Process: dllhost.exe Pid: 5844 Address: 0x190000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x00190000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x00190010 00 00 19 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x00190020 10 00 19 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x00190030 20 00 19 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x190000 0000 ADD [EAX], AL 0x190002 0000 ADD [EAX], AL 0x190004 0000 ADD [EAX], AL 0x190006 0000 ADD [EAX], AL 0x190008 0000 ADD [EAX], AL 0x19000a 0000 ADD [EAX], AL 0x19000c 0000 ADD [EAX], AL 0x19000e 0000 ADD [EAX], AL 0x190010 0000 ADD [EAX], AL 0x190012 1900 SBB [EAX], EAX 0x190014 0000 ADD [EAX], AL 0x190016 0000 ADD [EAX], AL 0x190018 0000 ADD [EAX], AL 0x19001a 0000 ADD [EAX], AL 0x19001c 0000 ADD [EAX], AL 0x19001e 0000 ADD [EAX], AL 0x190020 1000 ADC [EAX], AL 0x190022 1900 SBB [EAX], EAX 0x190024 0000 ADD [EAX], AL 0x190026 0000 ADD [EAX], AL 0x190028 0000 ADD [EAX], AL 0x19002a 0000 ADD [EAX], AL 0x19002c 0000 ADD [EAX], AL 0x19002e 0000 ADD [EAX], AL 0x190030 2000 AND [EAX], AL 0x190032 1900 SBB [EAX], EAX 0x190034 0000 ADD [EAX], AL 0x190036 0000 ADD [EAX], AL 0x190038 0000 ADD [EAX], AL 0x19003a 0000 ADD [EAX], AL 0x19003c 0000 ADD [EAX], AL 0x19003e 0000 ADD [EAX], AL Process: VSNService.exe Pid: 5928 Address: 0x110000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x00110000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x00110010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x00110020 00 00 11 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x00110030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x110000 0000 ADD [EAX], AL 0x110002 0000 ADD [EAX], AL 0x110004 0000 ADD [EAX], AL 0x110006 0000 ADD [EAX], AL 0x110008 0000 ADD [EAX], AL 0x11000a 0000 ADD [EAX], AL 0x11000c 0000 ADD [EAX], AL 0x11000e 0000 ADD [EAX], AL 0x110010 0000 ADD [EAX], AL 0x110012 0000 ADD [EAX], AL 0x110014 0000 ADD [EAX], AL 0x110016 0000 ADD [EAX], AL 0x110018 0000 ADD [EAX], AL 0x11001a 0000 ADD [EAX], AL 0x11001c 0000 ADD [EAX], AL 0x11001e 0000 ADD [EAX], AL 0x110020 0000 ADD [EAX], AL 0x110022 1100 ADC [EAX], EAX 0x110024 0000 ADD [EAX], AL 0x110026 0000 ADD [EAX], AL 0x110028 0000 ADD [EAX], AL 0x11002a 0000 ADD [EAX], AL 0x11002c 0000 ADD [EAX], AL 0x11002e 0000 ADD [EAX], AL 0x110030 0000 ADD [EAX], AL 0x110032 0000 ADD [EAX], AL 0x110034 0000 ADD [EAX], AL 0x110036 0000 ADD [EAX], AL 0x110038 0000 ADD [EAX], AL 0x11003a 0000 ADD [EAX], AL 0x11003c 0000 ADD [EAX], AL 0x11003e 0000 ADD [EAX], AL Process: Greenshot.exe Pid: 4528 Address: 0x1b140000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 121, PrivateMemory: 1, Protection: 6 0x1b140000 00 00 00 00 00 00 00 00 eb 2c b9 a0 da 52 00 01 .........,...R.. 0x1b140010 ee ff ee ff 00 00 00 00 18 00 3b 1b 00 00 00 00 ..........;..... 0x1b140020 28 01 14 1b 00 00 00 00 00 00 14 1b 00 00 00 00 (............... 0x1b140030 00 00 14 1b 00 00 00 00 80 00 00 00 00 00 00 00 ................ 0x1b140000 0000 ADD [EAX], AL 0x1b140002 0000 ADD [EAX], AL 0x1b140004 0000 ADD [EAX], AL 0x1b140006 0000 ADD [EAX], AL 0x1b140008 eb2c JMP 0x1b140036 0x1b14000a b9a0da5200 MOV ECX, 0x52daa0 0x1b14000f 01ee ADD ESI, EBP 0x1b140011 ff DB 0xff 0x1b140012 ee OUT DX, AL 0x1b140013 ff00 INC DWORD [EAX] 0x1b140015 0000 ADD [EAX], AL 0x1b140017 0018 ADD [EAX], BL 0x1b140019 003b ADD [EBX], BH 0x1b14001b 1b00 SBB EAX, [EAX] 0x1b14001d 0000 ADD [EAX], AL 0x1b14001f 0028 ADD [EAX], CH 0x1b140021 01141b ADD [EBX+EBX], EDX 0x1b140024 0000 ADD [EAX], AL 0x1b140026 0000 ADD [EAX], AL 0x1b140028 0000 ADD [EAX], AL 0x1b14002a 141b ADC AL, 0x1b 0x1b14002c 0000 ADD [EAX], AL 0x1b14002e 0000 ADD [EAX], AL 0x1b140030 0000 ADD [EAX], AL 0x1b140032 141b ADC AL, 0x1b 0x1b140034 0000 ADD [EAX], AL 0x1b140036 0000 ADD [EAX], AL 0x1b140038 800000 ADD BYTE [EAX], 0x0 0x1b14003b 0000 ADD [EAX], AL 0x1b14003d 0000 ADD [EAX], AL 0x1b14003f 00 DB 0x0 Process: Greenshot.exe Pid: 4528 Address: 0x1b3b0000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 18, PrivateMemory: 1, Protection: 6 0x1b3b0000 00 00 00 00 00 00 00 00 44 2c b9 0f da 52 01 01 ........D,...R.. 0x1b3b0010 ee ff ee ff 00 00 00 00 28 01 14 1b 00 00 00 00 ........(....... 0x1b3b0020 18 00 14 1b 00 00 00 00 00 00 14 1b 00 00 00 00 ................ 0x1b3b0030 00 00 3b 1b 00 00 00 00 00 01 00 00 00 00 00 00 ..;............. 0x1b3b0000 0000 ADD [EAX], AL 0x1b3b0002 0000 ADD [EAX], AL 0x1b3b0004 0000 ADD [EAX], AL 0x1b3b0006 0000 ADD [EAX], AL 0x1b3b0008 44 INC ESP 0x1b3b0009 2cb9 SUB AL, 0xb9 0x1b3b000b 0fda5201 PMINUB MM2, [EDX+0x1] 0x1b3b000f 01ee ADD ESI, EBP 0x1b3b0011 ff DB 0xff 0x1b3b0012 ee OUT DX, AL 0x1b3b0013 ff00 INC DWORD [EAX] 0x1b3b0015 0000 ADD [EAX], AL 0x1b3b0017 0028 ADD [EAX], CH 0x1b3b0019 01141b ADD [EBX+EBX], EDX 0x1b3b001c 0000 ADD [EAX], AL 0x1b3b001e 0000 ADD [EAX], AL 0x1b3b0020 1800 SBB [EAX], AL 0x1b3b0022 141b ADC AL, 0x1b 0x1b3b0024 0000 ADD [EAX], AL 0x1b3b0026 0000 ADD [EAX], AL 0x1b3b0028 0000 ADD [EAX], AL 0x1b3b002a 141b ADC AL, 0x1b 0x1b3b002c 0000 ADD [EAX], AL 0x1b3b002e 0000 ADD [EAX], AL 0x1b3b0030 0000 ADD [EAX], AL 0x1b3b0032 3b1b CMP EBX, [EBX] 0x1b3b0034 0000 ADD [EAX], AL 0x1b3b0036 0000 ADD [EAX], AL 0x1b3b0038 0001 ADD [ECX], AL 0x1b3b003a 0000 ADD [EAX], AL 0x1b3b003c 0000 ADD [EAX], AL 0x1b3b003e 0000 ADD [EAX], AL Process: iCloudServices Pid: 6436 Address: 0xac0000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x00ac0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x00ac0010 00 00 ac 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x00ac0020 10 00 ac 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x00ac0030 20 00 ac 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0xac0000 0000 ADD [EAX], AL 0xac0002 0000 ADD [EAX], AL 0xac0004 0000 ADD [EAX], AL 0xac0006 0000 ADD [EAX], AL 0xac0008 0000 ADD [EAX], AL 0xac000a 0000 ADD [EAX], AL 0xac000c 0000 ADD [EAX], AL 0xac000e 0000 ADD [EAX], AL 0xac0010 0000 ADD [EAX], AL 0xac0012 ac LODSB 0xac0013 0000 ADD [EAX], AL 0xac0015 0000 ADD [EAX], AL 0xac0017 0000 ADD [EAX], AL 0xac0019 0000 ADD [EAX], AL 0xac001b 0000 ADD [EAX], AL 0xac001d 0000 ADD [EAX], AL 0xac001f 0010 ADD [EAX], DL 0xac0021 00ac0000000000 ADD [EAX+EAX+0x0], CH 0xac0028 0000 ADD [EAX], AL 0xac002a 0000 ADD [EAX], AL 0xac002c 0000 ADD [EAX], AL 0xac002e 0000 ADD [EAX], AL 0xac0030 2000 AND [EAX], AL 0xac0032 ac LODSB 0xac0033 0000 ADD [EAX], AL 0xac0035 0000 ADD [EAX], AL 0xac0037 0000 ADD [EAX], AL 0xac0039 0000 ADD [EAX], AL 0xac003b 0000 ADD [EAX], AL 0xac003d 0000 ADD [EAX], AL 0xac003f 00 DB 0x0 Process: chrome.exe Pid: 6908 Address: 0x2f80000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x02f80000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x02f80010 00 00 f8 02 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x02f80020 10 00 f8 02 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x02f80030 20 00 f8 02 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x2f80000 0000 ADD [EAX], AL 0x2f80002 0000 ADD [EAX], AL 0x2f80004 0000 ADD [EAX], AL 0x2f80006 0000 ADD [EAX], AL 0x2f80008 0000 ADD [EAX], AL 0x2f8000a 0000 ADD [EAX], AL 0x2f8000c 0000 ADD [EAX], AL 0x2f8000e 0000 ADD [EAX], AL 0x2f80010 0000 ADD [EAX], AL 0x2f80012 f8 CLC 0x2f80013 0200 ADD AL, [EAX] 0x2f80015 0000 ADD [EAX], AL 0x2f80017 0000 ADD [EAX], AL 0x2f80019 0000 ADD [EAX], AL 0x2f8001b 0000 ADD [EAX], AL 0x2f8001d 0000 ADD [EAX], AL 0x2f8001f 0010 ADD [EAX], DL 0x2f80021 00f8 ADD AL, BH 0x2f80023 0200 ADD AL, [EAX] 0x2f80025 0000 ADD [EAX], AL 0x2f80027 0000 ADD [EAX], AL 0x2f80029 0000 ADD [EAX], AL 0x2f8002b 0000 ADD [EAX], AL 0x2f8002d 0000 ADD [EAX], AL 0x2f8002f 0020 ADD [EAX], AH 0x2f80031 00f8 ADD AL, BH 0x2f80033 0200 ADD AL, [EAX] 0x2f80035 0000 ADD [EAX], AL 0x2f80037 0000 ADD [EAX], AL 0x2f80039 0000 ADD [EAX], AL 0x2f8003b 0000 ADD [EAX], AL 0x2f8003d 0000 ADD [EAX], AL 0x2f8003f 00 DB 0x0 Process: chrome.exe Pid: 6908 Address: 0x6fff0000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 16, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x6fff0000 64 74 72 52 00 00 00 00 c0 01 ff 6f 00 00 00 00 dtrR.......o.... 0x6fff0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0000 647472 JZ 0x6fff0075 0x6fff0003 52 PUSH EDX 0x6fff0004 0000 ADD [EAX], AL 0x6fff0006 0000 ADD [EAX], AL 0x6fff0008 c001ff ROL BYTE [ECX], 0xff 0x6fff000b 6f OUTS DX, DWORD [ESI] 0x6fff000c 0000 ADD [EAX], AL 0x6fff000e 0000 ADD [EAX], AL 0x6fff0010 0000 ADD [EAX], AL 0x6fff0012 0000 ADD [EAX], AL 0x6fff0014 0000 ADD [EAX], AL 0x6fff0016 0000 ADD [EAX], AL 0x6fff0018 0000 ADD [EAX], AL 0x6fff001a 0000 ADD [EAX], AL 0x6fff001c 0000 ADD [EAX], AL 0x6fff001e 0000 ADD [EAX], AL 0x6fff0020 0000 ADD [EAX], AL 0x6fff0022 0000 ADD [EAX], AL 0x6fff0024 0000 ADD [EAX], AL 0x6fff0026 0000 ADD [EAX], AL 0x6fff0028 0000 ADD [EAX], AL 0x6fff002a 0000 ADD [EAX], AL 0x6fff002c 0000 ADD [EAX], AL 0x6fff002e 0000 ADD [EAX], AL 0x6fff0030 0000 ADD [EAX], AL 0x6fff0032 0000 ADD [EAX], AL 0x6fff0034 0000 ADD [EAX], AL 0x6fff0036 0000 ADD [EAX], AL 0x6fff0038 0000 ADD [EAX], AL 0x6fff003a 0000 ADD [EAX], AL 0x6fff003c 0000 ADD [EAX], AL 0x6fff003e 0000 ADD [EAX], AL Process: chrome.exe Pid: 5828 Address: 0x6fff0000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 16, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x6fff0000 64 74 72 52 00 00 00 00 a0 01 ff 6f 00 00 00 00 dtrR.......o.... 0x6fff0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0000 647472 JZ 0x6fff0075 0x6fff0003 52 PUSH EDX 0x6fff0004 0000 ADD [EAX], AL 0x6fff0006 0000 ADD [EAX], AL 0x6fff0008 a001ff6f00 MOV AL, [0x6fff01] 0x6fff000d 0000 ADD [EAX], AL 0x6fff000f 0000 ADD [EAX], AL 0x6fff0011 0000 ADD [EAX], AL 0x6fff0013 0000 ADD [EAX], AL 0x6fff0015 0000 ADD [EAX], AL 0x6fff0017 0000 ADD [EAX], AL 0x6fff0019 0000 ADD [EAX], AL 0x6fff001b 0000 ADD [EAX], AL 0x6fff001d 0000 ADD [EAX], AL 0x6fff001f 0000 ADD [EAX], AL 0x6fff0021 0000 ADD [EAX], AL 0x6fff0023 0000 ADD [EAX], AL 0x6fff0025 0000 ADD [EAX], AL 0x6fff0027 0000 ADD [EAX], AL 0x6fff0029 0000 ADD [EAX], AL 0x6fff002b 0000 ADD [EAX], AL 0x6fff002d 0000 ADD [EAX], AL 0x6fff002f 0000 ADD [EAX], AL 0x6fff0031 0000 ADD [EAX], AL 0x6fff0033 0000 ADD [EAX], AL 0x6fff0035 0000 ADD [EAX], AL 0x6fff0037 0000 ADD [EAX], AL 0x6fff0039 0000 ADD [EAX], AL 0x6fff003b 0000 ADD [EAX], AL 0x6fff003d 0000 ADD [EAX], AL 0x6fff003f 00 DB 0x0 Process: EvernoteClippe Pid: 7388 Address: 0x2f0000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x002f0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x002f0010 00 00 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 ../............. 