5 bytes JMP 000000006f341019 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3068] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076092bdc 5 bytes JMP 000000006f341573 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3068] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076092e7e 5 bytes JMP 000000006f34128f .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3068] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007557e757 5 bytes JMP 000000006f3415e1 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3068] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007557e991 5 bytes JMP 000000006f3411a9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3068] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076908a29 5 bytes JMP 000000006f341046 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3068] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076915645 5 bytes JMP 000000006f3410c8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3068] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007692f61f 5 bytes JMP 000000006f341433 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3068] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076967af4 5 bytes JMP 000000006f3415f0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3068] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000755f5e75 5 bytes JMP 000000006f341618 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3068] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075629cbb 5 bytes JMP 000000006f34123f .text C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe[2124] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21eee 7 bytes JMP 000000006f3416b3 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe[2124] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25b85 7 bytes JMP 000000006f3411cc .text C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe[2124] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31409 7 bytes JMP 000000006f3412a8 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe[2124] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 000000006f341262 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe[2124] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b233 5 bytes JMP 000000006f3415c8 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe[2124] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac90c4 7 bytes JMP 000000006f341357 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe[2124] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac9149 5 bytes JMP 000000006f3416f4 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe[2124] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac949f 5 bytes JMP 000000006f34101e .text C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe[2124] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076091e4c 5 bytes JMP 000000006f3411e5 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe[2124] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076091efa 5 bytes JMP 000000006f341019 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe[2124] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076092bdc 5 bytes JMP 000000006f341573 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe[2124] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076092e7e 5 bytes JMP 000000006f34128f .text C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe[2124] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076908a29 5 bytes JMP 000000006f341046 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe[2124] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076915645 5 bytes JMP 000000006f3410c8 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe[2124] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007692f61f 5 bytes JMP 000000006f341433 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe[2124] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076967af4 5 bytes JMP 000000006f3415f0 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe[2124] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007557e757 5 bytes JMP 000000006f3415e1 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe[2124] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007557e991 5 bytes JMP 000000006f3411a9 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe[2124] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000755f5e75 5 bytes JMP 000000006f341618 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe[2124] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075629cbb 5 bytes JMP 000000006f34123f .text C:\Program Files\CCleaner\CCleaner64.exe[1436] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076aea3f0 7 bytes JMP 000000006fff0260 .text C:\Program Files\CCleaner\CCleaner64.exe[1436] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076af3f00 5 bytes JMP 000000006fff01b8 .text C:\Program Files\CCleaner\CCleaner64.exe[1436] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076b0ffd0 5 bytes JMP 000000006fff01f0 .text C:\Program Files\CCleaner\CCleaner64.exe[1436] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b1f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\CCleaner\CCleaner64.exe[1436] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076b49c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\CCleaner\CCleaner64.exe[1436] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076b59710 5 bytes JMP 000000006fff0180 .text C:\Program Files\CCleaner\CCleaner64.exe[1436] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076b59880 5 bytes JMP 000000006fff0110 .text C:\Program Files\CCleaner\CCleaner64.exe[1436] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076b78ab0 7 bytes JMP 000000006fff0228 .text C:\Program Files\CCleaner\CCleaner64.exe[1436] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefca032f0 7 bytes JMP 000007fefc9f00d8 .text C:\Program Files\CCleaner\CCleaner64.exe[1436] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefca0aa60 5 bytes JMP 000007fefc9f0180 .text C:\Program Files\CCleaner\CCleaner64.exe[1436] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefca0ac00 5 bytes JMP 000007fefc9f0110 .text C:\Program Files\CCleaner\CCleaner64.exe[1436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefca19ac0 5 bytes JMP 000007fefc9f0148 .text C:\Program Files\CCleaner\CCleaner64.exe[1436] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcfc8840 8 bytes JMP 000007fefc9f01f0 .text C:\Program Files\CCleaner\CCleaner64.exe[1436] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcfcb9f0 8 bytes JMP 000007fefc9f01b8 .text C:\Program Files\CCleaner\CCleaner64.exe[1436] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe966d10 11 bytes JMP 000007fefc9f0228 .text C:\Program Files\CCleaner\CCleaner64.exe[1436] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe97b4f0 7 bytes JMP 000007fefc9f0260 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21eee 7 bytes JMP 000000006f3416b3 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25b85 7 bytes JMP 000000006f3411cc .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31409 7 bytes JMP 000000006f3412a8 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 000000006f341262 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b233 5 bytes JMP 000000006f3415c8 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac90c4 7 bytes JMP 000000006f341357 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac9149 5 bytes JMP 000000006f3416f4 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac949f 5 bytes JMP 000000006f34101e .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076091e4c 5 bytes JMP 000000006f3411e5 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076091efa 5 bytes JMP 000000006f341019 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076092bdc 5 bytes JMP 000000006f341573 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076092e7e 5 bytes JMP 000000006f34128f .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000755f5e75 5 bytes JMP 000000006f341618 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075629cbb 5 bytes JMP 000000006f34123f .