Volatile Systems Volatility Framework 2.3_alpha
Process: csrss.exe Pid: 608 Address: 0x7f6f0000
Vad Tag: Vad Protection: PAGE_EXECUTE_READWRITE
Flags: Protection: 6
0x7f6f0000 c8 00 00 00 9c 01 00 00 ff ee ff ee 08 70 00 00 .............p..
0x7f6f0010 08 00 00 00 00 fe 00 00 00 00 10 00 00 20 00 00 ................
0x7f6f0020 00 02 00 00 00 20 00 00 8d 01 00 00 ff ef fd 7f ................
0x7f6f0030 03 00 08 06 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x7f6f0000 c8000000 ENTER 0x0, 0x0
0x7f6f0004 9c PUSHF
0x7f6f0005 0100 ADD [EAX], EAX
0x7f6f0007 00ff ADD BH, BH
0x7f6f0009 ee OUT DX, AL
0x7f6f000a ff DB 0xff
0x7f6f000b ee OUT DX, AL
0x7f6f000c 087000 OR [EAX+0x0], DH
0x7f6f000f 0008 ADD [EAX], CL
0x7f6f0011 0000 ADD [EAX], AL
0x7f6f0013 0000 ADD [EAX], AL
0x7f6f0015 fe00 INC BYTE [EAX]
0x7f6f0017 0000 ADD [EAX], AL
0x7f6f0019 0010 ADD [EAX], DL
0x7f6f001b 0000 ADD [EAX], AL
0x7f6f001d 2000 AND [EAX], AL
0x7f6f001f 0000 ADD [EAX], AL
0x7f6f0021 0200 ADD AL, [EAX]
0x7f6f0023 0000 ADD [EAX], AL
0x7f6f0025 2000 AND [EAX], AL
0x7f6f0027 008d010000ff ADD [EBP-0xffffff], CL
0x7f6f002d ef OUT DX, EAX
0x7f6f002e fd STD
0x7f6f002f 7f03 JG 0x7f6f0034
0x7f6f0031 0008 ADD [EAX], CL
0x7f6f0033 06 PUSH ES
0x7f6f0034 0000 ADD [EAX], AL
0x7f6f0036 0000 ADD [EAX], AL
0x7f6f0038 0000 ADD [EAX], AL
0x7f6f003a 0000 ADD [EAX], AL
0x7f6f003c 0000 ADD [EAX], AL
0x7f6f003e 0000 ADD [EAX], AL
Process: svchost.exe Pid: 1120 Address: 0x8b40000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 184, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x08b40000 4d 5a e8 00 00 00 00 5b 52 45 55 89 e5 81 c3 37 MZ.....[REU....7
0x08b40010 15 00 00 ff d3 89 c3 57 68 04 00 00 00 50 ff d0 .......Wh....P..
0x08b40020 68 e0 1d 2a 0a 68 05 00 00 00 50 ff d3 00 00 00 h..*.h....P.....
0x08b40030 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 ................
0x8b40000 4d DEC EBP
0x8b40001 5a POP EDX
0x8b40002 e800000000 CALL 0x8b40007
0x8b40007 5b POP EBX
0x8b40008 52 PUSH EDX
0x8b40009 45 INC EBP
0x8b4000a 55 PUSH EBP
0x8b4000b 89e5 MOV EBP, ESP
0x8b4000d 81c337150000 ADD EBX, 0x1537
0x8b40013 ffd3 CALL EBX
0x8b40015 89c3 MOV EBX, EAX
0x8b40017 57 PUSH EDI
0x8b40018 6804000000 PUSH DWORD 0x4
0x8b4001d 50 PUSH EAX
0x8b4001e ffd0 CALL EAX
0x8b40020 68e01d2a0a PUSH DWORD 0xa2a1de0
0x8b40025 6805000000 PUSH DWORD 0x5
0x8b4002a 50 PUSH EAX
0x8b4002b ffd3 CALL EBX
0x8b4002d 0000 ADD [EAX], AL
0x8b4002f 0000 ADD [EAX], AL
0x8b40031 0000 ADD [EAX], AL
0x8b40033 0000 ADD [EAX], AL
0x8b40035 0000 ADD [EAX], AL
0x8b40037 0000 ADD [EAX], AL
0x8b40039 0000 ADD [EAX], AL
0x8b4003b 00e0 ADD AL, AH
0x8b4003d 0000 ADD [EAX], AL
0x8b4003f 00 DB 0x0
Process: svchost.exe Pid: 1120 Address: 0x16d0000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 28, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x016d0000 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............
0x016d0010 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ........@.......
0x016d0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x016d0030 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 ................
0x16d0000 4d DEC EBP
0x16d0001 5a POP EDX
0x16d0002 90 NOP
0x16d0003 0003 ADD [EBX], AL
0x16d0005 0000 ADD [EAX], AL
0x16d0007 000400 ADD [EAX+EAX], AL
0x16d000a 0000 ADD [EAX], AL
0x16d000c ff DB 0xff
0x16d000d ff00 INC DWORD [EAX]
0x16d000f 00b800000000 ADD [EAX+0x0], BH
0x16d0015 0000 ADD [EAX], AL
0x16d0017 004000 ADD [EAX+0x0], AL
0x16d001a 0000 ADD [EAX], AL
0x16d001c 0000 ADD [EAX], AL
0x16d001e 0000 ADD [EAX], AL
0x16d0020 0000 ADD [EAX], AL
0x16d0022 0000 ADD [EAX], AL
0x16d0024 0000 ADD [EAX], AL
0x16d0026 0000 ADD [EAX], AL
0x16d0028 0000 ADD [EAX], AL
0x16d002a 0000 ADD [EAX], AL
0x16d002c 0000 ADD [EAX], AL
0x16d002e 0000 ADD [EAX], AL
0x16d0030 0000 ADD [EAX], AL
0x16d0032 0000 ADD [EAX], AL
0x16d0034 0000 ADD [EAX], AL
0x16d0036 0000 ADD [EAX], AL
0x16d0038 0000 ADD [EAX], AL
0x16d003a 0000 ADD [EAX], AL
0x16d003c f00000 LOCK ADD [EAX], AL
0x16d003f 00 DB 0x0
Process: svchost.exe Pid: 1120 Address: 0x16f0000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 28, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x016f0000 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............
0x016f0010 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ........@.......
0x016f0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x016f0030 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 ................
0x16f0000 4d DEC EBP
0x16f0001 5a POP EDX
0x16f0002 90 NOP
0x16f0003 0003 ADD [EBX], AL
0x16f0005 0000 ADD [EAX], AL
0x16f0007 000400 ADD [EAX+EAX], AL
0x16f000a 0000 ADD [EAX], AL
0x16f000c ff DB 0xff
0x16f000d ff00 INC DWORD [EAX]
0x16f000f 00b800000000 ADD [EAX+0x0], BH
0x16f0015 0000 ADD [EAX], AL
0x16f0017 004000 ADD [EAX+0x0], AL
0x16f001a 0000 ADD [EAX], AL
0x16f001c 0000 ADD [EAX], AL
0x16f001e 0000 ADD [EAX], AL
0x16f0020 0000 ADD [EAX], AL
0x16f0022 0000 ADD [EAX], AL
0x16f0024 0000 ADD [EAX], AL
0x16f0026 0000 ADD [EAX], AL
0x16f0028 0000 ADD [EAX], AL
0x16f002a 0000 ADD [EAX], AL
0x16f002c 0000 ADD [EAX], AL
0x16f002e 0000 ADD [EAX], AL
0x16f0030 0000 ADD [EAX], AL
0x16f0032 0000 ADD [EAX], AL
0x16f0034 0000 ADD [EAX], AL
0x16f0036 0000 ADD [EAX], AL
0x16f0038 0000 ADD [EAX], AL
0x16f003a 0000 ADD [EAX], AL
0x16f003c f00000 LOCK ADD [EAX], AL
0x16f003f 00 DB 0x0
Process: svchost.exe Pid: 1120 Address: 0x2110000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 28, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x02110000 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............
0x02110010 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ........@.......
0x02110020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x02110030 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 ................
0x2110000 4d DEC EBP
0x2110001 5a POP EDX
0x2110002 90 NOP
0x2110003 0003 ADD [EBX], AL
0x2110005 0000 ADD [EAX], AL
0x2110007 000400 ADD [EAX+EAX], AL
0x211000a 0000 ADD [EAX], AL
0x211000c ff DB 0xff
0x211000d ff00 INC DWORD [EAX]
0x211000f 00b800000000 ADD [EAX+0x0], BH
0x2110015 0000 ADD [EAX], AL
0x2110017 004000 ADD [EAX+0x0], AL
0x211001a 0000 ADD [EAX], AL
0x211001c 0000 ADD [EAX], AL
0x211001e 0000 ADD [EAX], AL
0x2110020 0000 ADD [EAX], AL
0x2110022 0000 ADD [EAX], AL
0x2110024 0000 ADD [EAX], AL
0x2110026 0000 ADD [EAX], AL
0x2110028 0000 ADD [EAX], AL
0x211002a 0000 ADD [EAX], AL
0x211002c 0000 ADD [EAX], AL
0x211002e 0000 ADD [EAX], AL
0x2110030 0000 ADD [EAX], AL
0x2110032 0000 ADD [EAX], AL
0x2110034 0000 ADD [EAX], AL
0x2110036 0000 ADD [EAX], AL
0x2110038 0000 ADD [EAX], AL
0x211003a 0000 ADD [EAX], AL
0x211003c f00000 LOCK ADD [EAX], AL
0x211003f 00 DB 0x0
Process: svchost.exe Pid: 1120 Address: 0x2130000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 28, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x02130000 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............