0x002f0020 10 00 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 ../............. 0x002f0030 20 00 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 ../............. 0x2f0000 0000 ADD [EAX], AL 0x2f0002 0000 ADD [EAX], AL 0x2f0004 0000 ADD [EAX], AL 0x2f0006 0000 ADD [EAX], AL 0x2f0008 0000 ADD [EAX], AL 0x2f000a 0000 ADD [EAX], AL 0x2f000c 0000 ADD [EAX], AL 0x2f000e 0000 ADD [EAX], AL 0x2f0010 0000 ADD [EAX], AL 0x2f0012 2f DAS 0x2f0013 0000 ADD [EAX], AL 0x2f0015 0000 ADD [EAX], AL 0x2f0017 0000 ADD [EAX], AL 0x2f0019 0000 ADD [EAX], AL 0x2f001b 0000 ADD [EAX], AL 0x2f001d 0000 ADD [EAX], AL 0x2f001f 0010 ADD [EAX], DL 0x2f0021 002f ADD [EDI], CH 0x2f0023 0000 ADD [EAX], AL 0x2f0025 0000 ADD [EAX], AL 0x2f0027 0000 ADD [EAX], AL 0x2f0029 0000 ADD [EAX], AL 0x2f002b 0000 ADD [EAX], AL 0x2f002d 0000 ADD [EAX], AL 0x2f002f 0020 ADD [EAX], AH 0x2f0031 002f ADD [EDI], CH 0x2f0033 0000 ADD [EAX], AL 0x2f0035 0000 ADD [EAX], AL 0x2f0037 0000 ADD [EAX], AL 0x2f0039 0000 ADD [EAX], AL 0x2f003b 0000 ADD [EAX], AL 0x2f003d 0000 ADD [EAX], AL 0x2f003f 00 DB 0x0 Process: MagicDisc.exe Pid: 7400 Address: 0x260000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x00260000 00 00 00 00 59 e9 6e a6 22 00 e8 f5 ff ff ff 00 ....Y.n."....... 0x00260010 00 00 00 00 00 00 00 e8 e8 ff ff ff 0a 00 26 00 ..............&. 0x00260020 00 00 00 00 e8 db ff ff ff 17 00 26 00 00 00 00 ...........&.... 0x00260030 00 e8 ce ff ff ff 24 00 26 00 00 00 00 00 e8 c1 ......$.&....... 0x260000 0000 ADD [EAX], AL 0x260002 0000 ADD [EAX], AL 0x260004 59 POP ECX 0x260005 e96ea62200 JMP 0x48a678 0x26000a e8f5ffffff CALL 0x260004 0x26000f 0000 ADD [EAX], AL 0x260011 0000 ADD [EAX], AL 0x260013 0000 ADD [EAX], AL 0x260015 0000 ADD [EAX], AL 0x260017 e8e8ffffff CALL 0x260004 0x26001c 0a00 OR AL, [EAX] 0x26001e 260000 ADD [ES:EAX], AL 0x260021 0000 ADD [EAX], AL 0x260023 00e8 ADD AL, CH 0x260025 db DB 0xdb 0x260026 ff DB 0xff 0x260027 ff DB 0xff 0x260028 ff17 CALL DWORD [EDI] 0x26002a 0026 ADD [ESI], AH 0x26002c 0000 ADD [EAX], AL 0x26002e 0000 ADD [EAX], AL 0x260030 00e8 ADD AL, CH 0x260032 ce INTO 0x260033 ff DB 0xff 0x260034 ff DB 0xff 0x260035 ff2400 JMP DWORD [EAX+EAX] 0x260038 260000 ADD [ES:EAX], AL 0x26003b 0000 ADD [EAX], AL 0x26003d 00e8 ADD AL, CH 0x26003f c1 DB 0xc1 Process: chrome.exe Pid: 7500 Address: 0xd200000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x0d200000 57 56 8b 7c 24 0c 8b 74 24 10 8b 4c 24 14 3b fe WV.|$..t$..L$.;. 0x0d200010 0f 84 ac 04 00 00 0f 18 0e 83 f9 08 0f 86 97 04 ................ 0x0d200020 00 00 83 f9 3f 0f 86 23 04 00 00 3b fe 0f 87 c6 ....?..#...;.... 0x0d200030 01 00 00 89 f0 2b c7 83 f8 10 0f 82 25 01 00 00 .....+......%... 0xd200000 57 PUSH EDI 0xd200001 56 PUSH ESI 0xd200002 8b7c240c MOV EDI, [ESP+0xc] 0xd200006 8b742410 MOV ESI, [ESP+0x10] 0xd20000a 8b4c2414 MOV ECX, [ESP+0x14] 0xd20000e 3bfe CMP EDI, ESI 0xd200010 0f84ac040000 JZ 0xd2004c2 0xd200016 0f180e PREFETCHT0 [ESI] 0xd200019 83f908 CMP ECX, 0x8 0xd20001c 0f8697040000 JBE 0xd2004b9 0xd200022 83f93f CMP ECX, 0x3f 0xd200025 0f8623040000 JBE 0xd20044e 0xd20002b 3bfe CMP EDI, ESI 0xd20002d 0f87c6010000 JA 0xd2001f9 0xd200033 89f0 MOV EAX, ESI 0xd200035 2bc7 SUB EAX, EDI 0xd200037 83f810 CMP EAX, 0x10 0xd20003a 0f8225010000 JB 0xd200165 Process: chrome.exe Pid: 7508 Address: 0x1e300000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x1e300000 57 56 8b 7c 24 0c 8b 74 24 10 8b 4c 24 14 3b fe WV.|$..t$..L$.;. 0x1e300010 0f 84 ac 04 00 00 0f 18 0e 83 f9 08 0f 86 97 04 ................ 0x1e300020 00 00 83 f9 3f 0f 86 23 04 00 00 3b fe 0f 87 c6 ....?..#...;.... 0x1e300030 01 00 00 89 f0 2b c7 83 f8 10 0f 82 25 01 00 00 .....+......%... 0x1e300000 57 PUSH EDI 0x1e300001 56 PUSH ESI 0x1e300002 8b7c240c MOV EDI, [ESP+0xc] 0x1e300006 8b742410 MOV ESI, [ESP+0x10] 0x1e30000a 8b4c2414 MOV ECX, [ESP+0x14] 0x1e30000e 3bfe CMP EDI, ESI 0x1e300010 0f84ac040000 JZ 0x1e3004c2 0x1e300016 0f180e PREFETCHT0 [ESI] 0x1e300019 83f908 CMP ECX, 0x8 0x1e30001c 0f8697040000 JBE 0x1e3004b9 0x1e300022 83f93f CMP ECX, 0x3f 0x1e300025 0f8623040000 JBE 0x1e30044e 0x1e30002b 3bfe CMP EDI, ESI 0x1e30002d 0f87c6010000 JA 0x1e3001f9 0x1e300033 89f0 MOV EAX, ESI 0x1e300035 2bc7 SUB EAX, EDI 0x1e300037 83f810 CMP EAX, 0x10 0x1e30003a 0f8225010000 JB 0x1e300165 Process: chrome.exe Pid: 7516 Address: 0x36e00000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x36e00000 57 56 8b 7c 24 0c 8b 74 24 10 8b 4c 24 14 3b fe WV.|$..t$..L$.;. 0x36e00010 0f 84 ac 04 00 00 0f 18 0e 83 f9 08 0f 86 97 04 ................ 0x36e00020 00 00 83 f9 3f 0f 86 23 04 00 00 3b fe 0f 87 c6 ....?..#...;.... 0x36e00030 01 00 00 89 f0 2b c7 83 f8 10 0f 82 25 01 00 00 .....+......%... 0x36e00000 57 PUSH EDI 0x36e00001 56 PUSH ESI 0x36e00002 8b7c240c MOV EDI, [ESP+0xc] 0x36e00006 8b742410 MOV ESI, [ESP+0x10] 0x36e0000a 8b4c2414 MOV ECX, [ESP+0x14] 0x36e0000e 3bfe CMP EDI, ESI 0x36e00010 0f84ac040000 JZ 0x36e004c2 0x36e00016 0f180e PREFETCHT0 [ESI] 0x36e00019 83f908 CMP ECX, 0x8 0x36e0001c 0f8697040000 JBE 0x36e004b9 0x36e00022 83f93f CMP ECX, 0x3f 0x36e00025 0f8623040000 JBE 0x36e0044e 0x36e0002b 3bfe CMP EDI, ESI 0x36e0002d 0f87c6010000 JA 0x36e001f9 0x36e00033 89f0 MOV EAX, ESI 0x36e00035 2bc7 SUB EAX, EDI 0x36e00037 83f810 CMP EAX, 0x10 0x36e0003a 0f8225010000 JB 0x36e00165 Process: chrome.exe Pid: 7544 Address: 0x1d000000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x1d000000 57 56 8b 7c 24 0c 8b 74 24 10 8b 4c 24 14 3b fe WV.|$..t$..L$.;. 0x1d000010 0f 84 ac 04 00 00 0f 18 0e 83 f9 08 0f 86 97 04 ................ 0x1d000020 00 00 83 f9 3f 0f 86 23 04 00 00 3b fe 0f 87 c6 ....?..#...;.... 0x1d000030 01 00 00 89 f0 2b c7 83 f8 10 0f 82 25 01 00 00 .....+......%... 0x1d000000 57 PUSH EDI 0x1d000001 56 PUSH ESI 0x1d000002 8b7c240c MOV EDI, [ESP+0xc] 0x1d000006 8b742410 MOV ESI, [ESP+0x10] 0x1d00000a 8b4c2414 MOV ECX, [ESP+0x14] 0x1d00000e 3bfe CMP EDI, ESI 0x1d000010 0f84ac040000 JZ 0x1d0004c2 0x1d000016 0f180e PREFETCHT0 [ESI] 0x1d000019 83f908 CMP ECX, 0x8 0x1d00001c 0f8697040000 JBE 0x1d0004b9 0x1d000022 83f93f CMP ECX, 0x3f 0x1d000025 0f8623040000 JBE 0x1d00044e 0x1d00002b 3bfe CMP EDI, ESI 0x1d00002d 0f87c6010000 JA 0x1d0001f9 0x1d000033 89f0 MOV EAX, ESI 0x1d000035 2bc7 SUB EAX, EDI 0x1d000037 83f810 CMP EAX, 0x10 0x1d00003a 0f8225010000 JB 0x1d000165 Process: chrome.exe Pid: 7544 Address: 0x6fff0000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 16, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x6fff0000 64 74 72 52 00 00 00 00 a0 01 ff 6f 00 00 00 00 dtrR.......o.... 0x6fff0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0000 647472 JZ 0x6fff0075 0x6fff0003 52 PUSH EDX 0x6fff0004 0000 ADD [EAX], AL 0x6fff0006 0000 ADD [EAX], AL 0x6fff0008 a001ff6f00 MOV AL, [0x6fff01] 0x6fff000d 0000 ADD [EAX], AL 0x6fff000f 0000 ADD [EAX], AL 0x6fff0011 0000 ADD [EAX], AL 0x6fff0013 0000 ADD [EAX], AL 0x6fff0015 0000 ADD [EAX], AL 0x6fff0017 0000 ADD [EAX], AL 0x6fff0019 0000 ADD [EAX], AL 0x6fff001b 0000 ADD [EAX], AL 0x6fff001d 0000 ADD [EAX], AL 0x6fff001f 0000 ADD [EAX], AL 0x6fff0021 0000 ADD [EAX], AL 0x6fff0023 0000 ADD [EAX], AL 0x6fff0025 0000 ADD [EAX], AL 0x6fff0027 0000 ADD [EAX], AL 0x6fff0029 0000 ADD [EAX], AL 0x6fff002b 0000 ADD [EAX], AL 0x6fff002d 0000 ADD [EAX], AL 0x6fff002f 0000 ADD [EAX], AL 0x6fff0031 0000 ADD [EAX], AL 0x6fff0033 0000 ADD [EAX], AL 0x6fff0035 0000 ADD [EAX], AL 0x6fff0037 0000 ADD [EAX], AL 0x6fff0039 0000 ADD [EAX], AL 0x6fff003b 0000 ADD [EAX], AL 0x6fff003d 0000 ADD [EAX], AL 0x6fff003f 00 DB 0x0 Process: chrome.exe Pid: 7568 Address: 0x1dc00000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x1dc00000 57 56 8b 7c 24 0c 8b 74 24 10 8b 4c 24 14 3b fe WV.|$..t$..L$.;. 0x1dc00010 0f 84 ac 04 00 00 0f 18 0e 83 f9 08 0f 86 97 04 ................ 0x1dc00020 00 00 83 f9 3f 0f 86 23 04 00 00 3b fe 0f 87 c6 ....?..#...;.... 0x1dc00030 01 00 00 89 f0 2b c7 83 f8 10 0f 82 25 01 00 00 .....+......%... 0x1dc00000 57 PUSH EDI 0x1dc00001 56 PUSH ESI 0x1dc00002 8b7c240c MOV EDI, [ESP+0xc] 0x1dc00006 8b742410 MOV ESI, [ESP+0x10] 0x1dc0000a 8b4c2414 MOV ECX, [ESP+0x14] 0x1dc0000e 3bfe CMP EDI, ESI 0x1dc00010 0f84ac040000 JZ 0x1dc004c2 0x1dc00016 0f180e PREFETCHT0 [ESI] 0x1dc00019 83f908 CMP ECX, 0x8 0x1dc0001c 0f8697040000 JBE 0x1dc004b9 0x1dc00022 83f93f CMP ECX, 0x3f 0x1dc00025 0f8623040000 JBE 0x1dc0044e 0x1dc0002b 3bfe CMP EDI, ESI 0x1dc0002d 0f87c6010000 JA 0x1dc001f9 0x1dc00033 89f0 MOV EAX, ESI 0x1dc00035 2bc7 SUB EAX, EDI 0x1dc00037 83f810 CMP EAX, 0x10 0x1dc0003a 0f8225010000 JB 0x1dc00165 Process: ALMon.exe Pid: 7672 Address: 0x600000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x00600000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x00600010 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 ..`............. 0x00600020 10 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 ..`............. 0x00600030 20 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 ..`............. 