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007557e757 5 bytes JMP 000000006f3415e1 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007557e991 5 bytes JMP 000000006f3411a9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076908a29 5 bytes JMP 000000006f341046 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076915645 5 bytes JMP 000000006f3410c8 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007692f61f 5 bytes JMP 000000006f341433 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076967af4 5 bytes JMP 000000006f3415f0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763b1401 2 bytes JMP 75a4b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763b1419 2 bytes JMP 75a4b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763b1431 2 bytes JMP 75ac9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763b144a 2 bytes CALL 75a24885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763b14dd 2 bytes JMP 75ac8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763b14f5 2 bytes JMP 75ac8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763b150d 2 bytes JMP 75ac8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763b1525 2 bytes JMP 75ac8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763b153d 2 bytes JMP 75a3fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763b1555 2 bytes JMP 75a46907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763b156d 2 bytes JMP 75ac9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763b1585 2 bytes JMP 75ac8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763b159d 2 bytes JMP 75ac88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763b15b5 2 bytes JMP 75a3fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763b15cd 2 bytes JMP 75a4b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763b16b2 2 bytes JMP 75ac90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763b16bd 2 bytes JMP 75ac8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2480] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21eee 7 bytes JMP 000000006f3416b3 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2480] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25b85 7 bytes JMP 000000006f3411cc .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2480] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31409 7 bytes JMP 000000006f3412a8 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2480] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 000000006f341262 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2480] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b233 5 bytes JMP 000000006f3415c8 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2480] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac90c4 7 bytes JMP 000000006f341357 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2480] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac9149 5 bytes JMP 000000006f3416f4 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2480] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac949f 5 bytes JMP 000000006f34101e .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2480] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076091e4c 5 bytes JMP 000000006f3411e5 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2480] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076091efa 5 bytes JMP 000000006f341019 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2480] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076092bdc 5 bytes JMP 000000006f341573 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2480] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076092e7e 5 bytes JMP 000000006f34128f .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2480] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007557e757 5 bytes JMP 000000006f3415e1 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2480] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007557e991 5 bytes JMP 000000006f3411a9 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2480] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076908a29 5 bytes JMP 000000006f341046 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2480] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076915645 5 bytes JMP 000000006f3410c8 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2480] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007692f61f 5 bytes JMP 000000006f341433 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2480] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076967af4 5 bytes JMP 000000006f3415f0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2480] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000755f5e75 5 bytes JMP 000000006f341618 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2480] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075629cbb 5 bytes JMP 000000006f34123f .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[2828] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21eee 7 bytes JMP 000000006f3416b3 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[2828] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25b85 7 bytes JMP 000000006f3411cc .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[2828] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31409 7 bytes JMP 000000006f3412a8 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[2828] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 000000006f341262 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[2828] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b233 5 bytes JMP 000000006f3415c8 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[2828] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac90c4 7 bytes JMP 000000006f341357 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[2828] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac9149 5 bytes JMP 000000006f3416f4 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[2828] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac949f 5 bytes JMP 000000006f34101e .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[2828] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076091e4c 5 bytes JMP 000000006f3411e5 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[2828] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076091efa 5 bytes JMP 000000006f341019 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[2828] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076092bdc 5 bytes JMP 000000006f341573 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[2828] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076092e7e 5 bytes JMP 000000006f34128f .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[2828] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076908a29 5 bytes JMP 000000006f341046 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[2828] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076915645 5 bytes JMP 000000006f3410c8 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[2828] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007692f61f 5 bytes JMP 000000006f341433 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[2828] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076967af4 5 bytes JMP 000000006f3415f0 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[2828] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007557e757 5 bytes JMP 000000006f3415e1 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[2828] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007557e991 5 bytes JMP 000000006f3411a9 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[2828] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000755f5e75 5 bytes JMP 000000006f341618 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[2828] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075629cbb 5 bytes JMP 000000006f34123f .