GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-11 23:38:06 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000007a ATA_____ rev.0001 465,76GB Running: 13zhjnxv.exe; Driver: C:\Users\SZEWCO\AppData\Local\Temp\uwldapow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1960] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007772fb48 5 bytes JMP 000000006e3618dd .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1960] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777300d8 5 bytes JMP 000000006e361ed6 .text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076841401 2 bytes JMP 7525b233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[2084] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076841419 2 bytes JMP 7525b35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076841431 2 bytes JMP 752d9011 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007684144a 2 bytes CALL 752348ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[2084] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768414dd 2 bytes JMP 752d890a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes JMP 752d8ae0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[2084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007684150d 2 bytes JMP 752d8800 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes JMP 752d8bca C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007684153d 2 bytes JMP 7524fcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[2084] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076841555 2 bytes JMP 75256907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007684156d 2 bytes JMP 752d90c9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076841585 2 bytes JMP 752d8c2a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[2084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007684159d 2 bytes JMP 752d87c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768415b5 2 bytes JMP 7524fd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768415cd 2 bytes JMP 7525b2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes JMP 752d8f8c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes JMP 752d8759 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\4C4C4544-1458381572-5710-8051-C3C04F304E31\jnso59E.tmp[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076841401 2 bytes JMP 7525b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\4C4C4544-1458381572-5710-8051-C3C04F304E31\jnso59E.tmp[2444] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076841419 2 bytes JMP 7525b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\4C4C4544-1458381572-5710-8051-C3C04F304E31\jnso59E.tmp[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076841431 2 bytes JMP 752d9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\4C4C4544-1458381572-5710-8051-C3C04F304E31\jnso59E.tmp[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007684144a 2 bytes CALL 752348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\4C4C4544-1458381572-5710-8051-C3C04F304E31\jnso59E.tmp[2444] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768414dd 2 bytes JMP 752d890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\4C4C4544-1458381572-5710-8051-C3C04F304E31\jnso59E.tmp[2444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes JMP 752d8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\4C4C4544-1458381572-5710-8051-C3C04F304E31\jnso59E.tmp[2444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007684150d 2 bytes JMP 752d8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\4C4C4544-1458381572-5710-8051-C3C04F304E31\jnso59E.tmp[2444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes JMP 752d8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\4C4C4544-1458381572-5710-8051-C3C04F304E31\jnso59E.tmp[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007684153d 2 bytes JMP 7524fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\4C4C4544-1458381572-5710-8051-C3C04F304E31\jnso59E.tmp[2444] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076841555 2 bytes JMP 75256907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\4C4C4544-1458381572-5710-8051-C3C04F304E31\jnso59E.tmp[2444] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007684156d 2 bytes JMP 752d90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\4C4C4544-1458381572-5710-8051-C3C04F304E31\jnso59E.tmp[2444] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076841585 2 bytes JMP 752d8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\4C4C4544-1458381572-5710-8051-C3C04F304E31\jnso59E.tmp[2444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007684159d 2 bytes JMP 752d87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\4C4C4544-1458381572-5710-8051-C3C04F304E31\jnso59E.tmp[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768415b5 2 bytes JMP 7524fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\4C4C4544-1458381572-5710-8051-C3C04F304E31\jnso59E.tmp[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768415cd 2 bytes JMP 7525b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\4C4C4544-1458381572-5710-8051-C3C04F304E31\jnso59E.tmp[2444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes JMP 752d8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\4C4C4544-1458381572-5710-8051-C3C04F304E31\jnso59E.tmp[2444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes JMP 752d8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DEFORM License Manager 2.1\LManager.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076841401 2 bytes JMP 7525b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DEFORM License Manager 2.1\LManager.exe[2796] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076841419 2 bytes JMP 7525b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DEFORM License Manager 2.1\LManager.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076841431 2 bytes JMP 752d9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DEFORM License Manager 2.1\LManager.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007684144a 2 bytes CALL 752348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\DEFORM License Manager 2.1\LManager.exe[2796] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768414dd 2 bytes JMP 752d890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DEFORM License Manager 2.1\LManager.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes JMP 752d8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DEFORM License Manager 2.1\LManager.exe[2796] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007684150d 2 bytes JMP 752d8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DEFORM License Manager 2.1\LManager.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes JMP 752d8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DEFORM License Manager 2.1\LManager.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007684153d 2 bytes JMP 7524fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DEFORM License Manager 2.1\LManager.exe[2796] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076841555 2 bytes JMP 75256907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DEFORM License Manager 2.1\LManager.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007684156d 2 bytes JMP 752d90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DEFORM License Manager 2.1\LManager.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076841585 2 bytes JMP 752d8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DEFORM License Manager 2.1\LManager.exe[2796] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007684159d 2 bytes JMP 752d87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DEFORM License Manager 2.1\LManager.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768415b5 2 bytes JMP 7524fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DEFORM License Manager 2.1\LManager.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768415cd 2 bytes JMP 7525b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DEFORM License Manager 2.1\LManager.