0x600000 0000 ADD [EAX], AL 0x600002 0000 ADD [EAX], AL 0x600004 0000 ADD [EAX], AL 0x600006 0000 ADD [EAX], AL 0x600008 0000 ADD [EAX], AL 0x60000a 0000 ADD [EAX], AL 0x60000c 0000 ADD [EAX], AL 0x60000e 0000 ADD [EAX], AL 0x600010 0000 ADD [EAX], AL 0x600012 60 PUSHA 0x600013 0000 ADD [EAX], AL 0x600015 0000 ADD [EAX], AL 0x600017 0000 ADD [EAX], AL 0x600019 0000 ADD [EAX], AL 0x60001b 0000 ADD [EAX], AL 0x60001d 0000 ADD [EAX], AL 0x60001f 0010 ADD [EAX], DL 0x600021 006000 ADD [EAX+0x0], AH 0x600024 0000 ADD [EAX], AL 0x600026 0000 ADD [EAX], AL 0x600028 0000 ADD [EAX], AL 0x60002a 0000 ADD [EAX], AL 0x60002c 0000 ADD [EAX], AL 0x60002e 0000 ADD [EAX], AL 0x600030 2000 AND [EAX], AL 0x600032 60 PUSHA 0x600033 0000 ADD [EAX], AL 0x600035 0000 ADD [EAX], AL 0x600037 0000 ADD [EAX], AL 0x600039 0000 ADD [EAX], AL 0x60003b 0000 ADD [EAX], AL 0x60003d 0000 ADD [EAX], AL 0x60003f 00 DB 0x0 Process: SPMService.exe Pid: 9036 Address: 0x130000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x00130000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x00130010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x00130020 00 00 13 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x00130030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x130000 0000 ADD [EAX], AL 0x130002 0000 ADD [EAX], AL 0x130004 0000 ADD [EAX], AL 0x130006 0000 ADD [EAX], AL 0x130008 0000 ADD [EAX], AL 0x13000a 0000 ADD [EAX], AL 0x13000c 0000 ADD [EAX], AL 0x13000e 0000 ADD [EAX], AL 0x130010 0000 ADD [EAX], AL 0x130012 0000 ADD [EAX], AL 0x130014 0000 ADD [EAX], AL 0x130016 0000 ADD [EAX], AL 0x130018 0000 ADD [EAX], AL 0x13001a 0000 ADD [EAX], AL 0x13001c 0000 ADD [EAX], AL 0x13001e 0000 ADD [EAX], AL 0x130020 0000 ADD [EAX], AL 0x130022 1300 ADC EAX, [EAX] 0x130024 0000 ADD [EAX], AL 0x130026 0000 ADD [EAX], AL 0x130028 0000 ADD [EAX], AL 0x13002a 0000 ADD [EAX], AL 0x13002c 0000 ADD [EAX], AL 0x13002e 0000 ADD [EAX], AL 0x130030 0000 ADD [EAX], AL 0x130032 0000 ADD [EAX], AL 0x130034 0000 ADD [EAX], AL 0x130036 0000 ADD [EAX], AL 0x130038 0000 ADD [EAX], AL 0x13003a 0000 ADD [EAX], AL 0x13003c 0000 ADD [EAX], AL 0x13003e 0000 ADD [EAX], AL Process: chrome.exe Pid: 9008 Address: 0x3f400000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x3f400000 57 56 8b 7c 24 0c 8b 74 24 10 8b 4c 24 14 3b fe WV.|$..t$..L$.;. 0x3f400010 0f 84 ac 04 00 00 0f 18 0e 83 f9 08 0f 86 97 04 ................ 0x3f400020 00 00 83 f9 3f 0f 86 23 04 00 00 3b fe 0f 87 c6 ....?..#...;.... 0x3f400030 01 00 00 89 f0 2b c7 83 f8 10 0f 82 25 01 00 00 .....+......%... 0x3f400000 57 PUSH EDI 0x3f400001 56 PUSH ESI 0x3f400002 8b7c240c MOV EDI, [ESP+0xc] 0x3f400006 8b742410 MOV ESI, [ESP+0x10] 0x3f40000a 8b4c2414 MOV ECX, [ESP+0x14] 0x3f40000e 3bfe CMP EDI, ESI 0x3f400010 0f84ac040000 JZ 0x3f4004c2 0x3f400016 0f180e PREFETCHT0 [ESI] 0x3f400019 83f908 CMP ECX, 0x8 0x3f40001c 0f8697040000 JBE 0x3f4004b9 0x3f400022 83f93f CMP ECX, 0x3f 0x3f400025 0f8623040000 JBE 0x3f40044e 0x3f40002b 3bfe CMP EDI, ESI 0x3f40002d 0f87c6010000 JA 0x3f4001f9 0x3f400033 89f0 MOV EAX, ESI 0x3f400035 2bc7 SUB EAX, EDI 0x3f400037 83f810 CMP EAX, 0x10 0x3f40003a 0f8225010000 JB 0x3f400165 Process: VUAgent.exe Pid: 3176 Address: 0x110000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x00110000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x00110010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x00110020 00 00 11 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x00110030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x110000 0000 ADD [EAX], AL 0x110002 0000 ADD [EAX], AL 0x110004 0000 ADD [EAX], AL 0x110006 0000 ADD [EAX], AL 0x110008 0000 ADD [EAX], AL 0x11000a 0000 ADD [EAX], AL 0x11000c 0000 ADD [EAX], AL 0x11000e 0000 ADD [EAX], AL 0x110010 0000 ADD [EAX], AL 0x110012 0000 ADD [EAX], AL 0x110014 0000 ADD [EAX], AL 0x110016 0000 ADD [EAX], AL 0x110018 0000 ADD [EAX], AL 0x11001a 0000 ADD [EAX], AL 0x11001c 0000 ADD [EAX], AL 0x11001e 0000 ADD [EAX], AL 0x110020 0000 ADD [EAX], AL 0x110022 1100 ADC [EAX], EAX 0x110024 0000 ADD [EAX], AL 0x110026 0000 ADD [EAX], AL 0x110028 0000 ADD [EAX], AL 0x11002a 0000 ADD [EAX], AL 0x11002c 0000 ADD [EAX], AL 0x11002e 0000 ADD [EAX], AL 0x110030 0000 ADD [EAX], AL 0x110032 0000 ADD [EAX], AL 0x110034 0000 ADD [EAX], AL 0x110036 0000 ADD [EAX], AL 0x110038 0000 ADD [EAX], AL 0x11003a 0000 ADD [EAX], AL 0x11003c 0000 ADD [EAX], AL 0x11003e 0000 ADD [EAX], AL Process: VCSystemTray.e Pid: 10872 Address: 0x1baa0000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 115, PrivateMemory: 1, Protection: 6 0x1baa0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x1baa0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x1baa0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x1baa0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x1baa0000 0000 ADD [EAX], AL 0x1baa0002 0000 ADD [EAX], AL 0x1baa0004 0000 ADD [EAX], AL 0x1baa0006 0000 ADD [EAX], AL 0x1baa0008 0000 ADD [EAX], AL 0x1baa000a 0000 ADD [EAX], AL 0x1baa000c 0000 ADD [EAX], AL 0x1baa000e 0000 ADD [EAX], AL 0x1baa0010 0000 ADD [EAX], AL 0x1baa0012 0000 ADD [EAX], AL 0x1baa0014 0000 ADD [EAX], AL 0x1baa0016 0000 ADD [EAX], AL 0x1baa0018 0000 ADD [EAX], AL 0x1baa001a 0000 ADD [EAX], AL 0x1baa001c 0000 ADD [EAX], AL 0x1baa001e 0000 ADD [EAX], AL 0x1baa0020 0000 ADD [EAX], AL 0x1baa0022 0000 ADD [EAX], AL 0x1baa0024 0000 ADD [EAX], AL 0x1baa0026 0000 ADD [EAX], AL 0x1baa0028 0000 ADD [EAX], AL 0x1baa002a 0000 ADD [EAX], AL 0x1baa002c 0000 ADD [EAX], AL 0x1baa002e 0000 ADD [EAX], AL 0x1baa0030 0000 ADD [EAX], AL 0x1baa0032 0000 ADD [EAX], AL 0x1baa0034 0000 ADD [EAX], AL 0x1baa0036 0000 ADD [EAX], AL 0x1baa0038 0000 ADD [EAX], AL 0x1baa003a 0000 ADD [EAX], AL 0x1baa003c 0000 ADD [EAX], AL 0x1baa003e 0000 ADD [EAX], AL Process: VCAgent.exe Pid: 8444 Address: 0x770000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 2, PrivateMemory: 1, Protection: 6 0x00770000 00 00 00 00 00 00 00 00 b9 23 f6 86 a3 4d 00 01 .........#...M.. 0x00770010 ee ff ee ff 00 00 00 00 28 01 77 00 00 00 00 00 ........(.w..... 0x00770020 28 01 77 00 00 00 00 00 00 00 77 00 00 00 00 00 (.w.......w..... 0x00770030 00 00 77 00 00 00 00 00 80 00 00 00 00 00 00 00 ..w............. 0x770000 0000 ADD [EAX], AL 0x770002 0000 ADD [EAX], AL 0x770004 0000 ADD [EAX], AL 0x770006 0000 ADD [EAX], AL 0x770008 b923f686a3 MOV ECX, 0xa386f623 0x77000d 4d DEC EBP 0x77000e 0001 ADD [ECX], AL 0x770010 ee OUT DX, AL 0x770011 ff DB 0xff 0x770012 ee OUT DX, AL 0x770013 ff00 INC DWORD [EAX] 0x770015 0000 ADD [EAX], AL 0x770017 0028 ADD [EAX], CH 0x770019 017700 ADD [EDI+0x0], ESI 0x77001c 0000 ADD [EAX], AL 0x77001e 0000 ADD [EAX], AL 0x770020 2801 SUB [ECX], AL 0x770022 7700 JA 0x770024 0x770024 0000 ADD [EAX], AL 0x770026 0000 ADD [EAX], AL 0x770028 0000 ADD [EAX], AL 0x77002a 7700 JA 0x77002c 0x77002c 0000 ADD [EAX], AL 0x77002e 0000 ADD [EAX], AL 0x770030 0000 ADD [EAX], AL 0x770032 7700 JA 0x770034 0x770034 0000 ADD [EAX], AL 0x770036 0000 ADD [EAX], AL 0x770038 800000 ADD BYTE [EAX], 0x0 0x77003b 0000 ADD [EAX], AL 0x77003d 0000 ADD [EAX], AL 0x77003f 00 DB 0x0 Process: VCAgent.exe Pid: 8444 Address: 0x1bb70000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 110, PrivateMemory: 1, Protection: 6 0x1bb70000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x1bb70010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x1bb70020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x1bb70030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x1bb70000 0000 ADD [EAX], AL 0x1bb70002 0000 ADD [EAX], AL 0x1bb70004 0000 ADD [EAX], AL 0x1bb70006 0000 ADD [EAX], AL 0x1bb70008 0000 ADD [EAX], AL 0x1bb7000a 0000 ADD [EAX], AL 0x1bb7000c 0000 ADD [EAX], AL 0x1bb7000e 0000 ADD [EAX], AL 0x1bb70010 0000 ADD [EAX], AL 0x1bb70012 0000 ADD [EAX], AL 0x1bb70014 0000 ADD [EAX], AL 0x1bb70016 0000 ADD [EAX], AL 0x1bb70018 0000 ADD [EAX], AL 0x1bb7001a 0000 ADD [EAX], AL 0x1bb7001c 0000 ADD [EAX], AL 0x1bb7001e 0000 ADD [EAX], AL 0x1bb70020 0000 ADD [EAX], AL 0x1bb70022 0000 ADD [EAX], AL 0x1bb70024 0000 ADD [EAX], AL 0x1bb70026 0000 ADD [EAX], AL 0x1bb70028 0000 ADD [EAX], AL 0x1bb7002a 0000 ADD [EAX], AL 0x1bb7002c 0000 ADD [EAX], AL 0x1bb7002e 0000 ADD [EAX], AL 0x1bb70030 0000 ADD [EAX], AL 0x1bb70032 0000 ADD [EAX], AL 0x1bb70034 0000 ADD [EAX], AL 0x1bb70036 0000 ADD [EAX], AL 0x1bb70038 0000 ADD [EAX], AL 0x1bb7003a 0000 ADD [EAX], AL 0x1bb7003c 0000 ADD [EAX], AL 0x1bb7003e 0000 ADD [EAX], AL Process: VCAgent.exe Pid: 8444 Address: 0x7fffff10000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 2, PrivateMemory: 1, Protection: 6 0x7fffff10000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x7fffff10010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x7fffff10020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x7fffff10030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0xfff10000 0000 ADD [EAX], AL 0xfff10002 0000 ADD [EAX], AL 0xfff10004 0000 ADD [EAX], AL 0xfff10006 0000 ADD [EAX], AL 0xfff10008 0000 ADD [EAX], AL 0xfff1000a 0000 ADD [EAX], AL 0xfff1000c 0000 ADD [EAX], AL 0xfff1000e 0000 ADD [EAX], AL 0xfff10010 0000 ADD [EAX], AL 0xfff10012 0000 ADD [EAX], AL 0xfff10014 0000 ADD [EAX], AL 0xfff10016 0000 ADD [EAX], AL 0xfff10018 0000 ADD [EAX], AL 0xfff1001a 0000 ADD [EAX], AL 0xfff1001c 0000 ADD [EAX], AL 0xfff1001e 0000 ADD [EAX], AL 0xfff10020 0000 ADD [EAX], AL 0xfff10022 0000 ADD [EAX], AL 0xfff10024 0000 ADD [EAX], AL 0xfff10026 0000 ADD [EAX], AL 0xfff10028 0000 ADD [EAX], AL 0xfff1002a 0000 ADD [EAX], AL 0xfff1002c 0000 ADD [EAX], AL 0xfff1002e 0000 ADD [EAX], AL 0xfff10030 0000 ADD [EAX], AL 0xfff10032 0000 ADD [EAX], AL 0xfff10034 0000 ADD [EAX], AL 0xfff10036 0000 ADD [EAX], AL 0xfff10038 0000 ADD [EAX], AL 0xfff1003a 0000 ADD [EAX], AL 0xfff1003c 0000 ADD [EAX], AL 0xfff1003e 0000 ADD [EAX], AL Process: VCAdmin.exe Pid: 16508 Address: 0x1bd10000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 115, PrivateMemory: 1, Protection: 6 0x1bd10000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x1bd10010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x1bd10020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x1bd10030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x1bd10000 0000 ADD [EAX], AL 0x1bd10002 0000 ADD [EAX], AL 0x1bd10004 0000 ADD [EAX], AL 0x1bd10006 0000 ADD [EAX], AL 0x1bd10008 0000 ADD [EAX], AL 0x1bd1000a 0000 ADD [EAX], AL 0x1bd1000c 0000 ADD [EAX], AL 0x1bd1000e 0000 ADD [EAX], AL 0x1bd10010 0000 ADD [EAX], AL 0x1bd10012 0000 ADD [EAX], AL 0x1bd10014 0000 ADD [EAX], AL 0x1bd10016 0000 ADD [EAX], AL 0x1bd10018 0000 ADD [EAX], AL 0x1bd1001a 0000 ADD [EAX], AL 0x1bd1001c 0000 ADD [EAX], AL 0x1bd1001e 0000 ADD [EAX], AL 0x1bd10020 0000 ADD [EAX], AL 0x1bd10022 0000 ADD [EAX], AL 0x1bd10024 0000 ADD [EAX], AL 0x1bd10026 0000 ADD [EAX], AL 0x1bd10028 0000 ADD [EAX], AL 0x1bd1002a 0000 ADD [EAX], AL 0x1bd1002c 0000 ADD [EAX], AL 0x1bd1002e 0000 ADD [EAX], AL 0x1bd10030 0000 ADD [EAX], AL 0x1bd10032 0000 ADD [EAX], AL 0x1bd10034 0000 ADD [EAX], AL 0x1bd10036 0000 ADD [EAX], AL 0x1bd10038 0000 ADD [EAX], AL 0x1bd1003a 0000 ADD [EAX], AL 0x1bd1003c 0000 ADD [EAX], AL 0x1bd1003e 0000 ADD [EAX], AL Process: IOLOTO~1.EXE Pid: 16832 Address: 0xa20000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x00a20000 00 00 00 00 59 e9 62 ef a2 ff e8 f5 ff ff ff 00 ....Y.b......... 0x00a20010 00 00 00 00 00 00 00 e8 e8 ff ff ff 0a 00 a2 00 ................ 