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3380] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076aea3f0 7 bytes JMP 000000006fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3380] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076af3f00 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3380] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076b0ffd0 5 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3380] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b1f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3380] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076b49c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3380] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076b59710 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3380] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076b59880 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3380] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076b78ab0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3380] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefca032f0 7 bytes JMP 000007fefc9f00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3380] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefca0aa60 5 bytes JMP 000007fefc9f0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3380] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefca0ac00 5 bytes JMP 000007fefc9f0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3380] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefca19ac0 5 bytes JMP 000007fefc9f0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3380] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcfc8840 8 bytes JMP 000007fefc9f01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3380] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcfcb9f0 8 bytes JMP 000007fefc9f01b8 .text C:\Windows\SysWOW64\msiexec.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000076effc60 5 bytes JMP 000000007ef92eb4 .text C:\Windows\SysWOW64\msiexec.exe[3408] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21eee 7 bytes JMP 000000006f3416b3 .text C:\Windows\SysWOW64\msiexec.exe[3408] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b233 5 bytes JMP 000000006f3415c8 .text C:\Windows\SysWOW64\msiexec.exe[3408] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac90c4 7 bytes JMP 000000006f341357 .text C:\Windows\SysWOW64\msiexec.exe[3408] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac9149 5 bytes JMP 000000006f3416f4 .text C:\Windows\SysWOW64\msiexec.exe[3408] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac949f 5 bytes JMP 000000006f34101e .text C:\Windows\SysWOW64\msiexec.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076091e4c 5 bytes JMP 000000006f3411e5 .text C:\Windows\SysWOW64\msiexec.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076091efa 5 bytes JMP 000000006f341019 .text C:\Windows\SysWOW64\msiexec.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076092bdc 5 bytes JMP 000000006f341573 .text C:\Windows\SysWOW64\msiexec.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076092e7e 5 bytes JMP 000000006f34128f .text C:\Windows\SysWOW64\msiexec.exe[3408] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076908a29 5 bytes JMP 000000006f341046 .text C:\Windows\SysWOW64\msiexec.exe[3408] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076915645 5 bytes JMP 000000006f3410c8 .text C:\Windows\SysWOW64\msiexec.exe[3408] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007692f61f 5 bytes JMP 000000006f341433 .text C:\Windows\SysWOW64\msiexec.exe[3408] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076967af4 5 bytes JMP 000000006f3415f0 .text C:\Windows\SysWOW64\msiexec.exe[3408] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007557e757 5 bytes JMP 000000006f3415e1 .text C:\Windows\SysWOW64\msiexec.exe[3408] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007557e991 5 bytes JMP 000000006f3411a9 .text C:\Windows\SysWOW64\msiexec.exe[3408] C:\Windows\syswow64\ws2_32.dll!GetAddrInfoW 00000000765c4889 5 bytes JMP 0000000000421370 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe[4284] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21eee 7 bytes JMP 000000006f3416b3 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe[4284] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25b85 7 bytes JMP 000000006f3411cc .text C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe[4284] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31409 7 bytes JMP 000000006f3412a8 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe[4284] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 000000006f341262 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe[4284] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b233 5 bytes JMP 000000006f3415c8 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe[4284] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac90c4 7 bytes JMP 000000006f341357 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe[4284] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac9149 5 bytes JMP 000000006f3416f4 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe[4284] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac949f 5 bytes JMP 000000006f34101e .text C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe[4284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076091e4c 5 bytes JMP 000000006f3411e5 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe[4284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076091efa 5 bytes JMP 000000006f341019 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe[4284] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076092bdc 5 bytes JMP 000000006f341573 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe[4284] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076092e7e 5 bytes JMP 000000006f34128f .text C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe[4284] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007557e757 5 bytes JMP 000000006f3415e1 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe[4284] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007557e991 5 bytes JMP 000000006f3411a9 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe[4284] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076908a29 5 bytes JMP 000000006f341046 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe[4284] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076915645 5 bytes JMP 000000006f3410c8 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe[4284] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007692f61f 5 bytes JMP 000000006f341433 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe[4284] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076967af4 5 bytes JMP 000000006f3415f0 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe[4284] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000755f5e75 5 bytes JMP 000000006f341618 .text C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe[4284] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075629cbb 5 bytes JMP 000000006f34123f .text C:\Windows\system32\igfxEM.exe[5072] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076aea3f0 7 bytes JMP 000000006fff0260 .text C:\Windows\system32\igfxEM.exe[5072] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076af3f00 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\igfxEM.exe[5072] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076b0ffd0 5 bytes JMP 000000006fff01f0 .text C:\Windows\system32\igfxEM.exe[5072] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b1f3f0 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\igfxEM.exe[5072] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076b49c80 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\igfxEM.exe[5072] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076b59710 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\igfxEM.exe[5072] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076b59880 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\igfxEM.exe[5072] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076b78ab0 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\igfxEM.exe[5072] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefca032f0 7 bytes JMP 000007fefc9f00d8 .text C:\Windows\system32\igfxEM.exe[5072] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefca0aa60 5 bytes JMP 000007fefc9f0180 .text C:\Windows\system32\igfxEM.exe[5072] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefca0ac00 5 bytes JMP 000007fefc9f0110 .text C:\Windows\system32\igfxEM.exe[5072] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefca19ac0 5 bytes JMP 000007fefc9f0148 .text C:\Windows\system32\igfxEM.exe[5072] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcfc8840 8 bytes JMP 000007fefc9f01f0 .text C:\Windows\system32\igfxEM.exe[5072] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcfcb9f0 8 bytes JMP 000007fefc9f01b8 .text C:\Windows\system32\igfxEM.exe[5072] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe966d10 