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes JMP 752d8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DEFORM License Manager 2.1\LManager.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes JMP 752d8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[3008] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076841401 2 bytes JMP 7525b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[3008] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076841419 2 bytes JMP 7525b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[3008] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076841431 2 bytes JMP 752d9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[3008] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007684144a 2 bytes CALL 752348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[3008] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000768414dd 2 bytes JMP 752d890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[3008] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes JMP 752d8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[3008] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007684150d 2 bytes JMP 752d8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[3008] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes JMP 752d8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[3008] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007684153d 2 bytes JMP 7524fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[3008] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076841555 2 bytes JMP 75256907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[3008] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007684156d 2 bytes JMP 752d90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[3008] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076841585 2 bytes JMP 752d8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[3008] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007684159d 2 bytes JMP 752d87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[3008] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000768415b5 2 bytes JMP 7524fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[3008] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000768415cd 2 bytes JMP 7525b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[3008] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes JMP 752d8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[3008] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes JMP 752d8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076841401 2 bytes JMP 7525b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3172] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076841419 2 bytes JMP 7525b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076841431 2 bytes JMP 752d9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007684144a 2 bytes CALL 752348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3172] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768414dd 2 bytes JMP 752d890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes JMP 752d8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007684150d 2 bytes JMP 752d8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes JMP 752d8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007684153d 2 bytes JMP 7524fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3172] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076841555 2 bytes JMP 75256907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007684156d 2 bytes JMP 752d90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076841585 2 bytes JMP 752d8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007684159d 2 bytes JMP 752d87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768415b5 2 bytes JMP 7524fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768415cd 2 bytes JMP 7525b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes JMP 752d8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes JMP 752d8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, 8B, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes [8B, F3, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, 8B, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, 8B, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, 8B, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes [50, 8B, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes [40, 8B, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076841401 2 bytes JMP 7525b233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076841419 2 bytes JMP 7525b35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076841431 2 bytes JMP 752d9011 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007684144a 2 bytes CALL 752348ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768414dd 2 bytes JMP 752d890a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes JMP 752d8ae0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007684150d 2 bytes JMP 752d8800 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes JMP 752d8bca C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007684153d 2 bytes JMP 7524fcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076841555 2 bytes JMP 75256907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007684156d 2 bytes JMP 752d90c9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076841585 2 bytes JMP 752d8c2a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007684159d 2 bytes JMP 752d87c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768415b5 2 bytes JMP 7524fd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768415cd 2 bytes JMP 7525b2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes JMP 752d8f8c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes JMP 752d8759 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, EB, ED, 7E, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes {JMP 0xffffffffffffffef} .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, EB, ED, 7E, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, EB, ED, 7E, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, EB, ED, 7E, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes {PUSH RAX; JMP 0xfffffffffffffff0} .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes {JMP 0xfffffffffffffff0} .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, 7B, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes [7B, F5, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, 7B, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, 7B, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, 7B, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes [50, 7B, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes [40, 7B, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, AB, EB, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes {STOSD ; JMP 0x81} .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, AB, EB, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes {JO 0xffffffffffffffad; JMP 0x82} .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, AB, EB, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes {PUSH RAX; STOSD ; JMP 0x82} .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes {STOSD ; JMP 0x82} .