Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 8: PUP.Optional.Trovi.A

Windows 8: PUP.Optional.Trovi.A


Log-Analyse und Auswertung: Windows 8: PUP.Optional.Trovi.A

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 16.04.2015, 22:59   #1
Sabine74
 
Windows 8: PUP.Optional.Trovi.A - Standard

Windows 8: PUP.Optional.Trovi.A


GMER.txt (Teil 1)
Code:
ATTFilter

	
Code: 

 
ATTFilter


  

	

	
Code: 

 
ATTFilter


  

	
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-16 23:40:49
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000031 WDC_WD10JPVT-75A1YT0 rev.01.01A01 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Thomas\AppData\Local\Temp\awdiypow.sys


---- User code sections - GMER 2.1 ----

.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                                                                                  00007ffa84b83e10 7 bytes JMP 00007ffb825a02d0
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                                                                         00007ffa84b83e20 7 bytes JMP 00007ffb825a0308
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                                                                           00007ffa84c339b0 7 bytes JMP 00007ffb825a03b0
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                                                                          00007ffa84c33ef0 7 bytes JMP 00007ffb825a0340
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                                                                           00007ffa84c33fe0 7 bytes JMP 00007ffb825a0378
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                                                                  00007ffa84c606c0 7 bytes JMP 00007ffb825a0228
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                                                                                    00007ffa84c60730 7 bytes JMP 00007ffb825a0298
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW                                                                                  00007ffa84c60760 7 bytes JMP 00007ffb825a0260
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                                                                            00007ffa825b21d0 5 bytes JMP 00007ffb825a0180
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                                                                       00007ffa825b29d0 7 bytes JMP 00007ffb825a00d8
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                     00007ffa825b4310 5 bytes JMP 00007ffb825a0110
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                                                                         00007ffa825b8d80 5 bytes JMP 00007ffb825a0148
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                                                                            00007ffa82b66d90 10 bytes JMP 00007ffb825a0490
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                                                                        00007ffa82b774a0 5 bytes JMP 00007ffb825a0458
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                                                                                 00007ffa82b77560 1 byte JMP 00007ffb825a03e8
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2                                                                             00007ffa82b77562 7 bytes {JMP 0xffffffffffa28e88}
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                                                                        00007ffa82b86b10 5 bytes JMP 00007ffb825a0420
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                    00007ffa83051500 8 bytes JMP 00007ffb825a01b8
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                      00007ffa83051750 8 bytes JMP 00007ffb825a01f0
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory                                                                                            00007ffa7f837750 5 bytes JMP 00007ffb7f6800d8
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory1                                                                                           00007ffa7f838ee0 5 bytes JMP 00007ffb7f680110
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                      00007ffa85064b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                          00007ffa85064f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                      00007ffa85065206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                            00007ffa850653ff 8 bytes {JMP 0xffffffffffffffee}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                       00007ffa8506579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                              00007ffa85065954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                         00007ffa85065ef1 8 bytes {JMP 0xffffffffffffff9e}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78            00007ffa85065f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399                                        00007ffa850660ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977                 00007ffa850664d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310                                          00007ffa85066616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491                                          00007ffa850666cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359                               00007ffa85068397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67                                    00007ffa85068a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864                                   00007ffa85068d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143                                    00007ffa85068e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510                                       00007ffa850690ae 8 bytes {JMP 0xffffffffffffff96}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715                                       00007ffa8506917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772                                         00007ffa85069d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrAddRefDll + 685                                             00007ffa85069fcd 8 bytes {JMP 0xffffffffffffffaf}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 352                                        00007ffa8506aae0 8 bytes {JMP 0xffffffffffffffcd}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 488                                        00007ffa8506ab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetVersion + 565                                            00007ffa8506b2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78                                       00007ffa8506b33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 311                                             00007ffa8506c4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 528                                             00007ffa8506c5b0 8 bytes {JMP 0xffffffffffffffc7}
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579                        00007ffa8506d0d3 8 bytes {JMP 0xffffffffffffffef}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47                       00007ffa8506d10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495                                        00007ffa8506d57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43                                        00007ffa8506d6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456                                       00007ffa8506d888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!TpReleaseWait + 180                                            00007ffa8506d944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRegisterWait + 596                                          00007ffa8506dba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWait + 424                                              00007ffa8506dd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 771                                              00007ffa8506e073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 948                                              00007ffa8506e124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48                                    00007ffa8506e160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRandomEx + 756                                              00007ffa8506eb74 8 bytes {JMP 