11 bytes JMP 000007fefc9f0228 .text C:\Windows\system32\igfxEM.exe[5072] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe97b4f0 7 bytes JMP 000007fefc9f0260 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076d01234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d01434 8 bytes [50, DE, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d017be 8 bytes [40, DE, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d01a94 8 bytes [30, DE, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d01c15 8 bytes [20, DE, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d01d7f 8 bytes [10, DE, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d01e65 8 bytes [00, DE, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076d020c8 8 bytes [F0, DD, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d4be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d4bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d4bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d4c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d4c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d4c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d4ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d4d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000746b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000746b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21eee 7 bytes JMP 000000006f3416b3 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25b85 7 bytes JMP 000000006f3411cc .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075a28769 5 bytes JMP 00000000608e50c3 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31409 7 bytes JMP 000000006f3412a8 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 000000006f341262 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b233 5 bytes JMP 000000006f3415c8 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac90c4 7 bytes JMP 000000006f341357 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac9149 5 bytes JMP 000000006f3416f4 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac949f 5 bytes JMP 000000006f34101e .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076091e4c 5 bytes JMP 000000006f3411e5 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076091efa 5 bytes JMP 000000006f341019 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076092bdc 5 bytes JMP 000000006f341573 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076092e7e 5 bytes JMP 000000006f34128f .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007557e757 5 bytes JMP 000000006f3415e1 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007557e991 5 bytes JMP 000000006f3411a9 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076908a29 5 bytes JMP 000000006f341046 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076915645 5 bytes JMP 000000006f3410c8 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007692f61f 5 bytes JMP 000000006f341433 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076967af4 5 bytes JMP 000000006f3415f0 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000755e6113 5 bytes JMP 00000000613a59ee .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076693f18 5 bytes JMP 000000006091b071 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076694513 5 bytes JMP 0000000060911003 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000766947c1 5 bytes JMP 000000006094b64a .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076695d6d 5 bytes JMP 000000006094c6b2 ? C:\Windows\system32\mssprxy.dll [5460] entry point in ".rdata" section 00000000633771e6 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763b1401 2 bytes JMP 75a4b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763b1419 2 bytes JMP 75a4b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763b1431 2 bytes JMP 75ac9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763b144a 2 bytes CALL 75a24885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763b14dd 2 bytes JMP 75ac8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763b14f5 2 bytes JMP 75ac8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763b150d 2 bytes JMP 75ac8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763b1525 2 bytes JMP 75ac8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763b153d 2 bytes JMP 75a3fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763b1555 2 bytes JMP 75a46907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763b156d 2 bytes JMP 75ac9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763b1585 2 bytes JMP 75ac8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763b159d 2 bytes JMP 75ac88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763b15b5 2 bytes JMP 75a3fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763b15cd 2 bytes JMP 75a4b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763b16b2 2 bytes JMP 75ac90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763b16bd 2 bytes JMP 75ac8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5460] C:\Program Files (x86)\Common Files\SYSTEM\MSMAPI\1045\MSMAPI32.DLL!HrDispatchNotifications@4 + 112 0000000077061b80 4 bytes [CB, 4A, DD, 2C] .text C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe[4156] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076aea3f0 7 bytes JMP 000000006fff0260 .text C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe[4156] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076af3f00 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe[4156] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076b0ffd0 5 bytes JMP 000000006fff01f0 .text C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe[4156] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b1f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe[4156] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076b49c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe[4156] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076b59710 5 bytes JMP 000000006fff0180 .text C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe[4156] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076b59880 5 bytes JMP 000000006fff0110 .text C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe[4156] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076b78ab0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe[4156] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefca032f0 7 bytes JMP 000007fefc9f00d8 .text C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe[4156] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefca0aa60 5 bytes JMP 000007fefc9f0180 .text C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe[4156] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefca0ac00 5 bytes JMP 000007fefc9f0110 .text C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe[4156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefca19ac0 5 bytes JMP 000007fefc9f0148 .text C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe[4156] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcfc8840 8 bytes JMP 000007fefc9f01f0 .text C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe[4156] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcfcb9f0 8 bytes JMP 000007fefc9f01b8 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076d01234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d01434 8 bytes [50, 9E, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d017be 8 bytes [40, 9E, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d01a94 8 bytes [30, 9E, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d01c15 8 bytes [20, 9E, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d01d7f 8 bytes [10, 9E, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d01e65 8 bytes [00, 9E, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076d020c8 8 bytes [F0, 9D, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d4be00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d4bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d4bfb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d4c0d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d4c180 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d4c7b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d4ca00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d4d260 