0x02130010 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ........@.......
0x02130020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x02130030 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 ................
0x2130000 4d DEC EBP
0x2130001 5a POP EDX
0x2130002 90 NOP
0x2130003 0003 ADD [EBX], AL
0x2130005 0000 ADD [EAX], AL
0x2130007 000400 ADD [EAX+EAX], AL
0x213000a 0000 ADD [EAX], AL
0x213000c ff DB 0xff
0x213000d ff00 INC DWORD [EAX]
0x213000f 00b800000000 ADD [EAX+0x0], BH
0x2130015 0000 ADD [EAX], AL
0x2130017 004000 ADD [EAX+0x0], AL
0x213001a 0000 ADD [EAX], AL
0x213001c 0000 ADD [EAX], AL
0x213001e 0000 ADD [EAX], AL
0x2130020 0000 ADD [EAX], AL
0x2130022 0000 ADD [EAX], AL
0x2130024 0000 ADD [EAX], AL
0x2130026 0000 ADD [EAX], AL
0x2130028 0000 ADD [EAX], AL
0x213002a 0000 ADD [EAX], AL
0x213002c 0000 ADD [EAX], AL
0x213002e 0000 ADD [EAX], AL
0x2130030 0000 ADD [EAX], AL
0x2130032 0000 ADD [EAX], AL
0x2130034 0000 ADD [EAX], AL
0x2130036 0000 ADD [EAX], AL
0x2130038 0000 ADD [EAX], AL
0x213003a 0000 ADD [EAX], AL
0x213003c f00000 LOCK ADD [EAX], AL
0x213003f 00 DB 0x0
Process: svchost.exe Pid: 1120 Address: 0x3160000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 28, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x03160000 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............
0x03160010 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ........@.......
0x03160020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x03160030 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 ................
0x3160000 4d DEC EBP
0x3160001 5a POP EDX
0x3160002 90 NOP
0x3160003 0003 ADD [EBX], AL
0x3160005 0000 ADD [EAX], AL
0x3160007 000400 ADD [EAX+EAX], AL
0x316000a 0000 ADD [EAX], AL
0x316000c ff DB 0xff
0x316000d ff00 INC DWORD [EAX]
0x316000f 00b800000000 ADD [EAX+0x0], BH
0x3160015 0000 ADD [EAX], AL
0x3160017 004000 ADD [EAX+0x0], AL
0x316001a 0000 ADD [EAX], AL
0x316001c 0000 ADD [EAX], AL
0x316001e 0000 ADD [EAX], AL
0x3160020 0000 ADD [EAX], AL
0x3160022 0000 ADD [EAX], AL
0x3160024 0000 ADD [EAX], AL
0x3160026 0000 ADD [EAX], AL
0x3160028 0000 ADD [EAX], AL
0x316002a 0000 ADD [EAX], AL
0x316002c 0000 ADD [EAX], AL
0x316002e 0000 ADD [EAX], AL
0x3160030 0000 ADD [EAX], AL
0x3160032 0000 ADD [EAX], AL
0x3160034 0000 ADD [EAX], AL
0x3160036 0000 ADD [EAX], AL
0x3160038 0000 ADD [EAX], AL
0x316003a 0000 ADD [EAX], AL
0x316003c f00000 LOCK ADD [EAX], AL
0x316003f 00 DB 0x0
Process: svchost.exe Pid: 1120 Address: 0x3430000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 39, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x03430000 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............
0x03430010 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ........@.......
0x03430020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x03430030 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 ................
0x3430000 4d DEC EBP
0x3430001 5a POP EDX
0x3430002 90 NOP
0x3430003 0003 ADD [EBX], AL
0x3430005 0000 ADD [EAX], AL
0x3430007 000400 ADD [EAX+EAX], AL
0x343000a 0000 ADD [EAX], AL
0x343000c ff DB 0xff
0x343000d ff00 INC DWORD [EAX]
0x343000f 00b800000000 ADD [EAX+0x0], BH
0x3430015 0000 ADD [EAX], AL
0x3430017 004000 ADD [EAX+0x0], AL
0x343001a 0000 ADD [EAX], AL
0x343001c 0000 ADD [EAX], AL
0x343001e 0000 ADD [EAX], AL
0x3430020 0000 ADD [EAX], AL
0x3430022 0000 ADD [EAX], AL
0x3430024 0000 ADD [EAX], AL
0x3430026 0000 ADD [EAX], AL
0x3430028 0000 ADD [EAX], AL
0x343002a 0000 ADD [EAX], AL
0x343002c 0000 ADD [EAX], AL
0x343002e 0000 ADD [EAX], AL
0x3430030 0000 ADD [EAX], AL
0x3430032 0000 ADD [EAX], AL
0x3430034 0000 ADD [EAX], AL
0x3430036 0000 ADD [EAX], AL
0x3430038 0000 ADD [EAX], AL
0x343003a 0000 ADD [EAX], AL
0x343003c e8 DB 0xe8
0x343003d 0000 ADD [EAX], AL
0x343003f 00 DB 0x0
Process: svchost.exe Pid: 1120 Address: 0x7900000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 191, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x07900000 4d 5a e8 00 00 00 00 5b 52 45 55 89 e5 81 c3 37 MZ.....[REU....7
0x07900010 15 00 00 ff d3 89 c3 57 68 04 00 00 00 50 ff d0 .......Wh....P..
0x07900020 68 e0 1d 2a 0a 68 05 00 00 00 50 ff d3 00 00 00 h..*.h....P.....
0x07900030 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 ................
0x7900000 4d DEC EBP
0x7900001 5a POP EDX
0x7900002 e800000000 CALL 0x7900007
0x7900007 5b POP EBX
0x7900008 52 PUSH EDX
0x7900009 45 INC EBP
0x790000a 55 PUSH EBP
0x790000b 89e5 MOV EBP, ESP
0x790000d 81c337150000 ADD EBX, 0x1537
0x7900013 ffd3 CALL EBX
0x7900015 89c3 MOV EBX, EAX
0x7900017 57 PUSH EDI
0x7900018 6804000000 PUSH DWORD 0x4
0x790001d 50 PUSH EAX
0x790001e ffd0 CALL EAX
0x7900020 68e01d2a0a PUSH DWORD 0xa2a1de0
0x7900025 6805000000 PUSH DWORD 0x5
0x790002a 50 PUSH EAX
0x790002b ffd3 CALL EBX
0x790002d 0000 ADD [EAX], AL
0x790002f 0000 ADD [EAX], AL
0x7900031 0000 ADD [EAX], AL
0x7900033 0000 ADD [EAX], AL
0x7900035 0000 ADD [EAX], AL
0x7900037 0000 ADD [EAX], AL
0x7900039 0000 ADD [EAX], AL
0x790003b 00e0 ADD AL, AH
0x790003d 0000 ADD [EAX], AL
0x790003f 00 DB 0x0
Process: svchost.exe Pid: 1120 Address: 0x6540000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 184, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x06540000 4d 5a e8 00 00 00 00 5b 52 45 55 89 e5 81 c3 37 MZ.....[REU....7
0x06540010 15 00 00 ff d3 89 c3 57 68 04 00 00 00 50 ff d0 .......Wh....P..
0x06540020 68 e0 1d 2a 0a 68 05 00 00 00 50 ff d3 00 00 00 h..*.h....P.....
0x06540030 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 ................
0x6540000 4d DEC EBP
0x6540001 5a POP EDX
0x6540002 e800000000 CALL 0x6540007
0x6540007 5b POP EBX
0x6540008 52 PUSH EDX
0x6540009 45 INC EBP
0x654000a 55 PUSH EBP
0x654000b 89e5 MOV EBP, ESP
0x654000d 81c337150000 ADD EBX, 0x1537
0x6540013 ffd3 CALL EBX
0x6540015 89c3 MOV EBX, EAX
0x6540017 57 PUSH EDI
0x6540018 6804000000 PUSH DWORD 0x4
0x654001d 50 PUSH EAX
0x654001e ffd0 CALL EAX
0x6540020 68e01d2a0a PUSH DWORD 0xa2a1de0
0x6540025 6805000000 PUSH DWORD 0x5
0x654002a 50 PUSH EAX
0x654002b ffd3 CALL EBX
0x654002d 0000 ADD [EAX], AL
0x654002f 0000 ADD [EAX], AL
0x6540031 0000 ADD [EAX], AL
0x6540033 0000 ADD [EAX], AL
0x6540035 0000 ADD [EAX], AL
0x6540037 0000 ADD [EAX], AL
0x6540039 0000 ADD [EAX], AL
0x654003b 00e0 ADD AL, AH
0x654003d 0000 ADD [EAX], AL
0x654003f 00 DB 0x0
Process: svchost.exe Pid: 1120 Address: 0x5520000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 4113, PrivateMemory: 1, Protection: 6
0x05520000 c8 00 00 00 b8 01 00 00 ff ee ff ee 00 10 04 00 ................
0x05520010 00 00 00 00 00 fe 00 00 00 00 10 00 00 20 00 00 ................