0x00a20020 00 00 00 00 e8 db ff ff ff 17 00 a2 00 00 00 00 ................ 0x00a20030 00 e8 ce ff ff ff 24 00 a2 00 00 00 00 00 e8 c1 ......$......... 0xa20000 0000 ADD [EAX], AL 0xa20002 0000 ADD [EAX], AL 0xa20004 59 POP ECX 0xa20005 e962efa2ff JMP 0x44ef6c 0xa2000a e8f5ffffff CALL 0xa20004 0xa2000f 0000 ADD [EAX], AL 0xa20011 0000 ADD [EAX], AL 0xa20013 0000 ADD [EAX], AL 0xa20015 0000 ADD [EAX], AL 0xa20017 e8e8ffffff CALL 0xa20004 0xa2001c 0a00 OR AL, [EAX] 0xa2001e a200000000 MOV [0x0], AL 0xa20023 00e8 ADD AL, CH 0xa20025 db DB 0xdb 0xa20026 ff DB 0xff 0xa20027 ff DB 0xff 0xa20028 ff17 CALL DWORD [EDI] 0xa2002a 00a200000000 ADD [EDX+0x0], AH 0xa20030 00e8 ADD AL, CH 0xa20032 ce INTO 0xa20033 ff DB 0xff 0xa20034 ff DB 0xff 0xa20035 ff2400 JMP DWORD [EAX+EAX] 0xa20038 a200000000 MOV [0x0], AL 0xa2003d 00e8 ADD AL, CH 0xa2003f c1 DB 0xc1 Process: TeamViewer.exe Pid: 36028 Address: 0x1c0000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x001c0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x001c0010 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x001c0020 10 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x001c0030 20 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x1c0000 0000 ADD [EAX], AL 0x1c0002 0000 ADD [EAX], AL 0x1c0004 0000 ADD [EAX], AL 0x1c0006 0000 ADD [EAX], AL 0x1c0008 0000 ADD [EAX], AL 0x1c000a 0000 ADD [EAX], AL 0x1c000c 0000 ADD [EAX], AL 0x1c000e 0000 ADD [EAX], AL 0x1c0010 0000 ADD [EAX], AL 0x1c0012 1c00 SBB AL, 0x0 0x1c0014 0000 ADD [EAX], AL 0x1c0016 0000 ADD [EAX], AL 0x1c0018 0000 ADD [EAX], AL 0x1c001a 0000 ADD [EAX], AL 0x1c001c 0000 ADD [EAX], AL 0x1c001e 0000 ADD [EAX], AL 0x1c0020 1000 ADC [EAX], AL 0x1c0022 1c00 SBB AL, 0x0 0x1c0024 0000 ADD [EAX], AL 0x1c0026 0000 ADD [EAX], AL 0x1c0028 0000 ADD [EAX], AL 0x1c002a 0000 ADD [EAX], AL 0x1c002c 0000 ADD [EAX], AL 0x1c002e 0000 ADD [EAX], AL 0x1c0030 2000 AND [EAX], AL 0x1c0032 1c00 SBB AL, 0x0 0x1c0034 0000 ADD [EAX], AL 0x1c0036 0000 ADD [EAX], AL 0x1c0038 0000 ADD [EAX], AL 0x1c003a 0000 ADD [EAX], AL 0x1c003c 0000 ADD [EAX], AL 0x1c003e 0000 ADD [EAX], AL Process: explorer.exe Pid: 53124 Address: 0x60a0000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x060a0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x060a0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x060a0020 00 00 0a 06 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x060a0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x60a0000 0000 ADD [EAX], AL 0x60a0002 0000 ADD [EAX], AL 0x60a0004 0000 ADD [EAX], AL 0x60a0006 0000 ADD [EAX], AL 0x60a0008 0000 ADD [EAX], AL 0x60a000a 0000 ADD [EAX], AL 0x60a000c 0000 ADD [EAX], AL 0x60a000e 0000 ADD [EAX], AL 0x60a0010 0000 ADD [EAX], AL 0x60a0012 0000 ADD [EAX], AL 0x60a0014 0000 ADD [EAX], AL 0x60a0016 0000 ADD [EAX], AL 0x60a0018 0000 ADD [EAX], AL 0x60a001a 0000 ADD [EAX], AL 0x60a001c 0000 ADD [EAX], AL 0x60a001e 0000 ADD [EAX], AL 0x60a0020 0000 ADD [EAX], AL 0x60a0022 0a06 OR AL, [ESI] 0x60a0024 0000 ADD [EAX], AL 0x60a0026 0000 ADD [EAX], AL 0x60a0028 0000 ADD [EAX], AL 0x60a002a 0000 ADD [EAX], AL 0x60a002c 0000 ADD [EAX], AL 0x60a002e 0000 ADD [EAX], AL 0x60a0030 0000 ADD [EAX], AL 0x60a0032 0000 ADD [EAX], AL 0x60a0034 0000 ADD [EAX], AL 0x60a0036 0000 ADD [EAX], AL 0x60a0038 0000 ADD [EAX], AL 0x60a003a 0000 ADD [EAX], AL 0x60a003c 0000 ADD [EAX], AL 0x60a003e 0000 ADD [EAX], AL Process: explorer.exe Pid: 53124 Address: 0x7feff030000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 16, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x7feff030000 64 74 72 52 00 00 00 00 00 00 ff 6f 00 00 00 00 dtrR.......o.... 0x7feff030010 e0 00 03 ff fe 07 00 00 00 00 00 00 00 00 00 00 ................ 0x7feff030020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x7feff030030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0xff030000 647472 JZ 0xff030075 0xff030003 52 PUSH EDX 0xff030004 0000 ADD [EAX], AL 0xff030006 0000 ADD [EAX], AL 0xff030008 0000 ADD [EAX], AL 0xff03000a ff6f00 JMP FAR DWORD [EDI+0x0] 0xff03000d 0000 ADD [EAX], AL 0xff03000f 00e0 ADD AL, AH 0xff030011 0003 ADD [EBX], AL 0xff030013 ff DB 0xff 0xff030014 fe07 INC BYTE [EDI] 0xff030016 0000 ADD [EAX], AL 0xff030018 0000 ADD [EAX], AL 0xff03001a 0000 ADD [EAX], AL 0xff03001c 0000 ADD [EAX], AL 0xff03001e 0000 ADD [EAX], AL 0xff030020 0000 ADD [EAX], AL 0xff030022 0000 ADD [EAX], AL 0xff030024 0000 ADD [EAX], AL 0xff030026 0000 ADD [EAX], AL 0xff030028 0000 ADD [EAX], AL 0xff03002a 0000 ADD [EAX], AL 0xff03002c 0000 ADD [EAX], AL 0xff03002e 0000 ADD [EAX], AL 0xff030030 0000 ADD [EAX], AL 0xff030032 0000 ADD [EAX], AL 0xff030034 0000 ADD [EAX], AL 0xff030036 0000 ADD [EAX], AL 0xff030038 0000 ADD [EAX], AL 0xff03003a 0000 ADD [EAX], AL 0xff03003c 0000 ADD [EAX], AL 0xff03003e 0000 ADD [EAX], AL Process: chrome.exe Pid: 56964 Address: 0xf000000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x0f000000 57 56 8b 7c 24 0c 8b 74 24 10 8b 4c 24 14 3b fe WV.|$..t$..L$.;. 0x0f000010 0f 84 ac 04 00 00 0f 18 0e 83 f9 08 0f 86 97 04 ................ 0x0f000020 00 00 83 f9 3f 0f 86 23 04 00 00 3b fe 0f 87 c6 ....?..#...;.... 0x0f000030 01 00 00 89 f0 2b c7 83 f8 10 0f 82 25 01 00 00 .....+......%... 0xf000000 57 PUSH EDI 0xf000001 56 PUSH ESI 0xf000002 8b7c240c MOV EDI, [ESP+0xc] 0xf000006 8b742410 MOV ESI, [ESP+0x10] 0xf00000a 8b4c2414 MOV ECX, [ESP+0x14] 0xf00000e 3bfe CMP EDI, ESI 0xf000010 0f84ac040000 JZ 0xf0004c2 0xf000016 0f180e PREFETCHT0 [ESI] 0xf000019 83f908 CMP ECX, 0x8 0xf00001c 0f8697040000 JBE 0xf0004b9 0xf000022 83f93f CMP ECX, 0x3f 0xf000025 0f8623040000 JBE 0xf00044e 0xf00002b 3bfe CMP EDI, ESI 0xf00002d 0f87c6010000 JA 0xf0001f9 0xf000033 89f0 MOV EAX, ESI 0xf000035 2bc7 SUB EAX, EDI 0xf000037 83f810 CMP EAX, 0x10 0xf00003a 0f8225010000 JB 0xf000165 Process: chrome.exe Pid: 56964 Address: 0x6fff0000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 16, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x6fff0000 64 74 72 52 00 00 00 00 a0 01 ff 6f 00 00 00 00 dtrR.......o.... 0x6fff0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0000 647472 JZ 0x6fff0075 0x6fff0003 52 PUSH EDX 0x6fff0004 0000 ADD [EAX], AL 0x6fff0006 0000 ADD [EAX], AL 0x6fff0008 a001ff6f00 MOV AL, [0x6fff01] 0x6fff000d 0000 ADD [EAX], AL 0x6fff000f 0000 ADD [EAX], AL 0x6fff0011 0000 ADD [EAX], AL 0x6fff0013 0000 ADD [EAX], AL 0x6fff0015 0000 ADD [EAX], AL 0x6fff0017 0000 ADD [EAX], AL 0x6fff0019 0000 ADD [EAX], AL 0x6fff001b 0000 ADD [EAX], AL 0x6fff001d 0000 ADD [EAX], AL 0x6fff001f 0000 ADD [EAX], AL 0x6fff0021 0000 ADD [EAX], AL 0x6fff0023 0000 ADD [EAX], AL 0x6fff0025 0000 ADD [EAX], AL 0x6fff0027 0000 ADD [EAX], AL 0x6fff0029 0000 ADD [EAX], AL 0x6fff002b 0000 ADD [EAX], AL 0x6fff002d 0000 ADD [EAX], AL 0x6fff002f 0000 ADD [EAX], AL 0x6fff0031 0000 ADD [EAX], AL 0x6fff0033 0000 ADD [EAX], AL 0x6fff0035 0000 ADD [EAX], AL 0x6fff0037 0000 ADD [EAX], AL 0x6fff0039 0000 ADD [EAX], AL 0x6fff003b 0000 ADD [EAX], AL 0x6fff003d 0000 ADD [EAX], AL 0x6fff003f 00 DB 0x0 Process: chrome.exe Pid: 33292 Address: 0x15b00000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x15b00000 57 56 8b 7c 24 0c 8b 74 24 10 8b 4c 24 14 3b fe WV.|$..t$..L$.;. 0x15b00010 0f 84 ac 04 00 00 0f 18 0e 83 f9 08 0f 86 97 04 ................ 0x15b00020 00 00 83 f9 3f 0f 86 23 04 00 00 3b fe 0f 87 c6 ....?..#...;.... 0x15b00030 01 00 00 89 f0 2b c7 83 f8 10 0f 82 25 01 00 00 .....+......%... 0x15b00000 57 PUSH EDI 0x15b00001 56 PUSH ESI 0x15b00002 8b7c240c MOV EDI, [ESP+0xc] 0x15b00006 8b742410 MOV ESI, [ESP+0x10] 0x15b0000a 8b4c2414 MOV ECX, [ESP+0x14] 0x15b0000e 3bfe CMP EDI, ESI 0x15b00010 0f84ac040000 JZ 0x15b004c2 0x15b00016 0f180e PREFETCHT0 [ESI] 0x15b00019 83f908 CMP ECX, 0x8 0x15b0001c 0f8697040000 JBE 0x15b004b9 0x15b00022 83f93f CMP ECX, 0x3f 0x15b00025 0f8623040000 JBE 0x15b0044e 0x15b0002b 3bfe CMP EDI, ESI 0x15b0002d 0f87c6010000 JA 0x15b001f9 0x15b00033 89f0 MOV EAX, ESI 0x15b00035 2bc7 SUB EAX, EDI 0x15b00037 83f810 CMP EAX, 0x10 0x15b0003a 0f8225010000 JB 0x15b00165 Process: chrome.exe Pid: 60916 Address: 0x2d400000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x2d400000 57 56 8b 7c 24 0c 8b 74 24 10 8b 4c 24 14 3b fe WV.|$..t$..L$.;. 0x2d400010 0f 84 ac 04 00 00 0f 18 0e 83 f9 08 0f 86 97 04 ................ 0x2d400020 00 00 83 f9 3f 0f 86 23 04 00 00 3b fe 0f 87 c6 ....?..#...;.... 0x2d400030 01 00 00 89 f0 2b c7 83 f8 10 0f 82 25 01 00 00 .....+......%... 