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000746b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4060] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000746b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076d01234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d01434 8 bytes [50, 8E, F3, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d017be 8 bytes [40, 8E, F3, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d01a94 8 bytes [30, 8E, F3, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d01c15 8 bytes [20, 8E, F3, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d01d7f 8 bytes [10, 8E, F3, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d01e65 8 bytes [00, 8E, F3, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076d020c8 8 bytes [F0, 8D, F3, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d4be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d4bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d4bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d4c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d4c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d4c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d4ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d4d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000746b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000746b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075a21eee 7 bytes JMP 000000006f3416b3 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075a25b85 7 bytes JMP 000000006f3411cc .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000075a31409 7 bytes JMP 000000006f3412a8 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 000000006f341262 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 0000000075a4b233 5 bytes JMP 000000006f3415c8 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075ac90c4 7 bytes JMP 000000006f341357 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075ac9149 5 bytes JMP 000000006f3416f4 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000075ac949f 5 bytes JMP 000000006f34101e .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076091e4c 5 bytes JMP 000000006f3411e5 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076091efa 5 bytes JMP 000000006f341019 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076092bdc 5 bytes JMP 000000006f341573 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076092e7e 5 bytes JMP 000000006f34128f .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076908a29 5 bytes JMP 000000006f341046 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076915645 5 bytes JMP 000000006f3410c8 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007692f61f 5 bytes JMP 000000006f341433 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076967af4 5 bytes JMP 000000006f3415f0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007557e757 5 bytes JMP 000000006f3415e1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007557e991 5 bytes JMP 000000006f3411a9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000755f5e75 5 bytes JMP 000000006f341618 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5952] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075629cbb 5 bytes JMP 000000006f34123f .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076d01234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d01434 8 bytes [50, 0E, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d017be 8 bytes [40, 0E, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d01a94 8 bytes [30, 0E, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d01c15 8 bytes [20, 0E, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d01d7f 8 bytes [10, 0E, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d01e65 8 bytes [00, 0E, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076d020c8 8 bytes [F0, 0D, F4, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d4be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d4bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d4bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d4c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d4c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d4c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d4ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d4d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000746b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000746b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21eee 7 bytes JMP 000000006f3416b3 .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25b85 7 bytes JMP 000000006f3411cc .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31409 7 bytes JMP 000000006f3412a8 .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 000000006f341262 .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b233 5 bytes JMP 000000006f3415c8 .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac90c4 7 bytes JMP 000000006f341357 .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac9149 5 bytes JMP 000000006f3416f4 .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac949f 5 bytes JMP 000000006f34101e .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076091e4c 5 bytes JMP 000000006f3411e5 .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076091efa 5 bytes JMP 000000006f341019 .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076092bdc 5 bytes JMP 000000006f341573 .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076092e7e 5 bytes JMP 000000006f34128f .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000755f5e75 5 bytes JMP 000000006f341618 .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075629cbb 5 bytes JMP 000000006f34123f .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007557e757 5 bytes JMP 000000006f3415e1 .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007557e991 5 bytes JMP 000000006f3411a9 .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076908a29 5 bytes JMP 000000006f341046 .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076915645 5 bytes JMP 000000006f3410c8 .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007692f61f 5 bytes JMP 000000006f341433 .text C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[6788] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076967af4 5 bytes JMP 000000006f3415f0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076d01234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d01434 8 bytes {PUSH RAX; JMP 0x106} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d017be 8 bytes {JMP 0x106} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d01a94 8 bytes [30, 4E, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d01c15 8 bytes [20, 4E, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d01d7f 8 bytes [10, 4E, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d01e65 8 bytes [00, 4E, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076d020c8 8 bytes {JMP 0x106} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d4be00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d4bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d4bfb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d4c0d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d4c180 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d4c7b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d4ca00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d4d260 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000746b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3988] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000746b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076d01234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d01434 8 bytes [50, 5E, F4, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d017be 8 bytes [40, 5E, F4, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d01a94 8 bytes [30, 5E, F4, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d01c15 8 bytes [20, 5E, F4, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d01d7f 8 bytes [10, 5E, F4, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d01e65 8 bytes [00, 5E, F4, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076d020c8 8 bytes [F0, 5D, F4, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d4be00 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d4bf80 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d4bfb0 