0xffffffffffffffd0}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371                                   00007ffa8506fe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556                                      00007ffa8507009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProtectHeap + 171                                           00007ffa8507015b 8 bytes [70, 6C, 48, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744                           00007ffa85071438 8 bytes [40, 6C, 48, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214                                   00007ffa850715e6 8 bytes [30, 6C, 48, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567                                  00007ffa85071877 8 bytes [20, 6C, 48, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429                                 00007ffa85071a2d 8 bytes [10, 6C, 48, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213                                    00007ffa85071c35 8 bytes [00, 6C, 48, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                         00007ffa850e1290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                       00007ffa850e1410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                             00007ffa850e1440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                           00007ffa850e1560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                               00007ffa850e1610 8 bytes {JMP QWORD [RIP-0x71122]}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                               00007ffa850e1cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                             00007ffa850e1fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                             00007ffa850e2850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                         00000000776313f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                         0000000077631583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                               0000000077631621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                         0000000077631674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                     00000000776316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                 00000000776316e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                0000000077631727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 7
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                               00000000776325d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                           0000000077632714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 529                             0000000077632961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 595                                        0000000077632bd3 8 bytes [DC, 6A, 48, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                  00007ffa85064b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                      00007ffa85064f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                  00007ffa85065206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                        00007ffa850653ff 8 bytes {JMP 0xffffffffffffffee}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                   00007ffa8506579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                          00007ffa85065954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                     00007ffa85065ef1 8 bytes {JMP 0xffffffffffffff9e}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78        00007ffa85065f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399                                    00007ffa850660ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977             00007ffa850664d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310                                      00007ffa85066616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491                                      00007ffa850666cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359                           00007ffa85068397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67                                00007ffa85068a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864                               00007ffa85068d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143                                00007ffa85068e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510                                   00007ffa850690ae 8 bytes {JMP 0xffffffffffffff96}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715                                   00007ffa8506917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772                                     00007ffa85069d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrAddRefDll + 685                                         00007ffa85069fcd 8 bytes {JMP 0xffffffffffffffaf}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 352                                    00007ffa8506aae0 8 bytes {JMP 0xffffffffffffffcd}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 488                                    00007ffa8506ab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetVersion + 565                                        00007ffa8506b2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78                                   00007ffa8506b33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 311                                         00007ffa8506c4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 528                                         00007ffa8506c5b0 8 bytes {JMP 0xffffffffffffffc7}
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579                    00007ffa8506d0d3 8 bytes {JMP 0xffffffffffffffef}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47                   00007ffa8506d10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495                                    00007ffa8506d57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43                                    00007ffa8506d6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456                                   00007ffa8506d888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!TpReleaseWait + 180                                        00007ffa8506d944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRegisterWait + 596                                      00007ffa8506dba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWait + 424                                          00007ffa8506dd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 771                                          00007ffa8506e073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 948                                          00007ffa8506e124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48                                00007ffa8506e160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRandomEx + 756                                          00007ffa8506eb74 8 bytes {JMP 0xffffffffffffffd0}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371                               00007ffa8506fe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556                                  00007ffa8507009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProtectHeap + 171                                       00007ffa8507015b 8 bytes [70, 6C, 95, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744                       00007ffa85071438 8 bytes [40, 6C, 95, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214                               00007ffa850715e6 8 bytes [30, 6C, 95, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567                              00007ffa85071877 8 bytes [20, 6C, 95, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429                             00007ffa85071a2d 8 bytes [10, 6C, 95, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213                                00007ffa85071c35 8 bytes [00, 6C, 95, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                     00007ffa850e1290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                   00007ffa850e1410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                         00007ffa850e1440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                       00007ffa850e1560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                           00007ffa850e1610 8 bytes {JMP QWORD [RIP-0x71122]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                           00007ffa850e1cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                         00007ffa850e1fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                         00007ffa850e2850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                     00000000776313f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                     0000000077631583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                           0000000077631621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                     0000000077631674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                 00000000776316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                             00000000776316e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                            0000000077631727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 7
