gmer Log Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-11-04 19:02:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0. 238,50GB
Running: Gmer-19357.exe; Driver: C:\Users\RN\AppData\Local\Temp\uxtdrpob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077211401 2 bytes JMP 7633b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077211419 2 bytes JMP 7633b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077211431 2 bytes JMP 763b8fd1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007721144a 2 bytes CALL 7631489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772114dd 2 bytes JMP 763b88c4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772114f5 2 bytes JMP 763b8aa0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007721150d 2 bytes JMP 763b87ba C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077211525 2 bytes JMP 763b8b8a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007721153d 2 bytes JMP 7632fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077211555 2 bytes JMP 763368ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007721156d 2 bytes JMP 763b9089 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077211585 2 bytes JMP 763b8bea C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007721159d 2 bytes JMP 763b877e C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772115b5 2 bytes JMP 7632fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772115cd 2 bytes JMP 7633b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772116b2 2 bytes JMP 763b8f4c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772116bd 2 bytes JMP 763b8713 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077211401 2 bytes JMP 7633b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077211419 2 bytes JMP 7633b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077211431 2 bytes JMP 763b8fd1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007721144a 2 bytes CALL 7631489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772114dd 2 bytes JMP 763b88c4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772114f5 2 bytes JMP 763b8aa0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007721150d 2 bytes JMP 763b87ba C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077211525 2 bytes JMP 763b8b8a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007721153d 2 bytes JMP 7632fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077211555 2 bytes JMP 763368ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007721156d 2 bytes JMP 763b9089 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077211585 2 bytes JMP 763b8bea C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007721159d 2 bytes JMP 763b877e C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772115b5 2 bytes JMP 7632fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772115cd 2 bytes JMP 7633b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772116b2 2 bytes JMP 763b8f4c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772116bd 2 bytes JMP 763b8713 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077211401 2 bytes JMP 7633b21b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077211419 2 bytes JMP 7633b346 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077211431 2 bytes JMP 763b8fd1 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007721144a 2 bytes CALL 7631489d C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772114dd 2 bytes JMP 763b88c4 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772114f5 2 bytes JMP 763b8aa0 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007721150d 2 bytes JMP 763b87ba C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077211525 2 bytes JMP 763b8b8a C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007721153d 2 bytes JMP 7632fca8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077211555 2 bytes JMP 763368ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007721156d 2 bytes JMP 763b9089 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077211585 2 bytes JMP 763b8bea C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007721159d 2 bytes JMP 763b877e C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772115b5 2 bytes JMP 7632fd41 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772115cd 2 bytes JMP 7633b2dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772116b2 2 bytes JMP 763b8f4c C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772116bd 2 bytes JMP 763b8713 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077211401 2 bytes JMP 7633b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077211419 2 bytes JMP 7633b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077211431 2 bytes JMP 763b8fd1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007721144a 2 bytes CALL 7631489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772114dd 2 bytes JMP 763b88c4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772114f5 2 bytes JMP 763b8aa0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007721150d 2 bytes JMP 763b87ba C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077211525 2 bytes JMP 763b8b8a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007721153d 2 bytes JMP 7632fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077211555 2 bytes JMP 763368ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007721156d 2 bytes JMP 763b9089 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077211585 2 bytes JMP 763b8bea C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007721159d 2 bytes JMP 763b877e C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772115b5 2 bytes JMP 7632fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772115cd 2 bytes JMP 7633b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772116b2 2 bytes JMP 763b8f4c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772116bd 2 bytes JMP 763b8713 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077211401 2 bytes JMP 7633b21b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077211419 2 bytes JMP 7633b346 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077211431 2 bytes JMP 763b8fd1 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007721144a 2 bytes CALL 7631489d C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772114dd 2 bytes JMP 763b88c4 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772114f5 2 bytes JMP 763b8aa0 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007721150d 2 bytes JMP 763b87ba C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077211525 2 bytes JMP 763b8b8a C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007721153d 2 bytes JMP 7632fca8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077211555 2 bytes JMP 763368ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007721156d 2 bytes JMP 763b9089 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077211585 2 bytes JMP 763b8bea C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007721159d 2 bytes JMP 763b877e C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772115b5 2 bytes JMP 7632fd41 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772115cd 2 bytes JMP 7633b2dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772116b2 2 bytes JMP 763b8f4c C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772116bd 2 bytes JMP 763b8713 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077211401 2 bytes JMP 7633b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077211419 2 bytes JMP 7633b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077211431 2 bytes JMP 763b8fd1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007721144a 2 bytes CALL 7631489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772114dd 2 bytes JMP 763b88c4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772114f5 2 bytes JMP 763b8aa0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007721150d 2 bytes JMP 763b87ba C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077211525 2 bytes JMP 763b8b8a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007721153d 2 bytes JMP 7632fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077211555 2 bytes JMP 763368ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007721156d 2 bytes JMP 763b9089 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077211585 2 bytes JMP 763b8bea C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007721159d 2 bytes JMP 763b877e C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772115b5 2 bytes JMP 7632fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772115cd 2 bytes JMP 7633b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772116b2 2 bytes JMP 763b8f4c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772116bd 2 bytes JMP 763b8713 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text |