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d4c0d0 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d4c180 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d4c7b0 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d4ca00 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d4d260 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000746b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[1696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000746b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076d01234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d01434 8 bytes [50, 3E, EA, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d017be 8 bytes [40, 3E, EA, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d01a94 8 bytes [30, 3E, EA, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d01c15 8 bytes [20, 3E, EA, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d01d7f 8 bytes [10, 3E, EA, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d01e65 8 bytes [00, 3E, EA, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076d020c8 8 bytes [F0, 3D, EA, FF, 00, 00, 00, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d4be00 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d4bf80 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d4bfb0 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d4c0d0 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d4c180 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d4c7b0 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d4ca00 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d4d260 8 bytes JMP 3f3f3f3f .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000746b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe[4296] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000746b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076d01234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d01434 8 bytes [50, 0E, EE, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d017be 8 bytes [40, 0E, EE, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d01a94 8 bytes [30, 0E, EE, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d01c15 8 bytes [20, 0E, EE, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d01d7f 8 bytes [10, 0E, EE, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d01e65 8 bytes [00, 0E, EE, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076d020c8 8 bytes [F0, 0D, EE, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d4be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d4bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d4bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d4c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d4c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d4c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d4ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d4d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000746b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4472] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000746b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076d01234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d01434 8 bytes [50, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d017be 8 bytes [40, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d01a94 8 bytes [30, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d01c15 8 bytes [20, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d01d7f 8 bytes [10, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d01e65 8 bytes [00, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076d020c8 8 bytes [F0, 3D, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d4be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d4bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d4bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d4c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d4c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d4c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d4ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d4d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000746b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6356] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000746b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076d01234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d01434 8 bytes [50, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d017be 8 bytes [40, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d01a94 8 bytes [30, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d01c15 8 bytes [20, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d01d7f 8 bytes [10, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d01e65 8 bytes [00, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076d020c8 8 bytes [F0, 3D, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d4be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d4bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d4bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d4c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d4c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d4c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d4ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d4d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000746b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000746b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076d01234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d01434 8 bytes [50, 5E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d017be 8 bytes [40, 5E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d01a94 8 bytes [30, 5E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d01c15 8 bytes [20, 5E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d01d7f 8 bytes [10, 5E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d01e65 8 bytes [00, 5E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076d020c8 8 bytes [F0, 5D, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d4be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d4bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d4bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d4c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d4c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d4c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d4ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d4d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000746b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000746b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21eee 7 bytes JMP 000000006f3416b3 .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25b85 7 bytes JMP 000000006f3411cc .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31409 7 bytes JMP 000000006f3412a8 .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 000000006f341262 .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b233 5 bytes JMP 000000006f3415c8 .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac90c4 7 bytes JMP 000000006f341357 .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac9149 5 bytes JMP 000000006f3416f4 .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac949f 5 bytes JMP 000000006f34101e .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076091e4c 5 bytes JMP 000000006f3411e5 .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076091efa 5 bytes JMP 000000006f341019 .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076092bdc 5 bytes JMP 000000006f341573 .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076092e7e 5 bytes JMP 000000006f34128f .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000755f5e75 5 bytes JMP 000000006f341618 .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075629cbb 5 bytes JMP 000000006f34123f .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007557e757 5 bytes JMP 000000006f3415e1 .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007557e991 5 bytes JMP 000000006f3411a9 .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076908a29 5 bytes JMP 000000006f341046 .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076915645 5 bytes JMP 000000006f3410c8 .