0x05520020 00 02 00 00 00 20 00 00 30 21 20 00 ff ef fd 7f ........0!......
0x05520030 19 00 08 06 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x5520000 c8000000 ENTER 0x0, 0x0
0x5520004 b8010000ff MOV EAX, 0xff000001
0x5520009 ee OUT DX, AL
0x552000a ff DB 0xff
0x552000b ee OUT DX, AL
0x552000c 0010 ADD [EAX], DL
0x552000e 0400 ADD AL, 0x0
0x5520010 0000 ADD [EAX], AL
0x5520012 0000 ADD [EAX], AL
0x5520014 00fe ADD DH, BH
0x5520016 0000 ADD [EAX], AL
0x5520018 0000 ADD [EAX], AL
0x552001a 1000 ADC [EAX], AL
0x552001c 0020 ADD [EAX], AH
0x552001e 0000 ADD [EAX], AL
0x5520020 0002 ADD [EDX], AL
0x5520022 0000 ADD [EAX], AL
0x5520024 0020 ADD [EAX], AH
0x5520026 0000 ADD [EAX], AL
0x5520028 3021 XOR [ECX], AH
0x552002a 2000 AND [EAX], AL
0x552002c ff DB 0xff
0x552002d ef OUT DX, EAX
0x552002e fd STD
0x552002f 7f19 JG 0x552004a
0x5520031 0008 ADD [EAX], CL
0x5520033 06 PUSH ES
0x5520034 0000 ADD [EAX], AL
0x5520036 0000 ADD [EAX], AL
0x5520038 0000 ADD [EAX], AL
0x552003a 0000 ADD [EAX], AL
0x552003c 0000 ADD [EAX], AL
0x552003e 0000 ADD [EAX], AL
Process: svchost.exe Pid: 1120 Address: 0x6600000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 191, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x06600000 4d 5a e8 00 00 00 00 5b 52 45 55 89 e5 81 c3 37 MZ.....[REU....7
0x06600010 15 00 00 ff d3 89 c3 57 68 04 00 00 00 50 ff d0 .......Wh....P..
0x06600020 68 e0 1d 2a 0a 68 05 00 00 00 50 ff d3 00 00 00 h..*.h....P.....
0x06600030 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 ................
0x6600000 4d DEC EBP
0x6600001 5a POP EDX
0x6600002 e800000000 CALL 0x6600007
0x6600007 5b POP EBX
0x6600008 52 PUSH EDX
0x6600009 45 INC EBP
0x660000a 55 PUSH EBP
0x660000b 89e5 MOV EBP, ESP
0x660000d 81c337150000 ADD EBX, 0x1537
0x6600013 ffd3 CALL EBX
0x6600015 89c3 MOV EBX, EAX
0x6600017 57 PUSH EDI
0x6600018 6804000000 PUSH DWORD 0x4
0x660001d 50 PUSH EAX
0x660001e ffd0 CALL EAX
0x6600020 68e01d2a0a PUSH DWORD 0xa2a1de0
0x6600025 6805000000 PUSH DWORD 0x5
0x660002a 50 PUSH EAX
0x660002b ffd3 CALL EBX
0x660002d 0000 ADD [EAX], AL
0x660002f 0000 ADD [EAX], AL
0x6600031 0000 ADD [EAX], AL
0x6600033 0000 ADD [EAX], AL
0x6600035 0000 ADD [EAX], AL
0x6600037 0000 ADD [EAX], AL
0x6600039 0000 ADD [EAX], AL
0x660003b 00e0 ADD AL, AH
0x660003d 0000 ADD [EAX], AL
0x660003f 00 DB 0x0
Process: svchost.exe Pid: 1120 Address: 0x6820000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 4113, PrivateMemory: 1, Protection: 6
0x06820000 c8 00 00 00 49 01 00 00 ff ee ff ee 00 10 04 00 ....I...........
0x06820010 00 00 00 00 00 fe 00 00 00 00 10 00 00 20 00 00 ................
0x06820020 00 02 00 00 00 20 00 00 30 21 20 00 ff ef fd 7f ........0!......
0x06820030 1d 00 08 06 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x6820000 c8000000 ENTER 0x0, 0x0
0x6820004 49 DEC ECX
0x6820005 0100 ADD [EAX], EAX
0x6820007 00ff ADD BH, BH
0x6820009 ee OUT DX, AL
0x682000a ff DB 0xff
0x682000b ee OUT DX, AL
0x682000c 0010 ADD [EAX], DL
0x682000e 0400 ADD AL, 0x0
0x6820010 0000 ADD [EAX], AL
0x6820012 0000 ADD [EAX], AL
0x6820014 00fe ADD DH, BH
0x6820016 0000 ADD [EAX], AL
0x6820018 0000 ADD [EAX], AL
0x682001a 1000 ADC [EAX], AL
0x682001c 0020 ADD [EAX], AH
0x682001e 0000 ADD [EAX], AL
0x6820020 0002 ADD [EDX], AL
0x6820022 0000 ADD [EAX], AL
0x6820024 0020 ADD [EAX], AH
0x6820026 0000 ADD [EAX], AL
0x6820028 3021 XOR [ECX], AH
0x682002a 2000 AND [EAX], AL
0x682002c ff DB 0xff
0x682002d ef OUT DX, EAX
0x682002e fd STD
0x682002f 7f1d JG 0x682004e
0x6820031 0008 ADD [EAX], CL
0x6820033 06 PUSH ES
0x6820034 0000 ADD [EAX], AL
0x6820036 0000 ADD [EAX], AL
0x6820038 0000 ADD [EAX], AL
0x682003a 0000 ADD [EAX], AL
0x682003c 0000 ADD [EAX], AL
0x682003e 0000 ADD [EAX], AL
Process: svchost.exe Pid: 1120 Address: 0x67c0000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 85, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x067c0000 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............
0x067c0010 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ........@.......
0x067c0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x067c0030 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ................
0x67c0000 4d DEC EBP
0x67c0001 5a POP EDX
0x67c0002 90 NOP
0x67c0003 0003 ADD [EBX], AL
0x67c0005 0000 ADD [EAX], AL
0x67c0007 000400 ADD [EAX+EAX], AL
0x67c000a 0000 ADD [EAX], AL
0x67c000c ff DB 0xff
0x67c000d ff00 INC DWORD [EAX]
0x67c000f 00b800000000 ADD [EAX+0x0], BH
0x67c0015 0000 ADD [EAX], AL
0x67c0017 004000 ADD [EAX+0x0], AL
0x67c001a 0000 ADD [EAX], AL
0x67c001c 0000 ADD [EAX], AL
0x67c001e 0000 ADD [EAX], AL
0x67c0020 0000 ADD [EAX], AL
0x67c0022 0000 ADD [EAX], AL
0x67c0024 0000 ADD [EAX], AL
0x67c0026 0000 ADD [EAX], AL
0x67c0028 0000 ADD [EAX], AL
0x67c002a 0000 ADD [EAX], AL
0x67c002c 0000 ADD [EAX], AL
0x67c002e 0000 ADD [EAX], AL
0x67c0030 0000 ADD [EAX], AL
0x67c0032 0000 ADD [EAX], AL
0x67c0034 0000 ADD [EAX], AL
0x67c0036 0000 ADD [EAX], AL
0x67c0038 0000 ADD [EAX], AL
0x67c003a 0000 ADD [EAX], AL
0x67c003c 0001 ADD [ECX], AL
0x67c003e 0000 ADD [EAX], AL
Process: svchost.exe Pid: 1120 Address: 0x7840000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 184, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x07840000 4d 5a e8 00 00 00 00 5b 52 45 55 89 e5 81 c3 37 MZ.....[REU....7
0x07840010 15 00 00 ff d3 89 c3 57 68 04 00 00 00 50 ff d0 .......Wh....P..
0x07840020 68 e0 1d 2a 0a 68 05 00 00 00 50 ff d3 00 00 00 h..*.h....P.....
0x07840030 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 ................
0x7840000 4d DEC EBP
0x7840001 5a POP EDX
0x7840002 e800000000 CALL 0x7840007
0x7840007 5b POP EBX
0x7840008 52 PUSH EDX
0x7840009 45 INC EBP
0x784000a 55 PUSH EBP
0x784000b 89e5 MOV EBP, ESP
0x784000d 81c337150000 ADD EBX, 0x1537
0x7840013 ffd3 CALL EBX
0x7840015 89c3 MOV EBX, EAX
0x7840017 57 PUSH EDI
0x7840018 6804000000 PUSH DWORD 0x4
0x784001d 50 PUSH EAX
0x784001e ffd0 CALL EAX
0x7840020 68e01d2a0a PUSH DWORD 0xa2a1de0
0x7840025 6805000000 PUSH DWORD 0x5
0x784002a 50 PUSH EAX
0x784002b ffd3 CALL EBX
0x784002d 0000 ADD [EAX], AL
0x784002f 0000 ADD [EAX], AL
0x7840031 0000 ADD [EAX], AL
0x7840033 0000 ADD [EAX], AL
0x7840035 0000 ADD [EAX], AL
0x7840037 0000 ADD [EAX], AL
0x7840039 0000 ADD [EAX], AL
0x784003b 00e0 ADD AL, AH
0x784003d 0000 ADD [EAX], AL
0x784003f 00 DB 0x0
Process: svchost.exe Pid: 1120 Address: 0x7ac0000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 85, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x07ac0000 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............