0x2d400000 57 PUSH EDI 0x2d400001 56 PUSH ESI 0x2d400002 8b7c240c MOV EDI, [ESP+0xc] 0x2d400006 8b742410 MOV ESI, [ESP+0x10] 0x2d40000a 8b4c2414 MOV ECX, [ESP+0x14] 0x2d40000e 3bfe CMP EDI, ESI 0x2d400010 0f84ac040000 JZ 0x2d4004c2 0x2d400016 0f180e PREFETCHT0 [ESI] 0x2d400019 83f908 CMP ECX, 0x8 0x2d40001c 0f8697040000 JBE 0x2d4004b9 0x2d400022 83f93f CMP ECX, 0x3f 0x2d400025 0f8623040000 JBE 0x2d40044e 0x2d40002b 3bfe CMP EDI, ESI 0x2d40002d 0f87c6010000 JA 0x2d4001f9 0x2d400033 89f0 MOV EAX, ESI 0x2d400035 2bc7 SUB EAX, EDI 0x2d400037 83f810 CMP EAX, 0x10 0x2d40003a 0f8225010000 JB 0x2d400165 Process: chrome.exe Pid: 60916 Address: 0x6fff0000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 16, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x6fff0000 64 74 72 52 00 00 00 00 a0 01 ff 6f 00 00 00 00 dtrR.......o.... 0x6fff0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0000 647472 JZ 0x6fff0075 0x6fff0003 52 PUSH EDX 0x6fff0004 0000 ADD [EAX], AL 0x6fff0006 0000 ADD [EAX], AL 0x6fff0008 a001ff6f00 MOV AL, [0x6fff01] 0x6fff000d 0000 ADD [EAX], AL 0x6fff000f 0000 ADD [EAX], AL 0x6fff0011 0000 ADD [EAX], AL 0x6fff0013 0000 ADD [EAX], AL 0x6fff0015 0000 ADD [EAX], AL 0x6fff0017 0000 ADD [EAX], AL 0x6fff0019 0000 ADD [EAX], AL 0x6fff001b 0000 ADD [EAX], AL 0x6fff001d 0000 ADD [EAX], AL 0x6fff001f 0000 ADD [EAX], AL 0x6fff0021 0000 ADD [EAX], AL 0x6fff0023 0000 ADD [EAX], AL 0x6fff0025 0000 ADD [EAX], AL 0x6fff0027 0000 ADD [EAX], AL 0x6fff0029 0000 ADD [EAX], AL 0x6fff002b 0000 ADD [EAX], AL 0x6fff002d 0000 ADD [EAX], AL 0x6fff002f 0000 ADD [EAX], AL 0x6fff0031 0000 ADD [EAX], AL 0x6fff0033 0000 ADD [EAX], AL 0x6fff0035 0000 ADD [EAX], AL 0x6fff0037 0000 ADD [EAX], AL 0x6fff0039 0000 ADD [EAX], AL 0x6fff003b 0000 ADD [EAX], AL 0x6fff003d 0000 ADD [EAX], AL 0x6fff003f 00 DB 0x0 Process: chrome.exe Pid: 62244 Address: 0x7900000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x07900000 57 56 8b 7c 24 0c 8b 74 24 10 8b 4c 24 14 3b fe WV.|$..t$..L$.;. 0x07900010 0f 84 ac 04 00 00 0f 18 0e 83 f9 08 0f 86 97 04 ................ 0x07900020 00 00 83 f9 3f 0f 86 23 04 00 00 3b fe 0f 87 c6 ....?..#...;.... 0x07900030 01 00 00 89 f0 2b c7 83 f8 10 0f 82 25 01 00 00 .....+......%... 0x7900000 57 PUSH EDI 0x7900001 56 PUSH ESI 0x7900002 8b7c240c MOV EDI, [ESP+0xc] 0x7900006 8b742410 MOV ESI, [ESP+0x10] 0x790000a 8b4c2414 MOV ECX, [ESP+0x14] 0x790000e 3bfe CMP EDI, ESI 0x7900010 0f84ac040000 JZ 0x79004c2 0x7900016 0f180e PREFETCHT0 [ESI] 0x7900019 83f908 CMP ECX, 0x8 0x790001c 0f8697040000 JBE 0x79004b9 0x7900022 83f93f CMP ECX, 0x3f 0x7900025 0f8623040000 JBE 0x790044e 0x790002b 3bfe CMP EDI, ESI 0x790002d 0f87c6010000 JA 0x79001f9 0x7900033 89f0 MOV EAX, ESI 0x7900035 2bc7 SUB EAX, EDI 0x7900037 83f810 CMP EAX, 0x10 0x790003a 0f8225010000 JB 0x7900165 Process: chrome.exe Pid: 62244 Address: 0x6fff0000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 16, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x6fff0000 64 74 72 52 00 00 00 00 a0 01 ff 6f 00 00 00 00 dtrR.......o.... 0x6fff0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0000 647472 JZ 0x6fff0075 0x6fff0003 52 PUSH EDX 0x6fff0004 0000 ADD [EAX], AL 0x6fff0006 0000 ADD [EAX], AL 0x6fff0008 a001ff6f00 MOV AL, [0x6fff01] 0x6fff000d 0000 ADD [EAX], AL 0x6fff000f 0000 ADD [EAX], AL 0x6fff0011 0000 ADD [EAX], AL 0x6fff0013 0000 ADD [EAX], AL 0x6fff0015 0000 ADD [EAX], AL 0x6fff0017 0000 ADD [EAX], AL 0x6fff0019 0000 ADD [EAX], AL 0x6fff001b 0000 ADD [EAX], AL 0x6fff001d 0000 ADD [EAX], AL 0x6fff001f 0000 ADD [EAX], AL 0x6fff0021 0000 ADD [EAX], AL 0x6fff0023 0000 ADD [EAX], AL 0x6fff0025 0000 ADD [EAX], AL 0x6fff0027 0000 ADD [EAX], AL 0x6fff0029 0000 ADD [EAX], AL 0x6fff002b 0000 ADD [EAX], AL 0x6fff002d 0000 ADD [EAX], AL 0x6fff002f 0000 ADD [EAX], AL 0x6fff0031 0000 ADD [EAX], AL 0x6fff0033 0000 ADD [EAX], AL 0x6fff0035 0000 ADD [EAX], AL 0x6fff0037 0000 ADD [EAX], AL 0x6fff0039 0000 ADD [EAX], AL 0x6fff003b 0000 ADD [EAX], AL 0x6fff003d 0000 ADD [EAX], AL 0x6fff003f 00 DB 0x0 Process: chrome.exe Pid: 61236 Address: 0x14400000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x14400000 57 56 8b 7c 24 0c 8b 74 24 10 8b 4c 24 14 3b fe WV.|$..t$..L$.;. 0x14400010 0f 84 ac 04 00 00 0f 18 0e 83 f9 08 0f 86 97 04 ................ 0x14400020 00 00 83 f9 3f 0f 86 23 04 00 00 3b fe 0f 87 c6 ....?..#...;.... 0x14400030 01 00 00 89 f0 2b c7 83 f8 10 0f 82 25 01 00 00 .....+......%... 0x14400000 57 PUSH EDI 0x14400001 56 PUSH ESI 0x14400002 8b7c240c MOV EDI, [ESP+0xc] 0x14400006 8b742410 MOV ESI, [ESP+0x10] 0x1440000a 8b4c2414 MOV ECX, [ESP+0x14] 0x1440000e 3bfe CMP EDI, ESI 0x14400010 0f84ac040000 JZ 0x144004c2 0x14400016 0f180e PREFETCHT0 [ESI] 0x14400019 83f908 CMP ECX, 0x8 0x1440001c 0f8697040000 JBE 0x144004b9 0x14400022 83f93f CMP ECX, 0x3f 0x14400025 0f8623040000 JBE 0x1440044e 0x1440002b 3bfe CMP EDI, ESI 0x1440002d 0f87c6010000 JA 0x144001f9 0x14400033 89f0 MOV EAX, ESI 0x14400035 2bc7 SUB EAX, EDI 0x14400037 83f810 CMP EAX, 0x10 0x1440003a 0f8225010000 JB 0x14400165 Process: chrome.exe Pid: 61236 Address: 0x6fff0000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 16, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x6fff0000 64 74 72 52 00 00 00 00 a0 01 ff 6f 00 00 00 00 dtrR.......o.... 0x6fff0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0000 647472 JZ 0x6fff0075 0x6fff0003 52 PUSH EDX 0x6fff0004 0000 ADD [EAX], AL 0x6fff0006 0000 ADD [EAX], AL 0x6fff0008 a001ff6f00 MOV AL, [0x6fff01] 0x6fff000d 0000 ADD [EAX], AL 0x6fff000f 0000 ADD [EAX], AL 0x6fff0011 0000 ADD [EAX], AL 0x6fff0013 0000 ADD [EAX], AL 0x6fff0015 0000 ADD [EAX], AL 0x6fff0017 0000 ADD [EAX], AL 0x6fff0019 0000 ADD [EAX], AL 0x6fff001b 0000 ADD [EAX], AL 0x6fff001d 0000 ADD [EAX], AL 0x6fff001f 0000 ADD [EAX], AL 0x6fff0021 0000 ADD [EAX], AL 0x6fff0023 0000 ADD [EAX], AL 0x6fff0025 0000 ADD [EAX], AL 0x6fff0027 0000 ADD [EAX], AL 0x6fff0029 0000 ADD [EAX], AL 0x6fff002b 0000 ADD [EAX], AL 0x6fff002d 0000 ADD [EAX], AL 0x6fff002f 0000 ADD [EAX], AL 0x6fff0031 0000 ADD [EAX], AL 0x6fff0033 0000 ADD [EAX], AL 0x6fff0035 0000 ADD [EAX], AL 0x6fff0037 0000 ADD [EAX], AL 0x6fff0039 0000 ADD [EAX], AL 0x6fff003b 0000 ADD [EAX], AL 0x6fff003d 0000 ADD [EAX], AL 0x6fff003f 00 DB 0x0 Process: OneDrive.exe Pid: 61028 Address: 0x3d0000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x003d0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x003d0010 00 00 3d 00 00 00 00 00 00 00 00 00 00 00 00 00 ..=............. 0x003d0020 10 00 3d 00 00 00 00 00 00 00 00 00 00 00 00 00 ..=............. 0x003d0030 20 00 3d 00 00 00 00 00 00 00 00 00 00 00 00 00 ..=............. 0x3d0000 0000 ADD [EAX], AL 0x3d0002 0000 ADD [EAX], AL 0x3d0004 0000 ADD [EAX], AL 0x3d0006 0000 ADD [EAX], AL 0x3d0008 0000 ADD [EAX], AL 0x3d000a 0000 ADD [EAX], AL 0x3d000c 0000 ADD [EAX], AL 0x3d000e 0000 ADD [EAX], AL 0x3d0010 0000 ADD [EAX], AL 0x3d0012 3d00000000 CMP EAX, 0x0 0x3d0017 0000 ADD [EAX], AL 0x3d0019 0000 ADD [EAX], AL 0x3d001b 0000 ADD [EAX], AL 0x3d001d 0000 ADD [EAX], AL 0x3d001f 0010 ADD [EAX], DL 0x3d0021 003d00000000 ADD [0x0], BH 0x3d0027 0000 ADD [EAX], AL 0x3d0029 0000 ADD [EAX], AL 0x3d002b 0000 ADD [EAX], AL 0x3d002d 0000 ADD [EAX], AL 0x3d002f 0020 ADD [EAX], AH 0x3d0031 003d00000000 ADD [0x0], BH 0x3d0037 0000 ADD [EAX], AL 0x3d0039 0000 ADD [EAX], AL 0x3d003b 0000 ADD [EAX], AL 0x3d003d 0000 ADD [EAX], AL 0x3d003f 00 DB 0x0 Process: CSISYN~1.EXE Pid: 60640 Address: 0x7febf190000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 16, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x7febf190000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x7febf190010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x7febf190020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x7febf190030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0xbf190000 0000 ADD [EAX], AL 0xbf190002 0000 ADD [EAX], AL 0xbf190004 0000 ADD [EAX], AL 0xbf190006 0000 ADD [EAX], AL 0xbf190008 0000 ADD [EAX], AL 0xbf19000a 0000 ADD [EAX], AL 0xbf19000c 0000 ADD [EAX], AL 0xbf19000e 0000 ADD [EAX], AL 0xbf190010 0000 ADD [EAX], AL 0xbf190012 0000 ADD [EAX], AL 0xbf190014 0000 ADD [EAX], AL 0xbf190016 0000 ADD [EAX], AL 0xbf190018 0000 ADD [EAX], AL 0xbf19001a 0000 ADD [EAX], AL 0xbf19001c 0000 ADD [EAX], AL 0xbf19001e 0000 ADD [EAX], AL 0xbf190020 0000 ADD [EAX], AL 0xbf190022 0000 ADD [EAX], AL 0xbf190024 0000 ADD [EAX], AL 0xbf190026 0000 ADD [EAX], AL 0xbf190028 0000 ADD [EAX], AL 0xbf19002a 0000 ADD [EAX], AL 0xbf19002c 0000 ADD [EAX], AL 0xbf19002e 0000 ADD [EAX], AL 0xbf190030 0000 ADD [EAX], AL 0xbf190032 0000 ADD [EAX], AL 0xbf190034 0000 ADD [EAX], AL 0xbf190036 0000 ADD [EAX], AL 0xbf190038 0000 ADD [EAX], AL 0xbf19003a 0000 ADD [EAX], AL 0xbf19003c 0000 ADD [EAX], AL 0xbf19003e 0000 ADD [EAX], AL Process: OUTLOOK.EXE Pid: 60088 Address: 0x2a6c0000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 11, PrivateMemory: 1, Protection: 6 0x2a6c0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x2a6c0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x2a6c0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x2a6c0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x2a6c0000 0000 ADD [EAX], AL 0x2a6c0002 0000 ADD [EAX], AL 0x2a6c0004 0000 ADD [EAX], AL 0x2a6c0006 0000 ADD [EAX], AL 0x2a6c0008 0000 ADD [EAX], AL 0x2a6c000a 0000 ADD [EAX], AL 0x2a6c000c 0000 ADD [EAX], AL 0x2a6c000e 0000 ADD [EAX], AL 0x2a6c0010 0000 ADD [EAX], AL 0x2a6c0012 0000 ADD [EAX], AL 0x2a6c0014 0000 ADD [EAX], AL 0x2a6c0016 0000 ADD [EAX], AL 0x2a6c0018 0000 ADD [EAX], AL 0x2a6c001a 0000 ADD [EAX], AL 0x2a6c001c 0000 ADD [EAX], AL 0x2a6c001e 0000 ADD [EAX], AL 0x2a6c0020 0000 ADD [EAX], AL 0x2a6c0022 0000 ADD [EAX], AL 0x2a6c0024 0000 ADD [EAX], AL 0x2a6c0026 0000 ADD [EAX], AL 0x2a6c0028 0000 ADD [EAX], AL 0x2a6c002a 0000 ADD [EAX], AL 0x2a6c002c 0000 ADD [EAX], AL 0x2a6c002e 0000 ADD [EAX], AL 0x2a6c0030 0000 ADD [EAX], AL 0x2a6c0032 0000 ADD [EAX], AL 0x2a6c0034 0000 ADD [EAX], AL 0x2a6c0036 0000 ADD [EAX], AL 0x2a6c0038 0000 ADD [EAX], AL 0x2a6c003a 0000 ADD [EAX], AL 0x2a6c003c 0000 ADD [EAX], AL 0x2a6c003e 0000 ADD [EAX], AL Process: OUTLOOK.EXE Pid: 60088 Address: 0x36f00000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 16, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x36f00000 64 74 72 52 00 00 00 00 00 00 00 00 00 00 00 00 dtrR............ 0x36f00010 a0 02 f0 36 00 00 00 00 00 00 00 00 00 00 00 00 ...6............ 