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                           00000000776325d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                       0000000077632714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 529                         0000000077632961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 595                                    0000000077632bd3 8 bytes [DC, 6A, 95, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                               00007ffa85064b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                   00007ffa85064f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                               00007ffa85065206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                     00007ffa850653ff 8 bytes {JMP 0xffffffffffffffee}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                00007ffa8506579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                       00007ffa85065954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                  00007ffa85065ef1 8 bytes {JMP 0xffffffffffffff9e}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                     00007ffa85065f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399                                                 00007ffa850660ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977                          00007ffa850664d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310                                                   00007ffa85066616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491                                                   00007ffa850666cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359                                        00007ffa85068397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67                                             00007ffa85068a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864                                            00007ffa85068d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143                                             00007ffa85068e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510                                                00007ffa850690ae 8 bytes {JMP 0xffffffffffffff96}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715                                                00007ffa8506917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772                                                  00007ffa85069d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrAddRefDll + 685                                                      00007ffa85069fcd 8 bytes {JMP 0xffffffffffffffaf}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 352                                                 00007ffa8506aae0 8 bytes {JMP 0xffffffffffffffcd}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 488                                                 00007ffa8506ab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetVersion + 565                                                     00007ffa8506b2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78                                                00007ffa8506b33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 311                                                      00007ffa8506c4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 528                                                      00007ffa8506c5b0 8 bytes {JMP 0xffffffffffffffc7}
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579                                 00007ffa8506d0d3 8 bytes {JMP 0xffffffffffffffef}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47                                00007ffa8506d10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495                                                 00007ffa8506d57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43                                                 00007ffa8506d6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456                                                00007ffa8506d888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!TpReleaseWait + 180                                                     00007ffa8506d944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRegisterWait + 596                                                   00007ffa8506dba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWait + 424                                                       00007ffa8506dd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 771                                                       00007ffa8506e073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 948                                                       00007ffa8506e124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48                                             00007ffa8506e160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRandomEx + 756                                                       00007ffa8506eb74 8 bytes {JMP 0xffffffffffffffd0}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371                                            00007ffa8506fe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556                                               00007ffa8507009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProtectHeap + 171                                                    00007ffa8507015b 8 bytes [70, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744                                    00007ffa85071438 8 bytes [40, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214                                            00007ffa850715e6 8 bytes [30, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567                                           00007ffa85071877 8 bytes [20, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429                                          00007ffa85071a2d 8 bytes [10, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213                                             00007ffa85071c35 8 bytes [00, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                                  00007ffa850e1290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                00007ffa850e1410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                      00007ffa850e1440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    00007ffa850e1560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                                        00007ffa850e1610 8 bytes {JMP QWORD [RIP-0x71122]}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        00007ffa850e1cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                                      00007ffa850e1fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                      00007ffa850e2850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                                  00000000776313f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                                  0000000077631583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                        0000000077631621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                  0000000077631674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                              00000000776316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                          00000000776316e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                         0000000077631727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 7