0x07ac0010 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ........@.......
0x07ac0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x07ac0030 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ................
0x7ac0000 4d DEC EBP
0x7ac0001 5a POP EDX
0x7ac0002 90 NOP
0x7ac0003 0003 ADD [EBX], AL
0x7ac0005 0000 ADD [EAX], AL
0x7ac0007 000400 ADD [EAX+EAX], AL
0x7ac000a 0000 ADD [EAX], AL
0x7ac000c ff DB 0xff
0x7ac000d ff00 INC DWORD [EAX]
0x7ac000f 00b800000000 ADD [EAX+0x0], BH
0x7ac0015 0000 ADD [EAX], AL
0x7ac0017 004000 ADD [EAX+0x0], AL
0x7ac001a 0000 ADD [EAX], AL
0x7ac001c 0000 ADD [EAX], AL
0x7ac001e 0000 ADD [EAX], AL
0x7ac0020 0000 ADD [EAX], AL
0x7ac0022 0000 ADD [EAX], AL
0x7ac0024 0000 ADD [EAX], AL
0x7ac0026 0000 ADD [EAX], AL
0x7ac0028 0000 ADD [EAX], AL
0x7ac002a 0000 ADD [EAX], AL
0x7ac002c 0000 ADD [EAX], AL
0x7ac002e 0000 ADD [EAX], AL
0x7ac0030 0000 ADD [EAX], AL
0x7ac0032 0000 ADD [EAX], AL
0x7ac0034 0000 ADD [EAX], AL
0x7ac0036 0000 ADD [EAX], AL
0x7ac0038 0000 ADD [EAX], AL
0x7ac003a 0000 ADD [EAX], AL
0x7ac003c 0001 ADD [ECX], AL
0x7ac003e 0000 ADD [EAX], AL
Process: svchost.exe Pid: 1120 Address: 0x7b20000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 4113, PrivateMemory: 1, Protection: 6
0x07b20000 c8 00 00 00 0f 01 00 00 ff ee ff ee 00 10 04 00 ................
0x07b20010 00 00 00 00 00 fe 00 00 00 00 10 00 00 20 00 00 ................
0x07b20020 00 02 00 00 00 20 00 00 30 21 20 00 ff ef fd 7f ........0!......
0x07b20030 21 00 08 06 00 00 00 00 00 00 00 00 00 00 00 00 !...............
0x7b20000 c8000000 ENTER 0x0, 0x0
0x7b20004 0f0100 SGDT DWORD [EAX]
0x7b20007 00ff ADD BH, BH
0x7b20009 ee OUT DX, AL
0x7b2000a ff DB 0xff
0x7b2000b ee OUT DX, AL
0x7b2000c 0010 ADD [EAX], DL
0x7b2000e 0400 ADD AL, 0x0
0x7b20010 0000 ADD [EAX], AL
0x7b20012 0000 ADD [EAX], AL
0x7b20014 00fe ADD DH, BH
0x7b20016 0000 ADD [EAX], AL
0x7b20018 0000 ADD [EAX], AL
0x7b2001a 1000 ADC [EAX], AL
0x7b2001c 0020 ADD [EAX], AH
0x7b2001e 0000 ADD [EAX], AL
0x7b20020 0002 ADD [EDX], AL
0x7b20022 0000 ADD [EAX], AL
0x7b20024 0020 ADD [EAX], AH
0x7b20026 0000 ADD [EAX], AL
0x7b20028 3021 XOR [ECX], AH
0x7b2002a 2000 AND [EAX], AL
0x7b2002c ff DB 0xff
0x7b2002d ef OUT DX, EAX
0x7b2002e fd STD
0x7b2002f 7f21 JG 0x7b20052
0x7b20031 0008 ADD [EAX], CL
0x7b20033 06 PUSH ES
0x7b20034 0000 ADD [EAX], AL
0x7b20036 0000 ADD [EAX], AL
0x7b20038 0000 ADD [EAX], AL
0x7b2003a 0000 ADD [EAX], AL
0x7b2003c 0000 ADD [EAX], AL
0x7b2003e 0000 ADD [EAX], AL
Process: svchost.exe Pid: 1120 Address: 0xb200000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 191, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x0b200000 4d 5a e8 00 00 00 00 5b 52 45 55 89 e5 81 c3 37 MZ.....[REU....7
0x0b200010 15 00 00 ff d3 89 c3 57 68 04 00 00 00 50 ff d0 .......Wh....P..
0x0b200020 68 e0 1d 2a 0a 68 05 00 00 00 50 ff d3 00 00 00 h..*.h....P.....
0x0b200030 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 ................
0xb200000 4d DEC EBP
0xb200001 5a POP EDX
0xb200002 e800000000 CALL 0xb200007
0xb200007 5b POP EBX
0xb200008 52 PUSH EDX
0xb200009 45 INC EBP
0xb20000a 55 PUSH EBP
0xb20000b 89e5 MOV EBP, ESP
0xb20000d 81c337150000 ADD EBX, 0x1537
0xb200013 ffd3 CALL EBX
0xb200015 89c3 MOV EBX, EAX
0xb200017 57 PUSH EDI
0xb200018 6804000000 PUSH DWORD 0x4
0xb20001d 50 PUSH EAX
0xb20001e ffd0 CALL EAX
0xb200020 68e01d2a0a PUSH DWORD 0xa2a1de0
0xb200025 6805000000 PUSH DWORD 0x5
0xb20002a 50 PUSH EAX
0xb20002b ffd3 CALL EBX
0xb20002d 0000 ADD [EAX], AL
0xb20002f 0000 ADD [EAX], AL
0xb200031 0000 ADD [EAX], AL
0xb200033 0000 ADD [EAX], AL
0xb200035 0000 ADD [EAX], AL
0xb200037 0000 ADD [EAX], AL
0xb200039 0000 ADD [EAX], AL
0xb20003b 00e0 ADD AL, AH
0xb20003d 0000 ADD [EAX], AL
0xb20003f 00 DB 0x0
Process: svchost.exe Pid: 1120 Address: 0x9e40000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 184, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x09e40000 4d 5a e8 00 00 00 00 5b 52 45 55 89 e5 81 c3 37 MZ.....[REU....7
0x09e40010 15 00 00 ff d3 89 c3 57 68 04 00 00 00 50 ff d0 .......Wh....P..
0x09e40020 68 e0 1d 2a 0a 68 05 00 00 00 50 ff d3 00 00 00 h..*.h....P.....
0x09e40030 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 ................
0x9e40000 4d DEC EBP
0x9e40001 5a POP EDX
0x9e40002 e800000000 CALL 0x9e40007
0x9e40007 5b POP EBX
0x9e40008 52 PUSH EDX
0x9e40009 45 INC EBP
0x9e4000a 55 PUSH EBP
0x9e4000b 89e5 MOV EBP, ESP
0x9e4000d 81c337150000 ADD EBX, 0x1537
0x9e40013 ffd3 CALL EBX
0x9e40015 89c3 MOV EBX, EAX
0x9e40017 57 PUSH EDI
0x9e40018 6804000000 PUSH DWORD 0x4
0x9e4001d 50 PUSH EAX
0x9e4001e ffd0 CALL EAX
0x9e40020 68e01d2a0a PUSH DWORD 0xa2a1de0
0x9e40025 6805000000 PUSH DWORD 0x5
0x9e4002a 50 PUSH EAX
0x9e4002b ffd3 CALL EBX
0x9e4002d 0000 ADD [EAX], AL
0x9e4002f 0000 ADD [EAX], AL
0x9e40031 0000 ADD [EAX], AL
0x9e40033 0000 ADD [EAX], AL
0x9e40035 0000 ADD [EAX], AL
0x9e40037 0000 ADD [EAX], AL
0x9e40039 0000 ADD [EAX], AL
0x9e4003b 00e0 ADD AL, AH
0x9e4003d 0000 ADD [EAX], AL
0x9e4003f 00 DB 0x0
Process: svchost.exe Pid: 1120 Address: 0x8dc0000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 85, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x08dc0000 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............
0x08dc0010 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ........@.......
0x08dc0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x08dc0030 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ................
0x8dc0000 4d DEC EBP
0x8dc0001 5a POP EDX
0x8dc0002 90 NOP
0x8dc0003 0003 ADD [EBX], AL
0x8dc0005 0000 ADD [EAX], AL
0x8dc0007 000400 ADD [EAX+EAX], AL
0x8dc000a 0000 ADD [EAX], AL
0x8dc000c ff DB 0xff
0x8dc000d ff00 INC DWORD [EAX]
0x8dc000f 00b800000000 ADD [EAX+0x0], BH
0x8dc0015 0000 ADD [EAX], AL
0x8dc0017 004000 ADD [EAX+0x0], AL
0x8dc001a 0000 ADD [EAX], AL
0x8dc001c 0000 ADD [EAX], AL
0x8dc001e 0000 ADD [EAX], AL
0x8dc0020 0000 ADD [EAX], AL
0x8dc0022 0000 ADD [EAX], AL
0x8dc0024 0000 ADD [EAX], AL
0x8dc0026 0000 ADD [EAX], AL
0x8dc0028 0000 ADD [EAX], AL
0x8dc002a 0000 ADD [EAX], AL
0x8dc002c 0000 ADD [EAX], AL
0x8dc002e 0000 ADD [EAX], AL
0x8dc0030 0000 ADD [EAX], AL
0x8dc0032 0000 ADD [EAX], AL
0x8dc0034 0000 ADD [EAX], AL
0x8dc0036 0000 ADD [EAX], AL
0x8dc0038 0000 ADD [EAX], AL
0x8dc003a 0000 ADD [EAX], AL
0x8dc003c 0001 ADD [ECX], AL
0x8dc003e 0000 ADD [EAX], AL
Process: svchost.exe Pid: 1120 Address: 0x8c00000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 191, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x08c00000 4d 5a e8 00 00 00 00 5b 52 45 55 89 e5 81 c3 37 MZ.....[REU....7
0x08c00010 15 00 00 ff d3 89 c3 57 68 04 00 00 00 50 ff d0 .......Wh....P..