0x36f00020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x36f00030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x36f00000 647472 JZ 0x36f00075 0x36f00003 52 PUSH EDX 0x36f00004 0000 ADD [EAX], AL 0x36f00006 0000 ADD [EAX], AL 0x36f00008 0000 ADD [EAX], AL 0x36f0000a 0000 ADD [EAX], AL 0x36f0000c 0000 ADD [EAX], AL 0x36f0000e 0000 ADD [EAX], AL 0x36f00010 a002f03600 MOV AL, [0x36f002] 0x36f00015 0000 ADD [EAX], AL 0x36f00017 0000 ADD [EAX], AL 0x36f00019 0000 ADD [EAX], AL 0x36f0001b 0000 ADD [EAX], AL 0x36f0001d 0000 ADD [EAX], AL 0x36f0001f 0000 ADD [EAX], AL 0x36f00021 0000 ADD [EAX], AL 0x36f00023 0000 ADD [EAX], AL 0x36f00025 0000 ADD [EAX], AL 0x36f00027 0000 ADD [EAX], AL 0x36f00029 0000 ADD [EAX], AL 0x36f0002b 0000 ADD [EAX], AL 0x36f0002d 0000 ADD [EAX], AL 0x36f0002f 0000 ADD [EAX], AL 0x36f00031 0000 ADD [EAX], AL 0x36f00033 0000 ADD [EAX], AL 0x36f00035 0000 ADD [EAX], AL 0x36f00037 0000 ADD [EAX], AL 0x36f00039 0000 ADD [EAX], AL 0x36f0003b 0000 ADD [EAX], AL 0x36f0003d 0000 ADD [EAX], AL 0x36f0003f 00 DB 0x0 Process: OUTLOOK.EXE Pid: 60088 Address: 0x6fff0000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 16, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x6fff0000 64 74 72 52 00 00 00 00 00 00 03 ff fe 07 00 00 dtrR............ 0x6fff0010 f8 01 ff 6f 00 00 00 00 00 00 00 00 00 00 00 00 ...o............ 0x6fff0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0000 647472 JZ 0x6fff0075 0x6fff0003 52 PUSH EDX 0x6fff0004 0000 ADD [EAX], AL 0x6fff0006 0000 ADD [EAX], AL 0x6fff0008 0000 ADD [EAX], AL 0x6fff000a 03ff ADD EDI, EDI 0x6fff000c fe07 INC BYTE [EDI] 0x6fff000e 0000 ADD [EAX], AL 0x6fff0010 f8 CLC 0x6fff0011 01ff ADD EDI, EDI 0x6fff0013 6f OUTS DX, DWORD [ESI] 0x6fff0014 0000 ADD [EAX], AL 0x6fff0016 0000 ADD [EAX], AL 0x6fff0018 0000 ADD [EAX], AL 0x6fff001a 0000 ADD [EAX], AL 0x6fff001c 0000 ADD [EAX], AL 0x6fff001e 0000 ADD [EAX], AL 0x6fff0020 0000 ADD [EAX], AL 0x6fff0022 0000 ADD [EAX], AL 0x6fff0024 0000 ADD [EAX], AL 0x6fff0026 0000 ADD [EAX], AL 0x6fff0028 0000 ADD [EAX], AL 0x6fff002a 0000 ADD [EAX], AL 0x6fff002c 0000 ADD [EAX], AL 0x6fff002e 0000 ADD [EAX], AL 0x6fff0030 0000 ADD [EAX], AL 0x6fff0032 0000 ADD [EAX], AL 0x6fff0034 0000 ADD [EAX], AL 0x6fff0036 0000 ADD [EAX], AL 0x6fff0038 0000 ADD [EAX], AL 0x6fff003a 0000 ADD [EAX], AL 0x6fff003c 0000 ADD [EAX], AL 0x6fff003e 0000 ADD [EAX], AL Process: OUTLOOK.EXE Pid: 60088 Address: 0x7febf190000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 16, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x7febf190000 64 74 72 52 00 00 00 00 00 00 f0 36 00 00 00 00 dtrR.......6.... 0x7febf190010 60 03 19 bf fe 07 00 00 00 00 00 00 00 00 00 00 `............... 0x7febf190020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x7febf190030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0xbf190000 647472 JZ 0xbf190075 0xbf190003 52 PUSH EDX 0xbf190004 0000 ADD [EAX], AL 0xbf190006 0000 ADD [EAX], AL 0xbf190008 0000 ADD [EAX], AL 0xbf19000a f0360000 LOCK ADD [SS:EAX], AL 0xbf19000e 0000 ADD [EAX], AL 0xbf190010 60 PUSHA 0xbf190011 0319 ADD EBX, [ECX] 0xbf190013 bffe070000 MOV EDI, 0x7fe 0xbf190018 0000 ADD [EAX], AL 0xbf19001a 0000 ADD [EAX], AL 0xbf19001c 0000 ADD [EAX], AL 0xbf19001e 0000 ADD [EAX], AL 0xbf190020 0000 ADD [EAX], AL 0xbf190022 0000 ADD [EAX], AL 0xbf190024 0000 ADD [EAX], AL 0xbf190026 0000 ADD [EAX], AL 0xbf190028 0000 ADD [EAX], AL 0xbf19002a 0000 ADD [EAX], AL 0xbf19002c 0000 ADD [EAX], AL 0xbf19002e 0000 ADD [EAX], AL 0xbf190030 0000 ADD [EAX], AL 0xbf190032 0000 ADD [EAX], AL 0xbf190034 0000 ADD [EAX], AL 0xbf190036 0000 ADD [EAX], AL 0xbf190038 0000 ADD [EAX], AL 0xbf19003a 0000 ADD [EAX], AL 0xbf19003c 0000 ADD [EAX], AL 0xbf19003e 0000 ADD [EAX], AL Process: OUTLOOK.EXE Pid: 60088 Address: 0x7feff030000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 16, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x7feff030000 64 74 72 52 00 00 00 00 00 00 00 00 00 00 00 00 dtrR............ 0x7feff030010 c0 01 03 ff fe 07 00 00 00 00 00 00 00 00 00 00 ................ 0x7feff030020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x7feff030030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0xff030000 647472 JZ 0xff030075 0xff030003 52 PUSH EDX 0xff030004 0000 ADD [EAX], AL 0xff030006 0000 ADD [EAX], AL 0xff030008 0000 ADD [EAX], AL 0xff03000a 0000 ADD [EAX], AL 0xff03000c 0000 ADD [EAX], AL 0xff03000e 0000 ADD [EAX], AL 0xff030010 c00103 ROL BYTE [ECX], 0x3 0xff030013 ff DB 0xff 0xff030014 fe07 INC BYTE [EDI] 0xff030016 0000 ADD [EAX], AL 0xff030018 0000 ADD [EAX], AL 0xff03001a 0000 ADD [EAX], AL 0xff03001c 0000 ADD [EAX], AL 0xff03001e 0000 ADD [EAX], AL 0xff030020 0000 ADD [EAX], AL 0xff030022 0000 ADD [EAX], AL 0xff030024 0000 ADD [EAX], AL 0xff030026 0000 ADD [EAX], AL 0xff030028 0000 ADD [EAX], AL 0xff03002a 0000 ADD [EAX], AL 0xff03002c 0000 ADD [EAX], AL 0xff03002e 0000 ADD [EAX], AL 0xff030030 0000 ADD [EAX], AL 0xff030032 0000 ADD [EAX], AL 0xff030034 0000 ADD [EAX], AL 0xff030036 0000 ADD [EAX], AL 0xff030038 0000 ADD [EAX], AL 0xff03003a 0000 ADD [EAX], AL 0xff03003c 0000 ADD [EAX], AL 0xff03003e 0000 ADD [EAX], AL Process: OUTLOOK.EXE Pid: 60088 Address: 0x7ff3e310000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 10, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x7ff3e310000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x7ff3e310010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x7ff3e310020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x7ff3e310030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x3e310000 0000 ADD [EAX], AL 0x3e310002 0000 ADD [EAX], AL 0x3e310004 0000 ADD [EAX], AL 0x3e310006 0000 ADD [EAX], AL 0x3e310008 0000 ADD [EAX], AL 0x3e31000a 0000 ADD [EAX], AL 0x3e31000c 0000 ADD [EAX], AL 0x3e31000e 0000 ADD [EAX], AL 0x3e310010 0000 ADD [EAX], AL 0x3e310012 0000 ADD [EAX], AL 0x3e310014 0000 ADD [EAX], AL 0x3e310016 0000 ADD [EAX], AL 0x3e310018 0000 ADD [EAX], AL 0x3e31001a 0000 ADD [EAX], AL 0x3e31001c 0000 ADD [EAX], AL 0x3e31001e 0000 ADD [EAX], AL 0x3e310020 0000 ADD [EAX], AL 0x3e310022 0000 ADD [EAX], AL 0x3e310024 0000 ADD [EAX], AL 0x3e310026 0000 ADD [EAX], AL 0x3e310028 0000 ADD [EAX], AL 0x3e31002a 0000 ADD [EAX], AL 0x3e31002c 0000 ADD [EAX], AL 0x3e31002e 0000 ADD [EAX], AL 0x3e310030 0000 ADD [EAX], AL 0x3e310032 0000 ADD [EAX], AL 0x3e310034 0000 ADD [EAX], AL 0x3e310036 0000 ADD [EAX], AL 0x3e310038 0000 ADD [EAX], AL 0x3e31003a 0000 ADD [EAX], AL 0x3e31003c 0000 ADD [EAX], AL 0x3e31003e 0000 ADD [EAX], AL Process: AppleIEDAV.exe Pid: 66964 Address: 0x160000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x00160000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x00160010 00 00 16 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x00160020 10 00 16 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x00160030 20 00 16 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x160000 0000 ADD [EAX], AL 0x160002 0000 ADD [EAX], AL 0x160004 0000 ADD [EAX], AL 0x160006 0000 ADD [EAX], AL 0x160008 0000 ADD [EAX], AL 0x16000a 0000 ADD [EAX], AL 0x16000c 0000 ADD [EAX], AL 0x16000e 0000 ADD [EAX], AL 0x160010 0000 ADD [EAX], AL 0x160012 16 PUSH SS 0x160013 0000 ADD [EAX], AL 0x160015 0000 ADD [EAX], AL 0x160017 0000 ADD [EAX], AL 0x160019 0000 ADD [EAX], AL 0x16001b 0000 ADD [EAX], AL 0x16001d 0000 ADD [EAX], AL 0x16001f 0010 ADD [EAX], DL 0x160021 0016 ADD [ESI], DL 0x160023 0000 ADD [EAX], AL 0x160025 0000 ADD [EAX], AL 0x160027 0000 ADD [EAX], AL 0x160029 0000 ADD [EAX], AL 0x16002b 0000 ADD [EAX], AL 0x16002d 0000 ADD [EAX], AL 0x16002f 0020 ADD [EAX], AH 0x160031 0016 ADD [ESI], DL 0x160033 0000 ADD [EAX], AL 0x160035 0000 ADD [EAX], AL 0x160037 0000 ADD [EAX], AL 0x160039 0000 ADD [EAX], AL 0x16003b 0000 ADD [EAX], AL 0x16003d 0000 ADD [EAX], AL 0x16003f 00 DB 0x0 Process: VISIO.EXE Pid: 68696 Address: 0x3a30000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 2, PrivateMemory: 1, Protection: 6 0x03a30000 00 00 00 00 00 00 00 00 60 c2 58 e0 53 84 00 01 ........`.X.S... 0x03a30010 ee ff ee ff 00 00 00 00 28 01 a3 03 00 00 00 00 ........(....... 0x03a30020 28 01 a3 03 00 00 00 00 00 00 a3 03 00 00 00 00 (............... 0x03a30030 00 00 a3 03 00 00 00 00 80 00 00 00 00 00 00 00 ................ 0x3a30000 0000 ADD [EAX], AL 0x3a30002 0000 ADD [EAX], AL 0x3a30004 0000 ADD [EAX], AL 0x3a30006 0000 ADD [EAX], AL 0x3a30008 60 PUSHA 0x3a30009 c258e0 RET 0xe058 0x3a3000c 53 PUSH EBX 0x3a3000d 8400 TEST [EAX], AL 0x3a3000f 01ee ADD ESI, EBP 0x3a30011 ff DB 0xff 0x3a30012 ee OUT DX, AL 0x3a30013 ff00 INC DWORD [EAX] 0x3a30015 0000 ADD [EAX], AL 0x3a30017 0028 ADD [EAX], CH 0x3a30019 01a303000000 ADD [EBX+0x3], ESP 0x3a3001f 0028 ADD [EAX], CH 0x3a30021 01a303000000 ADD [EBX+0x3], ESP 0x3a30027 0000 ADD [EAX], AL 0x3a30029 00a303000000 ADD [EBX+0x3], AH 0x3a3002f 0000 ADD [EAX], AL 0x3a30031 00a303000000 ADD [EBX+0x3], AH 0x3a30037 008000000000 ADD [EAX+0x0], AL 0x3a3003d 0000 ADD [EAX], AL 0x3a3003f 00 DB 0x0 Process: VISIO.EXE Pid: 68696 Address: 0x7feff030000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 16, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x7feff030000 64 74 72 52 00 00 00 00 00 00 00 00 00 00 00 00 dtrR............ 0x7feff030010 c0 01 03 ff fe 07 00 00 00 00 00 00 00 00 00 00 ................ 