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                                        00000000776325d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                                    0000000077632714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 529                                      0000000077632961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 595                                                 0000000077632bd3 8 bytes [DC, 6A, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                              00007ffa85064b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                  00007ffa85064f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                              00007ffa85065206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                    00007ffa850653ff 8 bytes {JMP 0xffffffffffffffee}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                               00007ffa8506579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                      00007ffa85065954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                 00007ffa85065ef1 8 bytes {JMP 0xffffffffffffff9e}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                    00007ffa85065f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399                                                                00007ffa850660ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977                                         00007ffa850664d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310                                                                  00007ffa85066616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491                                                                  00007ffa850666cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359                                                       00007ffa85068397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67                                                            00007ffa85068a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864                                                           00007ffa85068d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143                                                            00007ffa85068e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510                                                               00007ffa850690ae 8 bytes {JMP 0xffffffffffffff96}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715                                                               00007ffa8506917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772                                                                 00007ffa85069d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrAddRefDll + 685                                                                     00007ffa85069fcd 8 bytes {JMP 0xffffffffffffffaf}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 352                                                                00007ffa8506aae0 8 bytes {JMP 0xffffffffffffffcd}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 488                                                                00007ffa8506ab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetVersion + 565                                                                    00007ffa8506b2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78                                                               00007ffa8506b33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 311                                                                     00007ffa8506c4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 528                                                                     00007ffa8506c5b0 8 bytes {JMP 0xffffffffffffffc7}
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579                                                00007ffa8506d0d3 8 bytes {JMP 0xffffffffffffffef}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47                                               00007ffa8506d10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495                                                                00007ffa8506d57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43                                                                00007ffa8506d6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456                                                               00007ffa8506d888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!TpReleaseWait + 180                                                                    00007ffa8506d944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRegisterWait + 596                                                                  00007ffa8506dba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWait + 424                                                                      00007ffa8506dd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 771                                                                      00007ffa8506e073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 948                                                                      00007ffa8506e124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48                                                            00007ffa8506e160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRandomEx + 756                                                                      00007ffa8506eb74 8 bytes {JMP 0xffffffffffffffd0}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371                                                           00007ffa8506fe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556                                                              00007ffa8507009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProtectHeap + 171                                                                   00007ffa8507015b 8 bytes [70, 6C, 9D, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744                                                   00007ffa85071438 8 bytes [40, 6C, 9D, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214                                                           00007ffa850715e6 8 bytes [30, 6C, 9D, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567                                                          00007ffa85071877 8 bytes [20, 6C, 9D, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429                                                         00007ffa85071a2d 8 bytes [10, 6C, 9D, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213                                                            00007ffa85071c35 8 bytes [00, 6C, 9D, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                 00007ffa850e1290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                               00007ffa850e1410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                     00007ffa850e1440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                   00007ffa850e1560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                       00007ffa850e1610 8 bytes {JMP QWORD [RIP-0x71122]}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                       00007ffa850e1cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                                                     00007ffa850e1fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                     00007ffa850e2850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                                                 00000000776313f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                                                 0000000077631583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                       0000000077631621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                                 0000000077631674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                             00000000776316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                         00000000776316e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                        0000000077631727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 7
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                                                       00000000776325d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                                                   0000000077632714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 529                                                     0000000077632961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 595                                                                0000000077632bd3 8 bytes [DC, 6A, 9D, 7F, 00, 00, 00, ...]