0x08c00020 68 e0 1d 2a 0a 68 05 00 00 00 50 ff d3 00 00 00 h..*.h....P.....
0x08c00030 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 ................
0x8c00000 4d DEC EBP
0x8c00001 5a POP EDX
0x8c00002 e800000000 CALL 0x8c00007
0x8c00007 5b POP EBX
0x8c00008 52 PUSH EDX
0x8c00009 45 INC EBP
0x8c0000a 55 PUSH EBP
0x8c0000b 89e5 MOV EBP, ESP
0x8c0000d 81c337150000 ADD EBX, 0x1537
0x8c00013 ffd3 CALL EBX
0x8c00015 89c3 MOV EBX, EAX
0x8c00017 57 PUSH EDI
0x8c00018 6804000000 PUSH DWORD 0x4
0x8c0001d 50 PUSH EAX
0x8c0001e ffd0 CALL EAX
0x8c00020 68e01d2a0a PUSH DWORD 0xa2a1de0
0x8c00025 6805000000 PUSH DWORD 0x5
0x8c0002a 50 PUSH EAX
0x8c0002b ffd3 CALL EBX
0x8c0002d 0000 ADD [EAX], AL
0x8c0002f 0000 ADD [EAX], AL
0x8c00031 0000 ADD [EAX], AL
0x8c00033 0000 ADD [EAX], AL
0x8c00035 0000 ADD [EAX], AL
0x8c00037 0000 ADD [EAX], AL
0x8c00039 0000 ADD [EAX], AL
0x8c0003b 00e0 ADD AL, AH
0x8c0003d 0000 ADD [EAX], AL
0x8c0003f 00 DB 0x0
Process: svchost.exe Pid: 1120 Address: 0x8e20000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 4113, PrivateMemory: 1, Protection: 6
0x08e20000 c8 00 00 00 6f 01 00 00 ff ee ff ee 00 10 04 00 ....o...........
0x08e20010 00 00 00 00 00 fe 00 00 00 00 10 00 00 20 00 00 ................
0x08e20020 00 02 00 00 00 20 00 00 30 21 20 00 ff ef fd 7f ........0!......
0x08e20030 25 00 08 06 00 00 00 00 00 00 00 00 00 00 00 00 %...............
0x8e20000 c8000000 ENTER 0x0, 0x0
0x8e20004 6f OUTS DX, DWORD [ESI]
0x8e20005 0100 ADD [EAX], EAX
0x8e20007 00ff ADD BH, BH
0x8e20009 ee OUT DX, AL
0x8e2000a ff DB 0xff
0x8e2000b ee OUT DX, AL
0x8e2000c 0010 ADD [EAX], DL
0x8e2000e 0400 ADD AL, 0x0
0x8e20010 0000 ADD [EAX], AL
0x8e20012 0000 ADD [EAX], AL
0x8e20014 00fe ADD DH, BH
0x8e20016 0000 ADD [EAX], AL
0x8e20018 0000 ADD [EAX], AL
0x8e2001a 1000 ADC [EAX], AL
0x8e2001c 0020 ADD [EAX], AH
0x8e2001e 0000 ADD [EAX], AL
0x8e20020 0002 ADD [EDX], AL
0x8e20022 0000 ADD [EAX], AL
0x8e20024 0020 ADD [EAX], AH
0x8e20026 0000 ADD [EAX], AL
0x8e20028 3021 XOR [ECX], AH
0x8e2002a 2000 AND [EAX], AL
0x8e2002c ff DB 0xff
0x8e2002d ef OUT DX, EAX
0x8e2002e fd STD
0x8e2002f 7f25 JG 0x8e20056
0x8e20031 0008 ADD [EAX], CL
0x8e20033 06 PUSH ES
0x8e20034 0000 ADD [EAX], AL
0x8e20036 0000 ADD [EAX], AL
0x8e20038 0000 ADD [EAX], AL
0x8e2003a 0000 ADD [EAX], AL
0x8e2003c 0000 ADD [EAX], AL
0x8e2003e 0000 ADD [EAX], AL
Process: svchost.exe Pid: 1120 Address: 0xa120000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 4113, PrivateMemory: 1, Protection: 6
0x0a120000 c8 00 00 00 0b 01 00 00 ff ee ff ee 00 10 04 00 ................
0x0a120010 00 00 00 00 00 fe 00 00 00 00 10 00 00 20 00 00 ................
0x0a120020 00 02 00 00 00 20 00 00 30 21 20 00 ff ef fd 7f ........0!......
0x0a120030 29 00 08 06 00 00 00 00 00 00 00 00 00 00 00 00 )...............
0xa120000 c8000000 ENTER 0x0, 0x0
0xa120004 0b01 OR EAX, [ECX]
0xa120006 0000 ADD [EAX], AL
0xa120008 ff DB 0xff
0xa120009 ee OUT DX, AL
0xa12000a ff DB 0xff
0xa12000b ee OUT DX, AL
0xa12000c 0010 ADD [EAX], DL
0xa12000e 0400 ADD AL, 0x0
0xa120010 0000 ADD [EAX], AL
0xa120012 0000 ADD [EAX], AL
0xa120014 00fe ADD DH, BH
0xa120016 0000 ADD [EAX], AL
0xa120018 0000 ADD [EAX], AL
0xa12001a 1000 ADC [EAX], AL
0xa12001c 0020 ADD [EAX], AH
0xa12001e 0000 ADD [EAX], AL
0xa120020 0002 ADD [EDX], AL
0xa120022 0000 ADD [EAX], AL
0xa120024 0020 ADD [EAX], AH
0xa120026 0000 ADD [EAX], AL
0xa120028 3021 XOR [ECX], AH
0xa12002a 2000 AND [EAX], AL
0xa12002c ff DB 0xff
0xa12002d ef OUT DX, EAX
0xa12002e fd STD
0xa12002f 7f29 JG 0xa12005a
0xa120031 0008 ADD [EAX], CL
0xa120033 06 PUSH ES
0xa120034 0000 ADD [EAX], AL
0xa120036 0000 ADD [EAX], AL
0xa120038 0000 ADD [EAX], AL
0xa12003a 0000 ADD [EAX], AL
0xa12003c 0000 ADD [EAX], AL
0xa12003e 0000 ADD [EAX], AL
Process: svchost.exe Pid: 1120 Address: 0x9f00000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 191, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x09f00000 4d 5a e8 00 00 00 00 5b 52 45 55 89 e5 81 c3 37 MZ.....[REU....7
0x09f00010 15 00 00 ff d3 89 c3 57 68 04 00 00 00 50 ff d0 .......Wh....P..
0x09f00020 68 e0 1d 2a 0a 68 05 00 00 00 50 ff d3 00 00 00 h..*.h....P.....
0x09f00030 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 ................
0x9f00000 4d DEC EBP
0x9f00001 5a POP EDX
0x9f00002 e800000000 CALL 0x9f00007
0x9f00007 5b POP EBX
0x9f00008 52 PUSH EDX
0x9f00009 45 INC EBP
0x9f0000a 55 PUSH EBP
0x9f0000b 89e5 MOV EBP, ESP
0x9f0000d 81c337150000 ADD EBX, 0x1537
0x9f00013 ffd3 CALL EBX
0x9f00015 89c3 MOV EBX, EAX
0x9f00017 57 PUSH EDI
0x9f00018 6804000000 PUSH DWORD 0x4
0x9f0001d 50 PUSH EAX
0x9f0001e ffd0 CALL EAX
0x9f00020 68e01d2a0a PUSH DWORD 0xa2a1de0
0x9f00025 6805000000 PUSH DWORD 0x5
0x9f0002a 50 PUSH EAX
0x9f0002b ffd3 CALL EBX
0x9f0002d 0000 ADD [EAX], AL
0x9f0002f 0000 ADD [EAX], AL
0x9f00031 0000 ADD [EAX], AL
0x9f00033 0000 ADD [EAX], AL
0x9f00035 0000 ADD [EAX], AL
0x9f00037 0000 ADD [EAX], AL
0x9f00039 0000 ADD [EAX], AL
0x9f0003b 00e0 ADD AL, AH
0x9f0003d 0000 ADD [EAX], AL
0x9f0003f 00 DB 0x0
Process: svchost.exe Pid: 1120 Address: 0xa0c0000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 85, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x0a0c0000 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............
0x0a0c0010 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ........@.......
0x0a0c0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x0a0c0030 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ................