0x7feff030020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x7feff030030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0xff030000 647472 JZ 0xff030075 0xff030003 52 PUSH EDX 0xff030004 0000 ADD [EAX], AL 0xff030006 0000 ADD [EAX], AL 0xff030008 0000 ADD [EAX], AL 0xff03000a 0000 ADD [EAX], AL 0xff03000c 0000 ADD [EAX], AL 0xff03000e 0000 ADD [EAX], AL 0xff030010 c00103 ROL BYTE [ECX], 0x3 0xff030013 ff DB 0xff 0xff030014 fe07 INC BYTE [EDI] 0xff030016 0000 ADD [EAX], AL 0xff030018 0000 ADD [EAX], AL 0xff03001a 0000 ADD [EAX], AL 0xff03001c 0000 ADD [EAX], AL 0xff03001e 0000 ADD [EAX], AL 0xff030020 0000 ADD [EAX], AL 0xff030022 0000 ADD [EAX], AL 0xff030024 0000 ADD [EAX], AL 0xff030026 0000 ADD [EAX], AL 0xff030028 0000 ADD [EAX], AL 0xff03002a 0000 ADD [EAX], AL 0xff03002c 0000 ADD [EAX], AL 0xff03002e 0000 ADD [EAX], AL 0xff030030 0000 ADD [EAX], AL 0xff030032 0000 ADD [EAX], AL 0xff030034 0000 ADD [EAX], AL 0xff030036 0000 ADD [EAX], AL 0xff030038 0000 ADD [EAX], AL 0xff03003a 0000 ADD [EAX], AL 0xff03003c 0000 ADD [EAX], AL 0xff03003e 0000 ADD [EAX], AL Process: chrome.exe Pid: 65948 Address: 0x34d00000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x34d00000 f2 0f 10 44 24 04 f2 0f 51 c0 f2 0f 11 44 24 04 ...D$...Q....D$. 0x34d00010 dd 44 24 04 c3 00 00 00 00 00 00 00 00 00 00 00 .D$............. 0x34d00020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x34d00030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x34d00000 f20f10442404 MOVSD XMM0, [ESP+0x4] 0x34d00006 f20f51c0 SQRTSD XMM0, XMM0 0x34d0000a f20f11442404 MOVSD [ESP+0x4], XMM0 0x34d00010 dd442404 FLD QWORD [ESP+0x4] 0x34d00014 c3 RET 0x34d00015 0000 ADD [EAX], AL 0x34d00017 0000 ADD [EAX], AL 0x34d00019 0000 ADD [EAX], AL 0x34d0001b 0000 ADD [EAX], AL 0x34d0001d 0000 ADD [EAX], AL 0x34d0001f 0000 ADD [EAX], AL 0x34d00021 0000 ADD [EAX], AL 0x34d00023 0000 ADD [EAX], AL 0x34d00025 0000 ADD [EAX], AL 0x34d00027 0000 ADD [EAX], AL 0x34d00029 0000 ADD [EAX], AL 0x34d0002b 0000 ADD [EAX], AL 0x34d0002d 0000 ADD [EAX], AL 0x34d0002f 0000 ADD [EAX], AL 0x34d00031 0000 ADD [EAX], AL 0x34d00033 0000 ADD [EAX], AL 0x34d00035 0000 ADD [EAX], AL 0x34d00037 0000 ADD [EAX], AL 0x34d00039 0000 ADD [EAX], AL 0x34d0003b 0000 ADD [EAX], AL 0x34d0003d 0000 ADD [EAX], AL 0x34d0003f 00 DB 0x0 Process: chrome.exe Pid: 65948 Address: 0x3f200000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x3f200000 57 56 8b 7c 24 0c 8b 74 24 10 8b 4c 24 14 3b fe WV.|$..t$..L$.;. 0x3f200010 0f 84 ac 04 00 00 0f 18 0e 83 f9 08 0f 86 97 04 ................ 0x3f200020 00 00 83 f9 3f 0f 86 23 04 00 00 3b fe 0f 87 c6 ....?..#...;.... 0x3f200030 01 00 00 89 f0 2b c7 83 f8 10 0f 82 25 01 00 00 .....+......%... 0x3f200000 57 PUSH EDI 0x3f200001 56 PUSH ESI 0x3f200002 8b7c240c MOV EDI, [ESP+0xc] 0x3f200006 8b742410 MOV ESI, [ESP+0x10] 0x3f20000a 8b4c2414 MOV ECX, [ESP+0x14] 0x3f20000e 3bfe CMP EDI, ESI 0x3f200010 0f84ac040000 JZ 0x3f2004c2 0x3f200016 0f180e PREFETCHT0 [ESI] 0x3f200019 83f908 CMP ECX, 0x8 0x3f20001c 0f8697040000 JBE 0x3f2004b9 0x3f200022 83f93f CMP ECX, 0x3f 0x3f200025 0f8623040000 JBE 0x3f20044e 0x3f20002b 3bfe CMP EDI, ESI 0x3f20002d 0f87c6010000 JA 0x3f2001f9 0x3f200033 89f0 MOV EAX, ESI 0x3f200035 2bc7 SUB EAX, EDI 0x3f200037 83f810 CMP EAX, 0x10 0x3f20003a 0f8225010000 JB 0x3f200165 Process: chrome.exe Pid: 65948 Address: 0x6fff0000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 16, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x6fff0000 64 74 72 52 00 00 00 00 a0 01 ff 6f 00 00 00 00 dtrR.......o.... 0x6fff0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0000 647472 JZ 0x6fff0075 0x6fff0003 52 PUSH EDX 0x6fff0004 0000 ADD [EAX], AL 0x6fff0006 0000 ADD [EAX], AL 0x6fff0008 a001ff6f00 MOV AL, [0x6fff01] 0x6fff000d 0000 ADD [EAX], AL 0x6fff000f 0000 ADD [EAX], AL 0x6fff0011 0000 ADD [EAX], AL 0x6fff0013 0000 ADD [EAX], AL 0x6fff0015 0000 ADD [EAX], AL 0x6fff0017 0000 ADD [EAX], AL 0x6fff0019 0000 ADD [EAX], AL 0x6fff001b 0000 ADD [EAX], AL 0x6fff001d 0000 ADD [EAX], AL 0x6fff001f 0000 ADD [EAX], AL 0x6fff0021 0000 ADD [EAX], AL 0x6fff0023 0000 ADD [EAX], AL 0x6fff0025 0000 ADD [EAX], AL 0x6fff0027 0000 ADD [EAX], AL 0x6fff0029 0000 ADD [EAX], AL 0x6fff002b 0000 ADD [EAX], AL 0x6fff002d 0000 ADD [EAX], AL 0x6fff002f 0000 ADD [EAX], AL 0x6fff0031 0000 ADD [EAX], AL 0x6fff0033 0000 ADD [EAX], AL 0x6fff0035 0000 ADD [EAX], AL 0x6fff0037 0000 ADD [EAX], AL 0x6fff0039 0000 ADD [EAX], AL 0x6fff003b 0000 ADD [EAX], AL 0x6fff003d 0000 ADD [EAX], AL 0x6fff003f 00 DB 0x0 Process: producer-core. Pid: 65556 Address: 0x9c0000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, PrivateMemory: 1, Protection: 6 0x009c0000 a2 4c dd 87 e4 2c 00 01 ee ff ee ff 00 00 00 00 .L...,.......... 0x009c0010 a8 00 9c 00 a8 00 9c 00 00 00 9c 00 00 00 9c 00 ................ 0x009c0020 40 00 00 00 88 05 9c 00 00 00 a0 00 3f 00 00 00 @...........?... 0x009c0030 01 00 00 00 00 00 00 00 f0 0f 9c 00 f0 0f 9c 00 ................ 0x9c0000 a24cdd87e4 MOV [0xe487dd4c], AL 0x9c0005 2c00 SUB AL, 0x0 0x9c0007 01ee ADD ESI, EBP 0x9c0009 ff DB 0xff 0x9c000a ee OUT DX, AL 0x9c000b ff00 INC DWORD [EAX] 0x9c000d 0000 ADD [EAX], AL 0x9c000f 00a8009c00a8 ADD [EAX-0x57ff6400], CH 0x9c0015 009c0000009c00 ADD [EAX+EAX+0x9c0000], BL 0x9c001c 0000 ADD [EAX], AL 0x9c001e 9c PUSHF 0x9c001f 004000 ADD [EAX+0x0], AL 0x9c0022 0000 ADD [EAX], AL 0x9c0024 88059c000000 MOV [0x9c], AL 0x9c002a a0003f0000 MOV AL, [0x3f00] 0x9c002f 0001 ADD [ECX], AL 0x9c0031 0000 ADD [EAX], AL 0x9c0033 0000 ADD [EAX], AL 0x9c0035 0000 ADD [EAX], AL 0x9c0037 00f0 ADD AL, DH 0x9c0039 0f9c00 SETL BYTE [EAX] 0x9c003c f00f9c00 SETL BYTE [EAX] Process: producer-core. Pid: 65556 Address: 0x7d0000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, PrivateMemory: 1, Protection: 6 0x007d0000 55 2c d2 fc 44 ea 00 01 ee ff ee ff 00 00 00 00 U,..D........... 0x007d0010 a8 00 7d 00 a8 00 7d 00 00 00 7d 00 00 00 7d 00 ..}...}...}...}. 0x007d0020 40 00 00 00 88 05 7d 00 00 00 81 00 3f 00 00 00 @.....}.....?... 0x007d0030 01 00 00 00 00 00 00 00 f0 0f 7d 00 f0 0f 7d 00 ..........}...}. 0x7d0000 55 PUSH EBP 0x7d0001 2cd2 SUB AL, 0xd2 0x7d0003 fc CLD 0x7d0004 44 INC ESP 0x7d0005 ea0001eeffeeff JMP FAR 0xffee:0xffee0100 0x7d000c 0000 ADD [EAX], AL 0x7d000e 0000 ADD [EAX], AL 0x7d0010 a800 TEST AL, 0x0 0x7d0012 7d00 JGE 0x7d0014 0x7d0014 a800 TEST AL, 0x0 0x7d0016 7d00 JGE 0x7d0018 0x7d0018 0000 ADD [EAX], AL 0x7d001a 7d00 JGE 0x7d001c 0x7d001c 0000 ADD [EAX], AL 0x7d001e 7d00 JGE 0x7d0020 0x7d0020 40 INC EAX 0x7d0021 0000 ADD [EAX], AL 0x7d0023 0088057d0000 ADD [EAX+0x7d05], CL 0x7d0029 0081003f0000 ADD [ECX+0x3f00], AL 0x7d002f 0001 ADD [ECX], AL 0x7d0031 0000 ADD [EAX], AL 0x7d0033 0000 ADD [EAX], AL 0x7d0035 0000 ADD [EAX], AL 0x7d0037 00f0 ADD AL, DH 0x7d0039 0f DB 0xf 0x7d003a 7d00 JGE 0x7d003c 0x7d003c f0 DB 0xf0 0x7d003d 0f DB 0xf 0x7d003e 7d00 JGE 0x7d0040 Process: producer-core. Pid: 65556 Address: 0x5360000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 64, PrivateMemory: 1, Protection: 6 0x05360000 3e 54 f5 f7 79 a1 00 01 ee ff ee ff 00 00 00 00 >T..y........... 0x05360010 10 00 89 0d a8 00 36 05 00 00 36 05 00 00 36 05 ......6...6...6. 0x05360020 40 00 00 00 88 05 36 05 00 00 3a 05 00 00 00 00 @.....6...:..... 0x05360030 01 00 00 00 00 00 00 00 f0 ff 39 05 f0 ff 39 05 ..........9...9. 0x5360000 3e54 PUSH ESP 0x5360002 f5 CMC 0x5360003 f779a1 IDIV DWORD [ECX-0x5f] 0x5360006 0001 ADD [ECX], AL 0x5360008 ee OUT DX, AL 0x5360009 ff DB 0xff 0x536000a ee OUT DX, AL 0x536000b ff00 INC DWORD [EAX] 0x536000d 0000 ADD [EAX], AL 0x536000f 0010 ADD [EAX], DL 0x5360011 00890da80036 ADD [ECX+0x3600a80d], CL 0x5360017 0500003605 ADD EAX, 0x5360000 0x536001c 0000 ADD [EAX], AL 0x536001e 360540000000 ADD EAX, 0x40 0x5360024 880536050000 MOV [0x536], AL 0x536002a 3a0500000000 CMP AL, [0x0] 0x5360030 0100 ADD [EAX], EAX 0x5360032 0000 ADD [EAX], AL 0x5360034 0000 ADD [EAX], AL 0x5360036 0000 ADD [EAX], AL 0x5360038 f0 DB 0xf0 0x5360039 ff DB 0xff 0x536003a 3905f0ff3905 CMP [0x539fff0], EAX Process: producer-core. Pid: 65556 Address: 0xd780000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x0d780000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x0d780010 00 00 78 0d 00 00 00 00 00 00 00 00 00 00 00 00 ..x............. 0x0d780020 10 00 78 0d 00 00 00 00 00 00 00 00 00 00 00 00 ..x............. 0x0d780030 20 00 78 0d 00 00 00 00 00 00 00 00 00 00 00 00 ..x............. 0xd780000 0000 ADD [EAX], AL 0xd780002 0000 ADD [EAX], AL 0xd780004 0000 ADD [EAX], AL 0xd780006 0000 ADD [EAX], AL 0xd780008 0000 ADD [EAX], AL 0xd78000a 0000 ADD [EAX], AL 0xd78000c 0000 ADD [EAX], AL 0xd78000e 0000 ADD [EAX], AL 0xd780010 0000 ADD [EAX], AL 0xd780012 780d JS 0xd780021 0xd780014 0000 ADD [EAX], AL 0xd780016 0000 ADD [EAX], AL 0xd780018 0000 ADD [EAX], AL 0xd78001a 0000 ADD [EAX], AL 0xd78001c 0000 ADD [EAX], AL 0xd78001e 0000 ADD [EAX], AL 0xd780020 1000 ADC [EAX], AL 0xd780022 780d JS 0xd780031 0xd780024 0000 ADD [EAX], AL 0xd780026 0000 ADD [EAX], AL 0xd780028 0000 ADD [EAX], AL 0xd78002a 0000 ADD [EAX], AL 0xd78002c 0000 ADD [EAX], AL 0xd78002e 0000 ADD [EAX], AL 0xd780030 2000 AND [EAX], AL 0xd780032 780d JS 0xd780041 0xd780034 0000 ADD [EAX], AL 0xd780036 0000 ADD [EAX], AL 0xd780038 0000 ADD [EAX], AL 0xd78003a 0000 ADD [EAX], AL 0xd78003c 0000 ADD [EAX], AL 0xd78003e 0000 ADD [EAX], AL Process: producer-core. Pid: 65556 Address: 0xd890000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 24, PrivateMemory: 1, Protection: 6 0x0d890000 87 54 f5 4e 79 a1 01 01 ee ff ee ff 00 00 00 00 .T.Ny........... 0x0d890010 a8 00 36 05 10 00 36 05 00 00 36 05 00 00 89 0d ..6...6...6..... 0x0d890020 00 01 00 00 40 00 89 0d 00 00 99 0d e8 00 00 00 ....@........... 0x0d890030 01 00 00 00 00 00 00 00 f0 7f 8a 0d f0 7f 8a 0d ................ 