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[3124] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[3124] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[3124] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[3124] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[3124] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[3124] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, 7B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes [7B, ED, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, 7B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, 7B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, 7B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes [50, 7B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes [40, 7B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3360] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3360] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3360] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3360] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3360] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3360] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, 6B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes [6B, F2, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, 6B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, 6B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, 6B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes [50, 6B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes [40, 6B, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, 5B, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes [5B, F5, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, 5B, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, 5B, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, 5B, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes [50, 5B, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes [40, 5B, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5396] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5396] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5396] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5396] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5396] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5396] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, AB, F3, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes [AB, F3, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, AB, F3, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, AB, F3, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, AB, F3, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes [50, AB, F3, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes [40, AB, F3, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, CB, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes [CB, EA, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, CB, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, CB, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, CB, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes [50, CB, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes [40, CB, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, 5B, F4, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes [5B, F4, 7E, 00, 00, 00, 00] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, 5B, F4, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, 5B, F4, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, 5B, F4, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes [50, 5B, F4, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes [40, 5B, F4, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076841401 2 bytes JMP 7525b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076841419 2 bytes JMP 7525b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076841431 2 bytes JMP 752d9011 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007684144a 2 bytes CALL 752348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768414dd 2 bytes JMP 752d890a C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes JMP 752d8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007684150d 2 bytes JMP 752d8800 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes JMP 752d8bca C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007684153d 2 bytes JMP 7524fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076841555 2 bytes JMP 75256907 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007684156d 2 bytes JMP 752d90c9 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076841585 2 bytes JMP 752d8c2a C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007684159d 2 bytes JMP 752d87c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768415b5 2 bytes JMP 7524fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768415cd 2 bytes JMP 7525b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes JMP 752d8f8c C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes JMP 752d8759 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, 5B, EF, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes [5B, EF, 7E, 00, 00, 00, 00] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, 5B, EF, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, 5B, EF, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, 5B, EF, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes [50, 5B, EF, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes [40, 5B, EF, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076841401 2 bytes JMP 7525b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076841419 2 bytes JMP 7525b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076841431 2 bytes JMP 752d9011 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007684144a 2 bytes CALL 752348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768414dd 2 bytes JMP 752d890a C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes JMP 752d8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007684150d 2 bytes JMP 752d8800 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes JMP 752d8bca C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007684153d 2 bytes JMP 7524fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076841555 2 bytes JMP 75256907 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007684156d 2 bytes JMP 752d90c9 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076841585 2 bytes JMP 752d8c2a C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007684159d 2 bytes JMP 752d87c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768415b5 2 bytes JMP 7524fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768415cd 2 bytes JMP 7525b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes JMP 752d8f8c C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\Akamai\netsession_win.exe[7108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes JMP 752d8759 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Local\UpdateChecker\UpdateCheckerApp.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Local\UpdateChecker\UpdateCheckerApp.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, EB, F6, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\AppData\Local\UpdateChecker\UpdateCheckerApp.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes {JMP 0xfffffffffffffff8} .text C:\Users\SZEWCO\AppData\Local\UpdateChecker\UpdateCheckerApp.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, EB, F6, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\AppData\Local\UpdateChecker\UpdateCheckerApp.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, EB, F6, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\AppData\Local\UpdateChecker\UpdateCheckerApp.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, EB, F6, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\AppData\Local\UpdateChecker\UpdateCheckerApp.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes {PUSH RAX; JMP 0xfffffffffffffff9} .text C:\Users\SZEWCO\AppData\Local\UpdateChecker\UpdateCheckerApp.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes {JMP 0xfffffffffffffff9} .text C:\Users\SZEWCO\AppData\Local\UpdateChecker\UpdateCheckerApp.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\Users\SZEWCO\AppData\Local\UpdateChecker\UpdateCheckerApp.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\Users\SZEWCO\AppData\Local\UpdateChecker\UpdateCheckerApp.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Users\SZEWCO\AppData\Local\UpdateChecker\UpdateCheckerApp.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\Users\SZEWCO\AppData\Local\UpdateChecker\UpdateCheckerApp.