0xa0c0000 4d DEC EBP
0xa0c0001 5a POP EDX
0xa0c0002 90 NOP
0xa0c0003 0003 ADD [EBX], AL
0xa0c0005 0000 ADD [EAX], AL
0xa0c0007 000400 ADD [EAX+EAX], AL
0xa0c000a 0000 ADD [EAX], AL
0xa0c000c ff DB 0xff
0xa0c000d ff00 INC DWORD [EAX]
0xa0c000f 00b800000000 ADD [EAX+0x0], BH
0xa0c0015 0000 ADD [EAX], AL
0xa0c0017 004000 ADD [EAX+0x0], AL
0xa0c001a 0000 ADD [EAX], AL
0xa0c001c 0000 ADD [EAX], AL
0xa0c001e 0000 ADD [EAX], AL
0xa0c0020 0000 ADD [EAX], AL
0xa0c0022 0000 ADD [EAX], AL
0xa0c0024 0000 ADD [EAX], AL
0xa0c0026 0000 ADD [EAX], AL
0xa0c0028 0000 ADD [EAX], AL
0xa0c002a 0000 ADD [EAX], AL
0xa0c002c 0000 ADD [EAX], AL
0xa0c002e 0000 ADD [EAX], AL
0xa0c0030 0000 ADD [EAX], AL
0xa0c0032 0000 ADD [EAX], AL
0xa0c0034 0000 ADD [EAX], AL
0xa0c0036 0000 ADD [EAX], AL
0xa0c0038 0000 ADD [EAX], AL
0xa0c003a 0000 ADD [EAX], AL
0xa0c003c 0001 ADD [ECX], AL
0xa0c003e 0000 ADD [EAX], AL
Process: svchost.exe Pid: 1120 Address: 0xb140000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 184, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x0b140000 4d 5a e8 00 00 00 00 5b 52 45 55 89 e5 81 c3 37 MZ.....[REU....7
0x0b140010 15 00 00 ff d3 89 c3 57 68 04 00 00 00 50 ff d0 .......Wh....P..
0x0b140020 68 e0 1d 2a 0a 68 05 00 00 00 50 ff d3 00 00 00 h..*.h....P.....
0x0b140030 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 ................
0xb140000 4d DEC EBP
0xb140001 5a POP EDX
0xb140002 e800000000 CALL 0xb140007
0xb140007 5b POP EBX
0xb140008 52 PUSH EDX
0xb140009 45 INC EBP
0xb14000a 55 PUSH EBP
0xb14000b 89e5 MOV EBP, ESP
0xb14000d 81c337150000 ADD EBX, 0x1537
0xb140013 ffd3 CALL EBX
0xb140015 89c3 MOV EBX, EAX
0xb140017 57 PUSH EDI
0xb140018 6804000000 PUSH DWORD 0x4
0xb14001d 50 PUSH EAX
0xb14001e ffd0 CALL EAX
0xb140020 68e01d2a0a PUSH DWORD 0xa2a1de0
0xb140025 6805000000 PUSH DWORD 0x5
0xb14002a 50 PUSH EAX
0xb14002b ffd3 CALL EBX
0xb14002d 0000 ADD [EAX], AL
0xb14002f 0000 ADD [EAX], AL
0xb140031 0000 ADD [EAX], AL
0xb140033 0000 ADD [EAX], AL
0xb140035 0000 ADD [EAX], AL
0xb140037 0000 ADD [EAX], AL
0xb140039 0000 ADD [EAX], AL
0xb14003b 00e0 ADD AL, AH
0xb14003d 0000 ADD [EAX], AL
0xb14003f 00 DB 0x0
Process: svchost.exe Pid: 1120 Address: 0xb3c0000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 85, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x0b3c0000 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............
0x0b3c0010 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ........@.......
0x0b3c0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x0b3c0030 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ................
0xb3c0000 4d DEC EBP
0xb3c0001 5a POP EDX
0xb3c0002 90 NOP
0xb3c0003 0003 ADD [EBX], AL
0xb3c0005 0000 ADD [EAX], AL
0xb3c0007 000400 ADD [EAX+EAX], AL
0xb3c000a 0000 ADD [EAX], AL
0xb3c000c ff DB 0xff
0xb3c000d ff00 INC DWORD [EAX]
0xb3c000f 00b800000000 ADD [EAX+0x0], BH
0xb3c0015 0000 ADD [EAX], AL
0xb3c0017 004000 ADD [EAX+0x0], AL
0xb3c001a 0000 ADD [EAX], AL
0xb3c001c 0000 ADD [EAX], AL
0xb3c001e 0000 ADD [EAX], AL
0xb3c0020 0000 ADD [EAX], AL
0xb3c0022 0000 ADD [EAX], AL
0xb3c0024 0000 ADD [EAX], AL
0xb3c0026 0000 ADD [EAX], AL
0xb3c0028 0000 ADD [EAX], AL
0xb3c002a 0000 ADD [EAX], AL
0xb3c002c 0000 ADD [EAX], AL
0xb3c002e 0000 ADD [EAX], AL
0xb3c0030 0000 ADD [EAX], AL
0xb3c0032 0000 ADD [EAX], AL
0xb3c0034 0000 ADD [EAX], AL
0xb3c0036 0000 ADD [EAX], AL
0xb3c0038 0000 ADD [EAX], AL
0xb3c003a 0000 ADD [EAX], AL
0xb3c003c 0001 ADD [ECX], AL
0xb3c003e 0000 ADD [EAX], AL
Process: svchost.exe Pid: 1120 Address: 0xb4a0000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 43, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x0b4a0000 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............
0x0b4a0010 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ........@.......
0x0b4a0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x0b4a0030 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 ................
0xb4a0000 4d DEC EBP
0xb4a0001 5a POP EDX
0xb4a0002 90 NOP
0xb4a0003 0003 ADD [EBX], AL
0xb4a0005 0000 ADD [EAX], AL
0xb4a0007 000400 ADD [EAX+EAX], AL
0xb4a000a 0000 ADD [EAX], AL
0xb4a000c ff DB 0xff
0xb4a000d ff00 INC DWORD [EAX]
0xb4a000f 00b800000000 ADD [EAX+0x0], BH
0xb4a0015 0000 ADD [EAX], AL
0xb4a0017 004000 ADD [EAX+0x0], AL
0xb4a001a 0000 ADD [EAX], AL
0xb4a001c 0000 ADD [EAX], AL
0xb4a001e 0000 ADD [EAX], AL
0xb4a0020 0000 ADD [EAX], AL
0xb4a0022 0000 ADD [EAX], AL
0xb4a0024 0000 ADD [EAX], AL
0xb4a0026 0000 ADD [EAX], AL
0xb4a0028 0000 ADD [EAX], AL
0xb4a002a 0000 ADD [EAX], AL
0xb4a002c 0000 ADD [EAX], AL
0xb4a002e 0000 ADD [EAX], AL
0xb4a0030 0000 ADD [EAX], AL
0xb4a0032 0000 ADD [EAX], AL
0xb4a0034 0000 ADD [EAX], AL
0xb4a0036 0000 ADD [EAX], AL
0xb4a0038 0000 ADD [EAX], AL
0xb4a003a 0000 ADD [EAX], AL
0xb4a003c e8 DB 0xe8
0xb4a003d 0000 ADD [EAX], AL
0xb4a003f 00 DB 0x0
Process: svchost.exe Pid: 1120 Address: 0xb420000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 85, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x0b420000 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............
0x0b420010 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ........@.......
0x0b420020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x0b420030 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ................
0xb420000 4d DEC EBP
0xb420001 5a POP EDX
0xb420002 90 NOP
0xb420003 0003 ADD [EBX], AL
0xb420005 0000 ADD [EAX], AL
0xb420007 000400 ADD [EAX+EAX], AL
0xb42000a 0000 ADD [EAX], AL
0xb42000c ff DB 0xff
0xb42000d ff00 INC DWORD [EAX]
0xb42000f 00b800000000 ADD [EAX+0x0], BH
0xb420015 0000 ADD [EAX], AL
0xb420017 004000 ADD [EAX+0x0], AL
0xb42001a 0000 ADD [EAX], AL
0xb42001c 0000 ADD [EAX], AL
0xb42001e 0000 ADD [EAX], AL
0xb420020 0000 ADD [EAX], AL
0xb420022 0000 ADD [EAX], AL
0xb420024 0000 ADD [EAX], AL
0xb420026 0000 ADD [EAX], AL
0xb420028 0000 ADD [EAX], AL
0xb42002a 0000 ADD [EAX], AL
0xb42002c 0000 ADD [EAX], AL
0xb42002e 0000 ADD [EAX], AL
0xb420030 0000 ADD [EAX], AL
0xb420032 0000 ADD [EAX], AL
0xb420034 0000 ADD [EAX], AL
0xb420036 0000 ADD [EAX], AL
0xb420038 0000 ADD [EAX], AL
0xb42003a 0000 ADD [EAX], AL
0xb42003c 0001 ADD [ECX], AL
0xb42003e 0000 ADD [EAX], AL
Process: svchost.exe Pid: 1120 Address: 0xb480000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 28, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x0b480000 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............
0x0b480010 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ........@.......
0x0b480020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x0b480030 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 ................