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNEL32.dll!K32GetModuleInformation                                                        00007ffa84b83e10 7 bytes JMP 00007ffb825a03b0
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNEL32.dll!RegQueryValueExW                                                               00007ffa84b83e20 7 bytes JMP 00007ffb825a03e8
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNEL32.dll!RegSetValueExW                                                                 00007ffa84c339b0 7 bytes JMP 00007ffb825a0490
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNEL32.dll!RegDeleteValueW                                                                00007ffa84c33ef0 7 bytes JMP 00007ffb825a0420
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNEL32.dll!RegSetValueExA                                                                 00007ffa84c33fe0 7 bytes JMP 00007ffb825a0458
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNEL32.dll!K32EnumProcessModulesEx                                                        00007ffa84c606c0 7 bytes JMP 00007ffb825a0308
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNEL32.dll!K32GetMappedFileNameW                                                          00007ffa84c60730 7 bytes JMP 00007ffb825a0378
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNEL32.dll!K32GetModuleFileNameExW                                                        00007ffa84c60760 7 bytes JMP 00007ffb825a0340
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                                                  00007ffa825b21d0 5 bytes JMP 00007ffb825a0180
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                                             00007ffa825b29d0 7 bytes JMP 00007ffb825a00d8
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                                           00007ffa825b4310 5 bytes JMP 00007ffb825a0110
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                                               00007ffa825b8d80 5 bytes JMP 00007ffb825a0148
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance                                                                00007ffa84dad050 7 bytes JMP 00007ffb825a0228
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket                                                               00007ffa84ddb170 5 bytes JMP 00007ffb825a0260
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                                                  00007ffa82b66d90 10 bytes JMP 00007ffb825a0570
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                                              00007ffa82b774a0 5 bytes JMP 00007ffb825a0538
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                                                       00007ffa82b77560 9 bytes JMP 00007ffb825a04c8
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                                              00007ffa82b86b10 5 bytes JMP 00007ffb825a0500
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                          00007ffa83051500 8 bytes JMP 00007ffb825a01b8
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                            00007ffa83051750 8 bytes JMP 00007ffb825a01f0
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\SYSTEM32\d3d9.dll!Direct3DCreate9Ex                                                                  00007ffa66f5ead0 5 bytes JMP 00007ffa825a02d0
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\SYSTEM32\d3d9.dll!Direct3DCreate9                                                                    00007ffa66f8eb90 6 bytes JMP 00007ffa825a0298
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                            00007ffa85064b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                00007ffa85064f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                            00007ffa85065206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                  00007ffa850653ff 8 bytes {JMP 0xffffffffffffffee}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                             00007ffa8506579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                    00007ffa85065954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                               00007ffa85065ef1 8 bytes {JMP 0xffffffffffffff9e}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78  00007ffa85065f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399                              00007ffa850660ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977       00007ffa850664d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310                                00007ffa85066616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491                                00007ffa850666cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359                     00007ffa85068397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67                          00007ffa85068a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864                         00007ffa85068d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143                          00007ffa85068e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510                             00007ffa850690ae 8 bytes {JMP 0xffffffffffffff96}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715                             00007ffa8506917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772                               00007ffa85069d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrAddRefDll + 685                                   00007ffa85069fcd 8 bytes {JMP 0xffffffffffffffaf}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 352                              00007ffa8506aae0 8 bytes {JMP 0xffffffffffffffcd}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 488                              00007ffa8506ab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetVersion + 565                                  00007ffa8506b2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78                             00007ffa8506b33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 311                                   00007ffa8506c4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 528                                   00007ffa8506c5b0 8 bytes {JMP 0xffffffffffffffc7}
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579              00007ffa8506d0d3 8 bytes {JMP 0xffffffffffffffef}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47             00007ffa8506d10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495                              00007ffa8506d57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43                              00007ffa8506d6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456                             00007ffa8506d888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!TpReleaseWait + 180                                  00007ffa8506d944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRegisterWait + 596                                00007ffa8506dba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWait + 424                                    00007ffa8506dd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 771                                    00007ffa8506e073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 948                                    00007ffa8506e124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48                          00007ffa8506e160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRandomEx + 756                                    00007ffa8506eb74 8 bytes {JMP 0xffffffffffffffd0}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371                         00007ffa8506fe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556                            00007ffa8507009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProtectHeap + 171                                 00007ffa8507015b 8 bytes [70, 6C, 52, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744                 00007ffa85071438 8 bytes [40, 6C, 52, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214                         00007ffa850715e6 8 bytes [30, 6C, 52, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567                        00007ffa85071877 8 bytes [20, 6C, 52, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429                       00007ffa85071a2d 8 bytes [10, 6C, 52, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213                          00007ffa85071c35 8 bytes [00, 6C, 52, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                               