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\Users\SZEWCO\AppData\Local\UpdateChecker\UpdateCheckerApp.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\Users\SZEWCO\AppData\Local\UpdateChecker\UpdateCheckerApp.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\Users\SZEWCO\AppData\Local\UpdateChecker\UpdateCheckerApp.exe[7116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\Users\SZEWCO\AppData\Local\UpdateChecker\UpdateCheckerApp.exe[7116] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Local\UpdateChecker\UpdateCheckerApp.exe[7116] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\SZEWCO\AppData\Local\UpdateChecker\UpdateCheckerApp.exe[7116] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Local\UpdateChecker\UpdateCheckerApp.exe[7116] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Local\UpdateChecker\UpdateCheckerApp.exe[7116] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Local\UpdateChecker\UpdateCheckerApp.exe[7116] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7268] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7268] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, FB, ED, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7268] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes [FB, ED, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7268] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, FB, ED, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7268] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, FB, ED, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7268] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, FB, ED, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7268] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes [50, FB, ED, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7268] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes [40, FB, ED, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7268] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7268] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7268] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7268] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7268] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7268] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7268] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7268] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7268] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7268] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7268] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7268] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, 4B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes [4B, ED, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, 4B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, 4B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, 4B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes [50, 4B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes [40, 4B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7572] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7572] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7572] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7572] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7572] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7572] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[7636] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[7636] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, BB, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[7636] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes [BB, EA, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[7636] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, BB, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[7636] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, BB, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[7636] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, BB, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[7636] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes [50, BB, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[7636] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes [40, BB, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[7636] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[7636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[7636] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[7636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[7636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[7636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[7636] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[7636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[7636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[7636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[7636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[7636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[7636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[7636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, 1B, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes [1B, F5, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, 1B, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, 1B, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, 1B, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes [50, 1B, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes [40, 1B, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[7644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[7644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[7644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[7644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[7644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[7644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, CB, EE, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes [CB, EE, 7E, 00, 00, 00, 00] .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, CB, EE, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, CB, EE, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, CB, EE, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes [50, CB, EE, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes [40, CB, EE, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076841401 2 bytes JMP 7525b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076841419 2 bytes JMP 7525b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076841431 2 bytes JMP 752d9011 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007684144a 2 bytes CALL 752348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768414dd 2 bytes JMP 752d890a C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes JMP 752d8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007684150d 2 bytes JMP 752d8800 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes JMP 752d8bca C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007684153d 2 bytes JMP 7524fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076841555 2 bytes JMP 75256907 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007684156d 2 bytes JMP 752d90c9 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076841585 2 bytes JMP 752d8c2a C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007684159d 2 bytes JMP 752d87c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768415b5 2 bytes JMP 7524fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768415cd 2 bytes JMP 7525b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes JMP 752d8f8c C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\AppData\Roaming\MXSkypeRec\MXSkypeRecorder.exe[7708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes JMP 752d8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, 7B, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes [7B, F0, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, 