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007692f61f 5 bytes JMP 000000006f341433 .text C:\Program Files (x86)\BurnAware Free\DataDisc.exe[3872] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076967af4 5 bytes JMP 000000006f3415f0 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076d01234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d01434 8 bytes [50, 6E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d017be 8 bytes [40, 6E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d01a94 8 bytes [30, 6E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d01c15 8 bytes [20, 6E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d01d7f 8 bytes [10, 6E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d01e65 8 bytes [00, 6E, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076d020c8 8 bytes [F0, 6D, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d4be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d4bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d4bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d4c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d4c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d4c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d4ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d4d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000746b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000746b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21eee 7 bytes JMP 000000006f3416b3 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25b85 7 bytes JMP 000000006f3411cc .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31409 7 bytes JMP 000000006f3412a8 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 000000006f341262 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b233 5 bytes JMP 000000006f3415c8 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac90c4 7 bytes JMP 000000006f341357 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac9149 5 bytes JMP 000000006f3416f4 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac949f 5 bytes JMP 000000006f34101e .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076091e4c 5 bytes JMP 000000006f3411e5 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076091efa 5 bytes JMP 000000006f341019 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076092bdc 5 bytes JMP 000000006f341573 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076092e7e 5 bytes JMP 000000006f34128f .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\syswow64\user32.DLL!CreateWindowExW 0000000076908a29 5 bytes JMP 000000006f341046 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesA 0000000076915645 5 bytes JMP 000000006f3410c8 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesW 000000007692f61f 5 bytes JMP 000000006f341433 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\syswow64\user32.DLL!DisplayConfigGetDeviceInfo 0000000076967af4 5 bytes JMP 000000006f3415f0 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007557e757 5 bytes JMP 000000006f3415e1 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[5624] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007557e991 5 bytes JMP 000000006f3411a9 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076d01234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d01434 8 bytes [50, 7E, E9, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d017be 8 bytes [40, 7E, E9, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d01a94 8 bytes [30, 7E, E9, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d01c15 8 bytes [20, 7E, E9, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d01d7f 8 bytes [10, 7E, E9, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d01e65 8 bytes [00, 7E, E9, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076d020c8 8 bytes [F0, 7D, E9, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d4be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d4bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d4bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d4c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d4c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d4c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d4ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d4d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000746b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000746b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21eee 7 bytes JMP 000000006f3416b3 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25b85 7 bytes JMP 000000006f3411cc .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31409 7 bytes JMP 000000006f3412a8 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 000000006f341262 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b233 5 bytes JMP 000000006f3415c8 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac90c4 7 bytes JMP 000000006f341357 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac9149 5 bytes JMP 000000006f3416f4 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac949f 5 bytes JMP 000000006f34101e .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076091e4c 5 bytes JMP 000000006f3411e5 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076091efa 5 bytes JMP 000000006f341019 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076092bdc 5 bytes JMP 000000006f341573 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076092e7e 5 bytes JMP 000000006f34128f .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\syswow64\user32.DLL!CreateWindowExW 0000000076908a29 5 bytes JMP 000000006f341046 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesA 0000000076915645 5 bytes JMP 000000006f3410c8 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesW 000000007692f61f 5 bytes JMP 000000006f341433 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\syswow64\user32.DLL!DisplayConfigGetDeviceInfo 0000000076967af4 5 bytes JMP 000000006f3415f0 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007557e757 5 bytes JMP 000000006f3415e1 .text C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe[6712] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007557e991 5 bytes JMP 000000006f3411a9 .text C:\Windows\splwow64.exe[7144] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefca032f0 7 bytes JMP 000007fefc9f00d8 .text C:\Windows\splwow64.exe[7144] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefca0aa60 5 bytes JMP 000007fefc9f0180 .text C:\Windows\splwow64.exe[7144] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefca0ac00 5 bytes JMP 000007fefc9f0110 .text C:\Windows\splwow64.exe[7144] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefca19ac0 5 bytes JMP 000007fefc9f0148 .text C:\Windows\splwow64.exe[7144] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcfc8840 8 bytes JMP 000007fefc9f01f0 .text C:\Windows\splwow64.exe[7144] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcfcb9f0 8 bytes JMP 000007fefc9f01b8 .text C:\Windows\splwow64.exe[7144] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe966d10 11 bytes JMP 000007fefc9f0228 .text C:\Windows\splwow64.exe[7144] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe97b4f0 7 bytes JMP 000007fefc9f0260 .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076d01234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d01434 8 bytes [50, 0E, F3, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d017be 8 bytes [40, 0E, F3, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d01a94 8 bytes [30, 0E, F3, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d01c15 8 bytes [20, 0E, F3, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d01d7f 8 bytes [10, 0E, F3, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d01e65 8 bytes [00, 0E, F3, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076d020c8 8 bytes [F0, 0D, F3, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d4be00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d4bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d4bfb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d4c0d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d4c180 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d4c7b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d4ca00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d4d260 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000746b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000746b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076d01234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d01434 