00007ffa850e1290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                             00007ffa850e1410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                   00007ffa850e1440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                 00007ffa850e1560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                     00007ffa850e1610 8 bytes {JMP QWORD [RIP-0x71122]}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                     00007ffa850e1cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                   00007ffa850e1fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                   00007ffa850e2850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                               00000000776313f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                               0000000077631583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                     0000000077631621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                               0000000077631674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                           00000000776316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                       00000000776316e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                      0000000077631727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 7
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                     00000000776325d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                 0000000077632714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 529                   0000000077632961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 595                              0000000077632bd3 8 bytes [DC, 6A, 52, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                               00007ffa85064b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                   00007ffa85064f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                               00007ffa85065206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                     00007ffa850653ff 8 bytes {JMP 0xffffffffffffffee}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                00007ffa8506579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                       00007ffa85065954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                  00007ffa85065ef1 8 bytes {JMP 0xffffffffffffff9e}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78     00007ffa85065f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399                                 00007ffa850660ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977          00007ffa850664d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310                                   00007ffa85066616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491                                   00007ffa850666cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359                        00007ffa85068397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67                             00007ffa85068a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864                            00007ffa85068d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143                             00007ffa85068e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510                                00007ffa850690ae 8 bytes {JMP 0xffffffffffffff96}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715                                00007ffa8506917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772                                  00007ffa85069d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrAddRefDll + 685                                      00007ffa85069fcd 8 bytes {JMP 0xffffffffffffffaf}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 352                                 00007ffa8506aae0 8 bytes {JMP 0xffffffffffffffcd}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 488                                 00007ffa8506ab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetVersion + 565                                     00007ffa8506b2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78                                00007ffa8506b33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 311                                      00007ffa8506c4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 528                                      00007ffa8506c5b0 8 bytes {JMP 0xffffffffffffffc7}
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579                 00007ffa8506d0d3 8 bytes {JMP 0xffffffffffffffef}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47                00007ffa8506d10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495                                 00007ffa8506d57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43                                 00007ffa8506d6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456                                00007ffa8506d888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!TpReleaseWait + 180                                     00007ffa8506d944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRegisterWait + 596                                   00007ffa8506dba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWait + 424                                       00007ffa8506dd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 771                                       00007ffa8506e073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 948                                       00007ffa8506e124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48                             00007ffa8506e160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRandomEx + 756                                       00007ffa8506eb74 8 bytes {JMP 0xffffffffffffffd0}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371                            00007ffa8506fe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556                               00007ffa8507009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProtectHeap + 171                                    00007ffa8507015b 8 bytes [70, 6C, 47, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744                    00007ffa85071438 8 bytes [40, 6C, 47, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214                            00007ffa850715e6 8 bytes [30, 6C, 47, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567                           00007ffa85071877 8 bytes [20, 6C, 47, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429                          00007ffa85071a2d 8 bytes [10, 6C, 47, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213                             00007ffa85071c35 8 bytes [00, 6C, 47, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                  00007ffa850e1290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                00007ffa850e1410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                      00007ffa850e1440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                    00007ffa850e1560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                        00007ffa850e1610 8 bytes {JMP QWORD [RIP-0x71122]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                        00007ffa850e1cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                      00007ffa850e1fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                      00007ffa850e2850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                  00000000776313f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                  0000000077631583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                        0000000077631621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                  0000000077631674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                              00000000776316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                          00000000776316e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                         0000000077631727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 7
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                        00000000776325d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                    0000000077632714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 529                      0000000077632961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 595