0xd890000 8754f54e XCHG [EBP+ESI*8+0x4e], EDX 0xd890004 79a1 JNS 0xd88ffa7 0xd890006 0101 ADD [ECX], EAX 0xd890008 ee OUT DX, AL 0xd890009 ff DB 0xff 0xd89000a ee OUT DX, AL 0xd89000b ff00 INC DWORD [EAX] 0xd89000d 0000 ADD [EAX], AL 0xd89000f 00a800360510 ADD [EAX+0x10053600], CH 0xd890015 0036 ADD [ESI], DH 0xd890017 0500003605 ADD EAX, 0x5360000 0xd89001c 0000 ADD [EAX], AL 0xd89001e 890d00010000 MOV [0x100], ECX 0xd890024 40 INC EAX 0xd890025 00890d000099 ADD [ECX-0x66fffff3], CL 0xd89002b 0de8000000 OR EAX, 0xe8 0xd890030 0100 ADD [EAX], EAX 0xd890032 0000 ADD [EAX], AL 0xd890034 0000 ADD [EAX], AL 0xd890036 0000 ADD [EAX], AL 0xd890038 f07f8a JG 0xd88ffc5 0xd89003b 0df07f8a0d OR EAX, 0xd8a7ff0 Process: producer-core. Pid: 65556 Address: 0x7ef40000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 2, PrivateMemory: 1, Protection: 6 0x7ef40000 ec ff ff ff 04 00 00 00 01 00 00 00 00 02 0e 03 ................ 0x7ef40010 1c 00 00 00 68 41 98 09 0c 00 00 00 b8 41 ff 6b ....hA.......A.k 0x7ef40020 00 10 bf 6b d0 c7 c4 6b 24 15 bf 6b 28 36 75 00 ...k...k$..k(6u. 0x7ef40030 00 00 00 00 40 80 f4 7e 60 80 f4 7e 00 00 00 00 ....@..~`..~.... 0x7ef40000 ec IN AL, DX 0x7ef40001 ff DB 0xff 0x7ef40002 ff DB 0xff 0x7ef40003 ff0400 INC DWORD [EAX+EAX] 0x7ef40006 0000 ADD [EAX], AL 0x7ef40008 0100 ADD [EAX], EAX 0x7ef4000a 0000 ADD [EAX], AL 0x7ef4000c 0002 ADD [EDX], AL 0x7ef4000e 0e PUSH CS 0x7ef4000f 031c00 ADD EBX, [EAX+EAX] 0x7ef40012 0000 ADD [EAX], AL 0x7ef40014 684198090c PUSH DWORD 0xc099841 0x7ef40019 0000 ADD [EAX], AL 0x7ef4001b 00b841ff6b00 ADD [EAX+0x6bff41], BH 0x7ef40021 10bf6bd0c7c4 ADC [EDI-0x3b382f95], BH 0x7ef40027 6b2415bf6b283675 IMUL ESP, [EDX+0x36286bbf], 0x75 0x7ef4002f 0000 ADD [EAX], AL 0x7ef40031 0000 ADD [EAX], AL 0x7ef40033 004080 ADD [EAX-0x80], AL 0x7ef40036 f4 HLT 0x7ef40037 7e60 JLE 0x7ef40099 0x7ef40039 80f47e XOR AH, 0x7e 0x7ef4003c 0000 ADD [EAX], AL 0x7ef4003e 0000 ADD [EAX], AL Process: producer-core. Pid: 65556 Address: 0x7ef30000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, PrivateMemory: 1, Protection: 6 0x7ef30000 00 00 00 00 97 19 00 00 00 00 00 00 0c 00 00 00 ................ 0x7ef30010 68 00 00 00 00 e9 7e 25 3e 81 68 01 00 00 00 e9 h.....~%>.h..... 0x7ef30020 74 25 3e 81 68 02 00 00 00 e9 6a 25 3e 81 68 03 t%>.h.....j%>.h. 0x7ef30030 00 00 00 e9 60 25 3e 81 68 04 00 00 00 e9 56 25 ....`%>.h.....V% 0x7ef30000 0000 ADD [EAX], AL 0x7ef30002 0000 ADD [EAX], AL 0x7ef30004 97 XCHG EDI, EAX 0x7ef30005 1900 SBB [EAX], EAX 0x7ef30007 0000 ADD [EAX], AL 0x7ef30009 0000 ADD [EAX], AL 0x7ef3000b 000c00 ADD [EAX+EAX], CL 0x7ef3000e 0000 ADD [EAX], AL 0x7ef30010 6800000000 PUSH DWORD 0x0 0x7ef30015 e97e253e81 JMP 0x312598 0x7ef3001a 6801000000 PUSH DWORD 0x1 0x7ef3001f e974253e81 JMP 0x312598 0x7ef30024 6802000000 PUSH DWORD 0x2 0x7ef30029 e96a253e81 JMP 0x312598 0x7ef3002e 6803000000 PUSH DWORD 0x3 0x7ef30033 e960253e81 JMP 0x312598 0x7ef30038 6804000000 PUSH DWORD 0x4 0x7ef3003d e9 DB 0xe9 0x7ef3003e 56 PUSH ESI 0x7ef3003f 25 DB 0x25 Process: chrome.exe Pid: 61532 Address: 0x25400000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x25400000 f2 0f 10 44 24 04 f2 0f 51 c0 f2 0f 11 44 24 04 ...D$...Q....D$. 0x25400010 dd 44 24 04 c3 00 00 00 00 00 00 00 00 00 00 00 .D$............. 0x25400020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x25400030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x25400000 f20f10442404 MOVSD XMM0, [ESP+0x4] 0x25400006 f20f51c0 SQRTSD XMM0, XMM0 0x2540000a f20f11442404 MOVSD [ESP+0x4], XMM0 0x25400010 dd442404 FLD QWORD [ESP+0x4] 0x25400014 c3 RET 0x25400015 0000 ADD [EAX], AL 0x25400017 0000 ADD [EAX], AL 0x25400019 0000 ADD [EAX], AL 0x2540001b 0000 ADD [EAX], AL 0x2540001d 0000 ADD [EAX], AL 0x2540001f 0000 ADD [EAX], AL 0x25400021 0000 ADD [EAX], AL 0x25400023 0000 ADD [EAX], AL 0x25400025 0000 ADD [EAX], AL 0x25400027 0000 ADD [EAX], AL 0x25400029 0000 ADD [EAX], AL 0x2540002b 0000 ADD [EAX], AL 0x2540002d 0000 ADD [EAX], AL 0x2540002f 0000 ADD [EAX], AL 0x25400031 0000 ADD [EAX], AL 0x25400033 0000 ADD [EAX], AL 0x25400035 0000 ADD [EAX], AL 0x25400037 0000 ADD [EAX], AL 0x25400039 0000 ADD [EAX], AL 0x2540003b 0000 ADD [EAX], AL 0x2540003d 0000 ADD [EAX], AL 0x2540003f 00 DB 0x0 Process: chrome.exe Pid: 61532 Address: 0x36200000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x36200000 57 56 8b 7c 24 0c 8b 74 24 10 8b 4c 24 14 3b fe WV.|$..t$..L$.;. 0x36200010 0f 84 ac 04 00 00 0f 18 0e 83 f9 08 0f 86 97 04 ................ 0x36200020 00 00 83 f9 3f 0f 86 23 04 00 00 3b fe 0f 87 c6 ....?..#...;.... 0x36200030 01 00 00 89 f0 2b c7 83 f8 10 0f 82 25 01 00 00 .....+......%... 0x36200000 57 PUSH EDI 0x36200001 56 PUSH ESI 0x36200002 8b7c240c MOV EDI, [ESP+0xc] 0x36200006 8b742410 MOV ESI, [ESP+0x10] 0x3620000a 8b4c2414 MOV ECX, [ESP+0x14] 0x3620000e 3bfe CMP EDI, ESI 0x36200010 0f84ac040000 JZ 0x362004c2 0x36200016 0f180e PREFETCHT0 [ESI] 0x36200019 83f908 CMP ECX, 0x8 0x3620001c 0f8697040000 JBE 0x362004b9 0x36200022 83f93f CMP ECX, 0x3f 0x36200025 0f8623040000 JBE 0x3620044e 0x3620002b 3bfe CMP EDI, ESI 0x3620002d 0f87c6010000 JA 0x362001f9 0x36200033 89f0 MOV EAX, ESI 0x36200035 2bc7 SUB EAX, EDI 0x36200037 83f810 CMP EAX, 0x10 0x3620003a 0f8225010000 JB 0x36200165 Process: chrome.exe Pid: 61532 Address: 0x6fff0000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 16, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x6fff0000 64 74 72 52 00 00 00 00 a0 01 ff 6f 00 00 00 00 dtrR.......o.... 0x6fff0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0000 647472 JZ 0x6fff0075 0x6fff0003 52 PUSH EDX 0x6fff0004 0000 ADD [EAX], AL 0x6fff0006 0000 ADD [EAX], AL 0x6fff0008 a001ff6f00 MOV AL, [0x6fff01] 0x6fff000d 0000 ADD [EAX], AL 0x6fff000f 0000 ADD [EAX], AL 0x6fff0011 0000 ADD [EAX], AL 0x6fff0013 0000 ADD [EAX], AL 0x6fff0015 0000 ADD [EAX], AL 0x6fff0017 0000 ADD [EAX], AL 0x6fff0019 0000 ADD [EAX], AL 0x6fff001b 0000 ADD [EAX], AL 0x6fff001d 0000 ADD [EAX], AL 0x6fff001f 0000 ADD [EAX], AL 0x6fff0021 0000 ADD [EAX], AL 0x6fff0023 0000 ADD [EAX], AL 0x6fff0025 0000 ADD [EAX], AL 0x6fff0027 0000 ADD [EAX], AL 0x6fff0029 0000 ADD [EAX], AL 0x6fff002b 0000 ADD [EAX], AL 0x6fff002d 0000 ADD [EAX], AL 0x6fff002f 0000 ADD [EAX], AL 0x6fff0031 0000 ADD [EAX], AL 0x6fff0033 0000 ADD [EAX], AL 0x6fff0035 0000 ADD [EAX], AL 0x6fff0037 0000 ADD [EAX], AL 0x6fff0039 0000 ADD [EAX], AL 0x6fff003b 0000 ADD [EAX], AL 0x6fff003d 0000 ADD [EAX], AL 0x6fff003f 00 DB 0x0 Process: chrome.exe Pid: 66916 Address: 0x14c00000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x14c00000 f2 0f 10 44 24 04 f2 0f 51 c0 f2 0f 11 44 24 04 ...D$...Q....D$. 0x14c00010 dd 44 24 04 c3 00 00 00 00 00 00 00 00 00 00 00 .D$............. 0x14c00020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x14c00030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x14c00000 f20f10442404 MOVSD XMM0, [ESP+0x4] 0x14c00006 f20f51c0 SQRTSD XMM0, XMM0 0x14c0000a f20f11442404 MOVSD [ESP+0x4], XMM0 0x14c00010 dd442404 FLD QWORD [ESP+0x4] 0x14c00014 c3 RET 0x14c00015 0000 ADD [EAX], AL 0x14c00017 0000 ADD [EAX], AL 0x14c00019 0000 ADD [EAX], AL 0x14c0001b 0000 ADD [EAX], AL 0x14c0001d 0000 ADD [EAX], AL 0x14c0001f 0000 ADD [EAX], AL 0x14c00021 0000 ADD [EAX], AL 0x14c00023 0000 ADD [EAX], AL 0x14c00025 0000 ADD [EAX], AL 0x14c00027 0000 ADD [EAX], AL 0x14c00029 0000 ADD [EAX], AL 0x14c0002b 0000 ADD [EAX], AL 0x14c0002d 0000 ADD [EAX], AL 0x14c0002f 0000 ADD [EAX], AL 0x14c00031 0000 ADD [EAX], AL 0x14c00033 0000 ADD [EAX], AL 0x14c00035 0000 ADD [EAX], AL 0x14c00037 0000 ADD [EAX], AL 0x14c00039 0000 ADD [EAX], AL 0x14c0003b 0000 ADD [EAX], AL 0x14c0003d 0000 ADD [EAX], AL 0x14c0003f 00 DB 0x0 Process: chrome.exe Pid: 66916 Address: 0x25200000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x25200000 57 56 8b 7c 24 0c 8b 74 24 10 8b 4c 24 14 3b fe WV.|$..t$..L$.;. 0x25200010 0f 84 ac 04 00 00 0f 18 0e 83 f9 08 0f 86 97 04 ................ 0x25200020 00 00 83 f9 3f 0f 86 23 04 00 00 3b fe 0f 87 c6 ....?..#...;.... 0x25200030 01 00 00 89 f0 2b c7 83 f8 10 0f 82 25 01 00 00 .....+......%... 0x25200000 57 PUSH EDI 0x25200001 56 PUSH ESI 0x25200002 8b7c240c MOV EDI, [ESP+0xc] 0x25200006 8b742410 MOV ESI, [ESP+0x10] 0x2520000a 8b4c2414 MOV ECX, [ESP+0x14] 0x2520000e 3bfe CMP EDI, ESI 0x25200010 0f84ac040000 JZ 0x252004c2 0x25200016 0f180e PREFETCHT0 [ESI] 0x25200019 83f908 CMP ECX, 0x8 0x2520001c 0f8697040000 JBE 0x252004b9 0x25200022 83f93f CMP ECX, 0x3f 0x25200025 0f8623040000 JBE 0x2520044e 0x2520002b 3bfe CMP EDI, ESI 0x2520002d 0f87c6010000 JA 0x252001f9 0x25200033 89f0 MOV EAX, ESI 0x25200035 2bc7 SUB EAX, EDI 0x25200037 83f810 CMP EAX, 0x10 0x2520003a 0f8225010000 JB 0x25200165 Process: chrome.exe Pid: 66916 Address: 0x6fff0000 Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE Flags: CommitCharge: 16, MemCommit: 1, PrivateMemory: 1, Protection: 6 0x6fff0000 64 74 72 52 00 00 00 00 a0 01 ff 6f 00 00 00 00 dtrR.......o.... 0x6fff0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6fff0000 647472 JZ 0x6fff0075 0x6fff0003 52 PUSH EDX 0x6fff0004 0000 ADD [EAX], AL 0x6fff0006 0000 ADD [EAX], AL 0x6fff0008 a001ff6f00 MOV AL, [0x6fff01] 0x6fff000d 0000 ADD [EAX], AL 0x6fff000f 0000 ADD [EAX], AL 0x6fff0011 0000 ADD [EAX], AL 0x6fff0013 0000 ADD [EAX], AL 0x6fff0015 0000 ADD [EAX], AL 0x6fff0017 0000 ADD [EAX], AL 0x6fff0019 0000 ADD [EAX], AL 0x6fff001b 0000 ADD [EAX], AL 0x6fff001d 0000 ADD [EAX], AL 0x6fff001f 0000 ADD [EAX], AL 0x6fff0021 0000 ADD [EAX], AL 0x6fff0023 0000 ADD [EAX], AL 0x6fff0025 0000 ADD [EAX], AL 0x6fff0027 0000 ADD [EAX], AL 0x6fff0029 0000 ADD [EAX], AL 0x6fff002b 0000 ADD [EAX], AL 0x6fff002d 0000 ADD [EAX], AL 0x6fff002f 0000 ADD [EAX], AL 0x6fff0031 0000 ADD [EAX], AL 0x6fff0033 0000 ADD [EAX], AL 0x6fff0035 0000 ADD [EAX], AL 0x6fff0037 0000 ADD [EAX], AL 0x6fff0039 0000 ADD [EAX], AL 0x6fff003b 0000 ADD [EAX], AL 0x6fff003d 0000 ADD [EAX], AL 0x6fff003f 00 DB 0x0