8 bytes [50, 8E, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d017be 8 bytes [40, 8E, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d01a94 8 bytes [30, 8E, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d01c15 8 bytes [20, 8E, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d01d7f 8 bytes [10, 8E, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d01e65 8 bytes [00, 8E, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076d020c8 8 bytes [F0, 8D, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d4be00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d4bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d4bfb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d4c0d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d4c180 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d4c7b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d4ca00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d4d260 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000746b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe[3796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000746b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076d01234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d012df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d01434 8 bytes [50, 9E, EA, 7E, 00, 00, 00, ...] .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d017be 8 bytes [40, 9E, EA, 7E, 00, 00, 00, ...] .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d01a94 8 bytes [30, 9E, EA, 7E, 00, 00, 00, ...] .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d01c15 8 bytes [20, 9E, EA, 7E, 00, 00, 00, ...] .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d01d7f 8 bytes [10, 9E, EA, 7E, 00, 00, 00, ...] .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d01e65 8 bytes [00, 9E, EA, 7E, 00, 00, 00, ...] .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076d020c8 8 bytes [F0, 9D, EA, 7E, 00, 00, 00, ...] .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d4be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d4bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d4bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d4c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d4c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d4c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d4ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d4d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000746b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000746b146b 8 bytes {JMP 0xffffffffffffffb0} .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000746b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000746b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000746b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\programy\gr96dwem.exe[6580] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000746b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\programy\gr96dwem.exe[6580] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21eee 7 bytes JMP 000000006f3416b3 .text D:\programy\gr96dwem.exe[6580] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25b85 7 bytes JMP 000000006f3411cc .text D:\programy\gr96dwem.exe[6580] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31409 7 bytes JMP 000000006f3412a8 .text D:\programy\gr96dwem.exe[6580] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 000000006f341262 .text D:\programy\gr96dwem.exe[6580] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b233 5 bytes JMP 000000006f3415c8 .text D:\programy\gr96dwem.exe[6580] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac90c4 7 bytes JMP 000000006f341357 .text D:\programy\gr96dwem.exe[6580] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac9149 5 bytes JMP 000000006f3416f4 .text D:\programy\gr96dwem.exe[6580] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac949f 5 bytes JMP 000000006f34101e .text D:\programy\gr96dwem.exe[6580] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076091e4c 5 bytes JMP 000000006f3411e5 .text D:\programy\gr96dwem.exe[6580] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076091efa 5 bytes JMP 000000006f341019 .text D:\programy\gr96dwem.exe[6580] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076092bdc 5 bytes JMP 000000006f341573 .text D:\programy\gr96dwem.exe[6580] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076092e7e 5 bytes JMP 000000006f34128f .text D:\programy\gr96dwem.exe[6580] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007557e757 5 bytes JMP 000000006f3415e1 .text D:\programy\gr96dwem.exe[6580] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007557e991 5 bytes JMP 000000006f3411a9 .text D:\programy\gr96dwem.exe[6580] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076908a29 5 bytes JMP 000000006f341046 .text D:\programy\gr96dwem.exe[6580] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076915645 5 bytes JMP 000000006f3410c8 .text D:\programy\gr96dwem.exe[6580] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007692f61f 5 bytes JMP 000000006f341433 .text D:\programy\gr96dwem.exe[6580] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076967af4 5 bytes JMP 000000006f3415f0 .text D:\programy\gr96dwem.exe[6580] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000755f5e75 5 bytes JMP 000000006f341618 .text D:\programy\gr96dwem.exe[6580] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075629cbb 5 bytes JMP 000000006f34123f ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88003750948] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\system32\AUDIODG.EXE[ntdll.dll!NtClose] [76eb0010] IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\system32\AUDIODG.EXE[ntdll.dll!NtAlpcSendWaitReceivePort] [76eb0000] IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\System32\kernel32.dll[ntdll.dll!NtClose] [76eb0010] IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\System32\KERNELBASE.dll[ntdll.dll!NtClose] [76eb0010] IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\System32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [76eb0000] IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\System32\RPCRT4.dll[ntdll.dll!NtClose] [76eb0010] IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\System32\USER32.dll[ntdll.dll!NtClose] [76eb0010] IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\System32\GDI32.dll[ntdll.dll!NtClose] [76eb0010] IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\System32\ole32.dll[ntdll.dll!NtClose] [76eb0010] IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\system32\MSCTF.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [76eb0000] IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\system32\MSCTF.dll[ntdll.dll!NtClose] [76eb0010] IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtClose] [76eb0010] IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\system32\CRYPTBASE.dll[ntdll.dll!NtClose] [76eb0010] IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\system32\RpcRtRemote.dll[ntdll.dll!NtClose] [76eb0010] IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\system32\ntmarta.dll[ntdll.dll!NtClose] [76eb0010] IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\system32\CRYPTSP.dll[ntdll.dll!NtClose] [76eb0010] IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\system32\rsaenh.dll[ntdll.dll!NtClose] [76eb0010] IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\System32\audioses.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [76eb0000] IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\System32\AVRT.dll[ntdll.dll!NtClose] [76eb0010] IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\System32\AVRT.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [76eb0000] IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\system32\SETUPAPI.dll[ntdll.dll!NtClose] [76eb0010] IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\System32\CRYPT32.dll[ntdll.dll!NtClose] [76eb0010] IAT C:\Windows\system32\AUDIODG.EXE[1272] @ C:\Windows\system32\WS2_32.dll[ntdll.dll!NtClose] [76eb0010] ---- Threads - GMER 2.2 ---- Thread C:\Windows\SysWOW64\msiexec.exe [3408:3576] 000000007ef92f31 ---- Files - GMER 2.2 ---- File C:\ProgramData\Microsoft\Windows Defender\Scans\FailTelemetry 0 bytes ---- EOF - GMER 2.2 ----