0xb480000 4d DEC EBP
0xb480001 5a POP EDX
0xb480002 90 NOP
0xb480003 0003 ADD [EBX], AL
0xb480005 0000 ADD [EAX], AL
0xb480007 000400 ADD [EAX+EAX], AL
0xb48000a 0000 ADD [EAX], AL
0xb48000c ff DB 0xff
0xb48000d ff00 INC DWORD [EAX]
0xb48000f 00b800000000 ADD [EAX+0x0], BH
0xb480015 0000 ADD [EAX], AL
0xb480017 004000 ADD [EAX+0x0], AL
0xb48001a 0000 ADD [EAX], AL
0xb48001c 0000 ADD [EAX], AL
0xb48001e 0000 ADD [EAX], AL
0xb480020 0000 ADD [EAX], AL
0xb480022 0000 ADD [EAX], AL
0xb480024 0000 ADD [EAX], AL
0xb480026 0000 ADD [EAX], AL
0xb480028 0000 ADD [EAX], AL
0xb48002a 0000 ADD [EAX], AL
0xb48002c 0000 ADD [EAX], AL
0xb48002e 0000 ADD [EAX], AL
0xb480030 0000 ADD [EAX], AL
0xb480032 0000 ADD [EAX], AL
0xb480034 0000 ADD [EAX], AL
0xb480036 0000 ADD [EAX], AL
0xb480038 0000 ADD [EAX], AL
0xb48003a 0000 ADD [EAX], AL
0xb48003c f00000 LOCK ADD [EAX], AL
0xb48003f 00 DB 0x0
Process: svchost.exe Pid: 1120 Address: 0xb4d0000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 184, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x0b4d0000 4d 5a e8 00 00 00 00 5b 52 45 55 89 e5 81 c3 37 MZ.....[REU....7
0x0b4d0010 15 00 00 ff d3 89 c3 57 68 04 00 00 00 50 ff d0 .......Wh....P..
0x0b4d0020 68 e0 1d 2a 0a 68 05 00 00 00 50 ff d3 00 00 00 h..*.h....P.....
0x0b4d0030 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 ................
0xb4d0000 4d DEC EBP
0xb4d0001 5a POP EDX
0xb4d0002 e800000000 CALL 0xb4d0007
0xb4d0007 5b POP EBX
0xb4d0008 52 PUSH EDX
0xb4d0009 45 INC EBP
0xb4d000a 55 PUSH EBP
0xb4d000b 89e5 MOV EBP, ESP
0xb4d000d 81c337150000 ADD EBX, 0x1537
0xb4d0013 ffd3 CALL EBX
0xb4d0015 89c3 MOV EBX, EAX
0xb4d0017 57 PUSH EDI
0xb4d0018 6804000000 PUSH DWORD 0x4
0xb4d001d 50 PUSH EAX
0xb4d001e ffd0 CALL EAX
0xb4d0020 68e01d2a0a PUSH DWORD 0xa2a1de0
0xb4d0025 6805000000 PUSH DWORD 0x5
0xb4d002a 50 PUSH EAX
0xb4d002b ffd3 CALL EBX
0xb4d002d 0000 ADD [EAX], AL
0xb4d002f 0000 ADD [EAX], AL
0xb4d0031 0000 ADD [EAX], AL
0xb4d0033 0000 ADD [EAX], AL
0xb4d0035 0000 ADD [EAX], AL
0xb4d0037 0000 ADD [EAX], AL
0xb4d0039 0000 ADD [EAX], AL
0xb4d003b 00e0 ADD AL, AH
0xb4d003d 0000 ADD [EAX], AL
0xb4d003f 00 DB 0x0
Process: svchost.exe Pid: 1120 Address: 0xb590000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 191, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x0b590000 4d 5a e8 00 00 00 00 5b 52 45 55 89 e5 81 c3 37 MZ.....[REU....7
0x0b590010 15 00 00 ff d3 89 c3 57 68 04 00 00 00 50 ff d0 .......Wh....P..
0x0b590020 68 e0 1d 2a 0a 68 05 00 00 00 50 ff d3 00 00 00 h..*.h....P.....
0x0b590030 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 ................
0xb590000 4d DEC EBP
0xb590001 5a POP EDX
0xb590002 e800000000 CALL 0xb590007
0xb590007 5b POP EBX
0xb590008 52 PUSH EDX
0xb590009 45 INC EBP
0xb59000a 55 PUSH EBP
0xb59000b 89e5 MOV EBP, ESP
0xb59000d 81c337150000 ADD EBX, 0x1537
0xb590013 ffd3 CALL EBX
0xb590015 89c3 MOV EBX, EAX
0xb590017 57 PUSH EDI
0xb590018 6804000000 PUSH DWORD 0x4
0xb59001d 50 PUSH EAX
0xb59001e ffd0 CALL EAX
0xb590020 68e01d2a0a PUSH DWORD 0xa2a1de0
0xb590025 6805000000 PUSH DWORD 0x5
0xb59002a 50 PUSH EAX
0xb59002b ffd3 CALL EBX
0xb59002d 0000 ADD [EAX], AL
0xb59002f 0000 ADD [EAX], AL
0xb590031 0000 ADD [EAX], AL
0xb590033 0000 ADD [EAX], AL
0xb590035 0000 ADD [EAX], AL
0xb590037 0000 ADD [EAX], AL
0xb590039 0000 ADD [EAX], AL
0xb59003b 00e0 ADD AL, AH
0xb59003d 0000 ADD [EAX], AL
0xb59003f 00 DB 0x0
Process: svchost.exe Pid: 1120 Address: 0xbf60000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 4113, PrivateMemory: 1, Protection: 6
0x0bf60000 c8 00 00 00 61 01 00 00 ff ee ff ee 00 10 04 00 ....a...........
0x0bf60010 00 00 00 00 00 fe 00 00 00 00 10 00 00 20 00 00 ................
0x0bf60020 00 02 00 00 00 20 00 00 30 21 20 00 ff ef fd 7f ........0!......
0x0bf60030 2e 00 08 06 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xbf60000 c8000000 ENTER 0x0, 0x0
0xbf60004 61 POPA
0xbf60005 0100 ADD [EAX], EAX
0xbf60007 00ff ADD BH, BH
0xbf60009 ee OUT DX, AL
0xbf6000a ff DB 0xff
0xbf6000b ee OUT DX, AL
0xbf6000c 0010 ADD [EAX], DL
0xbf6000e 0400 ADD AL, 0x0
0xbf60010 0000 ADD [EAX], AL
0xbf60012 0000 ADD [EAX], AL
0xbf60014 00fe ADD DH, BH
0xbf60016 0000 ADD [EAX], AL
0xbf60018 0000 ADD [EAX], AL
0xbf6001a 1000 ADC [EAX], AL
0xbf6001c 0020 ADD [EAX], AH
0xbf6001e 0000 ADD [EAX], AL
0xbf60020 0002 ADD [EDX], AL
0xbf60022 0000 ADD [EAX], AL
0xbf60024 0020 ADD [EAX], AH
0xbf60026 0000 ADD [EAX], AL
0xbf60028 3021 XOR [ECX], AH
0xbf6002a 2000 AND [EAX], AL
0xbf6002c ff DB 0xff
0xbf6002d ef OUT DX, EAX
0xbf6002e fd STD
0xbf6002f 7f2e JG 0xbf6005f
0xbf60031 0008 ADD [EAX], CL
0xbf60033 06 PUSH ES
0xbf60034 0000 ADD [EAX], AL
0xbf60036 0000 ADD [EAX], AL
0xbf60038 0000 ADD [EAX], AL
0xbf6003a 0000 ADD [EAX], AL
0xbf6003c 0000 ADD [EAX], AL
0xbf6003e 0000 ADD [EAX], AL
Process: explorer.exe Pid: 2012 Address: 0x1930000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x01930000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x01930010 00 00 93 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x01930020 10 00 93 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x01930030 20 00 93 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x1930000 0000 ADD [EAX], AL
0x1930002 0000 ADD [EAX], AL
0x1930004 0000 ADD [EAX], AL
0x1930006 0000 ADD [EAX], AL
0x1930008 0000 ADD [EAX], AL
0x193000a 0000 ADD [EAX], AL
0x193000c 0000 ADD [EAX], AL
0x193000e 0000 ADD [EAX], AL
0x1930010 0000 ADD [EAX], AL
0x1930012 93 XCHG EBX, EAX
0x1930013 0100 ADD [EAX], EAX
0x1930015 0000 ADD [EAX], AL
0x1930017 0000 ADD [EAX], AL
0x1930019 0000 ADD [EAX], AL
0x193001b 0000 ADD [EAX], AL
0x193001d 0000 ADD [EAX], AL
0x193001f 0010 ADD [EAX], DL
0x1930021 009301000000 ADD [EBX+0x1], DL
0x1930027 0000 ADD [EAX], AL
0x1930029 0000 ADD [EAX], AL
0x193002b 0000 ADD [EAX], AL
0x193002d 0000 ADD [EAX], AL
0x193002f 0020 ADD [EAX], AH
0x1930031 009301000000 ADD [EBX+0x1], DL
0x1930037 0000 ADD [EAX], AL
0x1930039 0000 ADD [EAX], AL
0x193003b 0000 ADD [EAX], AL
0x193003d 0000 ADD [EAX], AL
0x193003f 00 DB 0x0
Process: chrome.exe Pid: 1796 Address: 0x63a0000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x063a0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x063a0010 00 00 3a 06 00 00 00 00 00 00 00 00 00 00 00 00 ..:.............
0x063a0020 10 00 3a 06 00 00 00 00 00 00 00 00 00 00 00 00 ..:.............