Antwort

Themen zu Windows 8: PUP.Optional.Trovi.A
adware, bonjour, browser, canon, ccsetup, computer, defender, desktop, ebanking, fehler, firefox, flash player, google, homepage, installation, kaspersky, mozilla, newtab, onedrive, realtek, registry, rundll, scan, schutz, schädling, security, software, super, svchost.exe, usb, windows


« Trojaner im zip-Ordner von Directpay GmbH via Mail geöffnet und ausgeführt | Rechner lahmt kann wer was finden? »


Ähnliche Themen: Windows 8: PUP.Optional.Trovi.A


  1. Windows 8: PUP.Optional.Trovi.A
    Log-Analyse und Auswertung - 14.06.2015 (9)
  2. Werde PUP.Optional Trovi.A nicht los
    Log-Analyse und Auswertung - 31.03.2015 (15)
  3. GMER stürzt ab - MBAM erkennt PUP.Optional.Agent, PUP.Optional.IEBho.A, PUP.Optional.MyFreeze.A
    Plagegeister aller Art und deren Bekämpfung - 07.02.2015 (13)
  4. Trovi.com entfernen in Windows 8.1
    Plagegeister aller Art und deren Bekämpfung - 28.12.2014 (25)
  5. WIN7: Fund PUP.Optional.DigitalSites.A, PUP.Optional.OpenCandy, PUP.Optional.Softonic.A, PUP.Optional.Updater.A. Weitere Vorgehensweise
    Log-Analyse und Auswertung - 08.10.2014 (11)
  6. Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch
    Plagegeister aller Art und deren Bekämpfung - 17.07.2014 (3)
  7. Trojaner, Virus ? (Windows 7) Outlook gesperrt, trovi.com bei Chrome, was tun?
    Plagegeister aller Art und deren Bekämpfung - 05.06.2014 (3)
  8. die Viren/Trojamer PUP.Optional.SearchProtect & PUP.Optional.Trovi.A
    Plagegeister aller Art und deren Bekämpfung - 22.05.2014 (11)
  9. Windows 8 nachdem (PUP.Optional.SweetPage.A) behoben ist, Fund von PUP.Optional.IePluginServiceA
    Log-Analyse und Auswertung - 15.05.2014 (19)
  10. Windows 7: PUP.Optional.Conduit.A und PUP.Optional.SearchProtect.A gefunden
    Log-Analyse und Auswertung - 21.03.2014 (7)
  11. Windows 8: Schädlingsbefall - PUP.Optional. DefaultTab.A und PUP.Optional.AlexaTB.A
    Log-Analyse und Auswertung - 15.01.2014 (14)
  12. Windows 8: Fund von TR/Dropper.gen, PUP.Optional.Iminent.A, PUP.Optional.BizzyBolt, PUP.Optional.DigitalSites.A
    Log-Analyse und Auswertung - 10.12.2013 (13)
  13. Windows 8.1 PUP.Optional.InstallCore.A + PUP.Optional.Chrome.A entdeckt
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (13)
  14. Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Plagegeister aller Art und deren Bekämpfung - 11.09.2013 (13)
  15. 2x Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Mülltonne - 08.09.2013 (1)
  16. Windows 7, Malwarebytes findet 1 infizierte Datei: Trojan.PUP.Optional.FileScout.A, bei einen anderen Benutzer Pub.Optional.Open.Candy
    Log-Analyse und Auswertung - 30.08.2013 (32)
  17. Windows 7 Ultimate 64bit: Malewarebytes findet PUP.Optional.Conduit.A/PUP.Optional.Softonic
    Plagegeister aller Art und deren Bekämpfung - 22.08.2013 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 8: PUP.Optional.Trovi.A - GMER.txt (Teil 1) Code: Alles auswählen Aufklappen ATTFilter Code: Alles auswählen Aufklappen ATTFilter Code: Alles auswählen Aufklappen ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-04-16 23:40:49 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 - Windows 8: PUP.Optional.Trovi.A...
Archiv
Du betrachtest: Windows 8: PUP.Optional.Trovi.A auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131