7B, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, 7B, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, 7B, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes [50, 7B, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes [40, 7B, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076841401 2 bytes JMP 7525b233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076841419 2 bytes JMP 7525b35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076841431 2 bytes JMP 752d9011 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007684144a 2 bytes CALL 752348ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768414dd 2 bytes JMP 752d890a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes JMP 752d8ae0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007684150d 2 bytes JMP 752d8800 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes JMP 752d8bca C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007684153d 2 bytes JMP 7524fcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076841555 2 bytes JMP 75256907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007684156d 2 bytes JMP 752d90c9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076841585 2 bytes JMP 752d8c2a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007684159d 2 bytes JMP 752d87c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768415b5 2 bytes JMP 7524fd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768415cd 2 bytes JMP 7525b2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes JMP 752d8f8c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[7824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes JMP 752d8759 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, 1B, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes [1B, F0, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, 1B, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, 1B, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, 1B, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes [50, 1B, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes [40, 1B, F0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[7852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[7852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[7852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[7852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[7852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[7852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, 5B, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes [5B, EC, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, 5B, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, 5B, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, 5B, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes [50, 5B, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes [40, 5B, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076841401 2 bytes JMP 7525b233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076841419 2 bytes JMP 7525b35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076841431 2 bytes JMP 752d9011 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007684144a 2 bytes CALL 752348ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768414dd 2 bytes JMP 752d890a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes JMP 752d8ae0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007684150d 2 bytes JMP 752d8800 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes JMP 752d8bca C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007684153d 2 bytes JMP 7524fcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076841555 2 bytes JMP 75256907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007684156d 2 bytes JMP 752d90c9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076841585 2 bytes JMP 752d8c2a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007684159d 2 bytes JMP 752d87c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768415b5 2 bytes JMP 7524fd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768415cd 2 bytes JMP 7525b2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes JMP 752d8f8c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[7888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes JMP 752d8759 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, 8B, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes [8B, F6, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, 8B, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, 8B, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, 8B, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes [50, 8B, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes [40, 8B, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076841401 2 bytes JMP 7525b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076841419 2 bytes JMP 7525b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076841431 2 bytes JMP 752d9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007684144a 2 bytes CALL 752348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768414dd 2 bytes JMP 752d890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes JMP 752d8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007684150d 2 bytes JMP 752d8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes JMP 752d8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007684153d 2 bytes JMP 7524fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076841555 2 bytes JMP 75256907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007684156d 2 bytes JMP 752d90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076841585 2 bytes JMP 752d8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007684159d 2 bytes JMP 752d87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768415b5 2 bytes JMP 7524fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768415cd 2 bytes JMP 7525b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes JMP 752d8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes JMP 752d8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 000000005b0011a8 2 bytes [00, 5B] .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 000000005b00127d 2 bytes CALL 752314c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 000000005b001310 2 bytes CALL 752314c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 000000005b0013a8 2 bytes [00, 5B] .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 000000005b001422 2 bytes [00, 5B] .text C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[4188] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 000000005b001498 2 bytes [00, 5B] .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, 7B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes [7B, ED, 7E, 00, 00, 00, 00] .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, 7B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, 7B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, 7B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes [50, 7B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes [40, 7B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, 3B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes [3B, ED, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, 3B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, 3B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, 3B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes [50, 3B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes [40, 3B, ED, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076841401 2 bytes JMP 7525b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076841419 2 bytes JMP 7525b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076841431 2 bytes JMP 752d9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007684144a 2 bytes CALL 752348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768414dd 2 bytes JMP 752d890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes JMP 752d8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007684150d 2 bytes JMP 752d8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes JMP 752d8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007684153d 2 bytes JMP 7524fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076841555 2 bytes JMP 75256907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007684156d 2 bytes JMP 752d90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076841585 2 bytes JMP 752d8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007684159d 2 bytes JMP 752d87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768415b5 2 bytes JMP 7524fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768415cd 2 bytes JMP 7525b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes JMP 752d8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes JMP 752d8759 C:\Windows\syswow64\kernel32.dll .text C:\Users\SZEWCO\Desktop\Usuwanie śmieci 11.04.2016\13zhjnxv.exe[9188] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\Desktop\Usuwanie śmieci 11.04.2016\13zhjnxv.exe[9188] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077531544 8 bytes [A0, AB, F6, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\Desktop\Usuwanie śmieci 11.04.2016\13zhjnxv.exe[9188] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775318cf 7 bytes [AB, F6, 7E, 00, 00, 00, 00] .text C:\Users\SZEWCO\Desktop\Usuwanie śmieci 11.04.2016\13zhjnxv.exe[9188] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077531ba8 8 bytes [80, AB, F6, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\Desktop\Usuwanie śmieci 11.04.2016\13zhjnxv.exe[9188] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077531d25 8 bytes [70, AB, F6, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\Desktop\Usuwanie śmieci 11.04.2016\13zhjnxv.exe[9188] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077531e8f 8 bytes [60, AB, F6, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\Desktop\Usuwanie śmieci 11.04.2016\13zhjnxv.exe[9188] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077531f75 8 bytes [50, AB, F6, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\Desktop\Usuwanie śmieci 11.04.2016\13zhjnxv.exe[9188] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775321d8 8 bytes [40, AB, F6, 7E, 00, 00, 00, ...] .text C:\Users\SZEWCO\Desktop\Usuwanie śmieci 11.04.2016\13zhjnxv.exe[9188] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007757d480 8 bytes {JMP QWORD [RIP-0x4b761]} .text C:\Users\SZEWCO\Desktop\Usuwanie śmieci 11.04.2016\13zhjnxv.exe[9188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007757d600 8 bytes {JMP QWORD [RIP-0x4b777]} .text C:\Users\SZEWCO\Desktop\Usuwanie śmieci 11.04.2016\13zhjnxv.exe[9188] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007757d630 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Users\SZEWCO\Desktop\Usuwanie śmieci 11.04.2016\13zhjnxv.exe[9188] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007757d750 8 bytes {JMP QWORD [RIP-0x4bbae]} .text C:\Users\SZEWCO\Desktop\Usuwanie śmieci 11.04.2016\13zhjnxv.exe[9188] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007757d800 8 bytes {JMP QWORD [RIP-0x4bf38]} .text C:\Users\SZEWCO\Desktop\Usuwanie śmieci 11.04.2016\13zhjnxv.exe[9188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007757de30 8 bytes {JMP QWORD [RIP-0x4ba50]} .text C:\Users\SZEWCO\Desktop\Usuwanie śmieci 11.04.2016\13zhjnxv.exe[9188] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007757e080 8 bytes {JMP QWORD [RIP-0x4beae]} .text C:\Users\SZEWCO\Desktop\Usuwanie śmieci 11.04.2016\13zhjnxv.exe[9188] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007757e8e0 8 bytes {JMP QWORD [RIP-0x4c971]} .text C:\Users\SZEWCO\Desktop\Usuwanie śmieci 11.04.2016\13zhjnxv.exe[9188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\Desktop\Usuwanie śmieci 11.04.2016\13zhjnxv.exe[9188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\SZEWCO\Desktop\Usuwanie śmieci 11.04.2016\13zhjnxv.exe[9188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\Desktop\Usuwanie śmieci 11.04.2016\13zhjnxv.exe[9188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\Desktop\Usuwanie śmieci 11.04.2016\13zhjnxv.exe[9188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\SZEWCO\Desktop\Usuwanie śmieci 11.04.2016\13zhjnxv.exe[9188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88015b90fb0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\svchost.exe [428:5372] 000007fefb1dc2d4 Thread C:\Windows\system32\svchost.exe [428:5376] 000007fefb1dc2d4 Thread C:\Windows\system32\svchost.exe [428:5380] 000007fefb1dc2d4 Thread C:\Windows\system32\svchost.exe [428:5384] 000007fefb1dc2d4 Thread C:\Windows\system32\svchost.exe [428:5512] 000007fef80c5124 Thread C:\Windows\system32\svchost.exe [428:6384] 000007fee2756ed4 Thread C:\Windows\system32\svchost.exe [428:8268] 000007fee2756b8c Thread C:\Windows\System32\svchost.exe [4572:8812] 000007fedf6c5040 Thread C:\Windows\System32\svchost.exe [4572:8916] 000007fee5689688 ---- Services - GMER 2.2 ---- Service C:\Program Files (x86)\4C4C4544-1458381572-5710-8051-C3C04F304E31\jnso59E.tmp (*** hidden *** ) [AUTO] gerocyni <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{6F6E230F-8D5B-4FD2-9598-F81FEA978D74}\Connection@Name isatap.{72BA5930-8346-4CC0-8D39-BB1CD23E4176} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{FF9FCAEA-ABAF-45F1-86D1-BFC307F054C9}\Connection@Name isatap.{162EC091-5445-4462-BC86-C3F1F2C80E63} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{4E705D7E-69EF-42AF-8A7B-07A25AC71FCA}?\Device\{6A494A47-C2F2-449D-A219-EC1EA1D66EF2}?\Device\{6F6E230F-8D5B-4FD2-9598-F81FEA978D74}?\Device\{FF9FCAEA-ABAF-45F1-86D1-BFC307F054C9}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{4E705D7E-69EF-42AF-8A7B-07A25AC71FCA}"?"{6A494A47-C2F2-449D-A219-EC1EA1D66EF2}"?"{6F6E230F-8D5B-4FD2-9598-F81FEA978D74}"?"{FF9FCAEA-ABAF-45F1-86D1-BFC307F054C9}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{4E705D7E-69EF-42AF-8A7B-07A25AC71FCA}?\Device\TCPIP6TUNNEL_{6A494A47-C2F2-449D-A219-EC1EA1D66EF2}?\Device\TCPIP6TUNNEL_{6F6E230F-8D5B-4FD2-9598-F81FEA978D74}?\Device\TCPIP6TUNNEL_{FF9FCAEA-ABAF-45F1-86D1-BFC307F054C9}? Reg HKLM\SYSTEM\CurrentControlSet\services\BITS@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\BITS Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38c5ec3c Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38c5ec3c@0c715d8706c0 0xB3 0xD0 0x10 0xA2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38c5ec3c@103047cc2b40 0xE3 0x06 0x9F 0x7A ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38c5ec3c@88708c4e3375 0x6E 0xC1 0x8D 0x0E ... Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{6F6E230F-8D5B-4FD2-9598-F81FEA978D74}@InterfaceName isatap.{72BA5930-8346-4CC0-8D39-BB1CD23E4176} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{6F6E230F-8D5B-4FD2-9598-F81FEA978D74}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{FF9FCAEA-ABAF-45F1-86D1-BFC307F054C9}@InterfaceName isatap.{162EC091-5445-4462-BC86-C3F1F2C80E63} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{FF9FCAEA-ABAF-45F1-86D1-BFC307F054C9}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\KLIF\Parameters@LastProcessedRevision 146323580 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x61 0x18 0x92 0xC3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x32 0xEB 0xAD 0x18 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAB 0xCD 0x02 0xC4 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38c5ec3c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38c5ec3c@0c715d8706c0 0xB3 0xD0 0x10 0xA2 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38c5ec3c@103047cc2b40 0xE3 0x06 0x9F 0x7A ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38c5ec3c@88708c4e3375 0x6E 0xC1 0x8D 0x0E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x61 0x18 0x92 0xC3 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x32 0xEB 0xAD 0x18 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAB 0xCD 0x02 0xC4 ... ---- EOF - GMER 2.2 ----