0x063a0030 20 00 3a 06 00 00 00 00 00 00 00 00 00 00 00 00 ..:.............
0x63a0000 0000 ADD [EAX], AL
0x63a0002 0000 ADD [EAX], AL
0x63a0004 0000 ADD [EAX], AL
0x63a0006 0000 ADD [EAX], AL
0x63a0008 0000 ADD [EAX], AL
0x63a000a 0000 ADD [EAX], AL
0x63a000c 0000 ADD [EAX], AL
0x63a000e 0000 ADD [EAX], AL
0x63a0010 0000 ADD [EAX], AL
0x63a0012 3a06 CMP AL, [ESI]
0x63a0014 0000 ADD [EAX], AL
0x63a0016 0000 ADD [EAX], AL
0x63a0018 0000 ADD [EAX], AL
0x63a001a 0000 ADD [EAX], AL
0x63a001c 0000 ADD [EAX], AL
0x63a001e 0000 ADD [EAX], AL
0x63a0020 1000 ADC [EAX], AL
0x63a0022 3a06 CMP AL, [ESI]
0x63a0024 0000 ADD [EAX], AL
0x63a0026 0000 ADD [EAX], AL
0x63a0028 0000 ADD [EAX], AL
0x63a002a 0000 ADD [EAX], AL
0x63a002c 0000 ADD [EAX], AL
0x63a002e 0000 ADD [EAX], AL
0x63a0030 2000 AND [EAX], AL
0x63a0032 3a06 CMP AL, [ESI]
0x63a0034 0000 ADD [EAX], AL
0x63a0036 0000 ADD [EAX], AL
0x63a0038 0000 ADD [EAX], AL
0x63a003a 0000 ADD [EAX], AL
0x63a003c 0000 ADD [EAX], AL
0x63a003e 0000 ADD [EAX], AL
Process: chrome.exe Pid: 1480 Address: 0x7500000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x07500000 53 52 57 dd 44 24 10 8b 5c 24 10 8b 54 24 14 89 SRW.D$..\$..T$..
0x07500010 d7 81 e7 00 00 f0 7f 81 ff 00 00 e0 43 72 3c 81 ............Cr<.
0x07500020 ff 00 00 f0 7f 75 11 dd d8 68 00 00 f8 7f 6a 00 .....u...h....j.
0x07500030 dd 04 24 83 c4 08 eb 25 89 c7 d9 eb dc c0 d9 c1 ..$....%........
0x7500000 53 PUSH EBX
0x7500001 52 PUSH EDX
0x7500002 57 PUSH EDI
0x7500003 dd442410 FLD QWORD [ESP+0x10]
0x7500007 8b5c2410 MOV EBX, [ESP+0x10]
0x750000b 8b542414 MOV EDX, [ESP+0x14]
0x750000f 89d7 MOV EDI, EDX
0x7500011 81e70000f07f AND EDI, 0x7ff00000
0x7500017 81ff0000e043 CMP EDI, 0x43e00000
0x750001d 723c JB 0x750005b
0x750001f 81ff0000f07f CMP EDI, 0x7ff00000
0x7500025 7511 JNZ 0x7500038
0x7500027 ddd8 FSTP ST0
0x7500029 680000f87f PUSH DWORD 0x7ff80000
0x750002e 6a00 PUSH 0x0
0x7500030 dd0424 FLD QWORD [ESP]
0x7500033 83c408 ADD ESP, 0x8
0x7500036 eb25 JMP 0x750005d
0x7500038 89c7 MOV EDI, EAX
0x750003a d9eb FLDPI
0x750003c dcc0 FADD ST0, ST0
0x750003e d9c1 FLD ST1
Process: chrome.exe Pid: 1480 Address: 0xd700000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x0d700000 57 56 8b 7c 24 0c 8b 74 24 10 8b 4c 24 14 f3 0f WV.|$..t$..L$...
0x0d700010 6f 06 f3 0f 7f 07 89 fa 83 e2 0f f7 da 83 c2 10 o...............
0x0d700020 03 fa 03 f2 2b ca f7 c6 0f 00 00 00 0f 85 5e 00 ....+.........^.
0x0d700030 00 00 89 ca c1 e9 05 0f 18 4e 20 66 0f 6f 06 66 .........N.f.o.f
0xd700000 57 PUSH EDI
0xd700001 56 PUSH ESI
0xd700002 8b7c240c MOV EDI, [ESP+0xc]
0xd700006 8b742410 MOV ESI, [ESP+0x10]
0xd70000a 8b4c2414 MOV ECX, [ESP+0x14]
0xd70000e f30f6f06 MOVDQU XMM0, [ESI]
0xd700012 f30f7f07 MOVDQU [EDI], XMM0
0xd700016 89fa MOV EDX, EDI
0xd700018 83e20f AND EDX, 0xf
0xd70001b f7da NEG EDX
0xd70001d 83c210 ADD EDX, 0x10
0xd700020 03fa ADD EDI, EDX
0xd700022 03f2 ADD ESI, EDX
0xd700024 2bca SUB ECX, EDX
0xd700026 f7c60f000000 TEST ESI, 0xf
0xd70002c 0f855e000000 JNZ 0xd700090
0xd700032 89ca MOV EDX, ECX
0xd700034 c1e905 SHR ECX, 0x5
0xd700037 0f184e20 PREFETCHT0 [ESI+0x20]
0xd70003b 660f6f06 MOVDQA XMM0, [ESI]
0xd70003f 66 DB 0x66
Process: chrome.exe Pid: 1480 Address: 0x2dd00000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x2dd00000 53 52 57 dd 44 24 10 8b 5c 24 10 8b 54 24 14 89 SRW.D$..\$..T$..
0x2dd00010 d7 81 e7 00 00 f0 7f 81 ff 00 00 e0 43 72 3c 81 ............Cr<.
0x2dd00020 ff 00 00 f0 7f 75 11 dd d8 68 00 00 f8 7f 6a 00 .....u...h....j.
0x2dd00030 dd 04 24 83 c4 08 eb 25 89 c7 d9 eb dc c0 d9 c1 ..$....%........
0x2dd00000 53 PUSH EBX
0x2dd00001 52 PUSH EDX
0x2dd00002 57 PUSH EDI
0x2dd00003 dd442410 FLD QWORD [ESP+0x10]
0x2dd00007 8b5c2410 MOV EBX, [ESP+0x10]
0x2dd0000b 8b542414 MOV EDX, [ESP+0x14]
0x2dd0000f 89d7 MOV EDI, EDX
0x2dd00011 81e70000f07f AND EDI, 0x7ff00000
0x2dd00017 81ff0000e043 CMP EDI, 0x43e00000
0x2dd0001d 723c JB 0x2dd0005b
0x2dd0001f 81ff0000f07f CMP EDI, 0x7ff00000
0x2dd00025 7511 JNZ 0x2dd00038
0x2dd00027 ddd8 FSTP ST0
0x2dd00029 680000f87f PUSH DWORD 0x7ff80000
0x2dd0002e 6a00 PUSH 0x0
0x2dd00030 dd0424 FLD QWORD [ESP]
0x2dd00033 83c408 ADD ESP, 0x8
0x2dd00036 eb25 JMP 0x2dd0005d
0x2dd00038 89c7 MOV EDI, EAX
0x2dd0003a d9eb FLDPI
0x2dd0003c dcc0 FADD ST0, ST0
0x2dd0003e d9c1 FLD ST1
Process: chrome.exe Pid: 1480 Address: 0x17800000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x17800000 53 52 57 dd 44 24 10 8b 5c 24 10 8b 54 24 14 89 SRW.D$..\$..T$..
0x17800010 d7 81 e7 00 00 f0 7f 81 ff 00 00 e0 43 72 3c 81 ............Cr<.
0x17800020 ff 00 00 f0 7f 75 11 dd d8 68 00 00 f8 7f 6a 00 .....u...h....j.
0x17800030 dd 04 24 83 c4 08 eb 27 89 c7 d9 eb dc c0 d9 c1 ..$....'........
0x17800000 53 PUSH EBX
0x17800001 52 PUSH EDX
0x17800002 57 PUSH EDI
0x17800003 dd442410 FLD QWORD [ESP+0x10]
0x17800007 8b5c2410 MOV EBX, [ESP+0x10]
0x1780000b 8b542414 MOV EDX, [ESP+0x14]
0x1780000f 89d7 MOV EDI, EDX
0x17800011 81e70000f07f AND EDI, 0x7ff00000
0x17800017 81ff0000e043 CMP EDI, 0x43e00000
0x1780001d 723c JB 0x1780005b
0x1780001f 81ff0000f07f CMP EDI, 0x7ff00000
0x17800025 7511 JNZ 0x17800038
0x17800027 ddd8 FSTP ST0
0x17800029 680000f87f PUSH DWORD 0x7ff80000
0x1780002e 6a00 PUSH 0x0
0x17800030 dd0424 FLD QWORD [ESP]
0x17800033 83c408 ADD ESP, 0x8
0x17800036 eb27 JMP 0x1780005f
0x17800038 89c7 MOV EDI, EAX
0x1780003a d9eb FLDPI
0x1780003c dcc0 FADD ST0, ST0
0x1780003e d9c1 FLD ST1
Process: chrome.exe Pid: 1480 Address: 0x24700000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x24700000 53 52 57 dd 44 24 10 8b 5c 24 10 8b 54 24 14 d9 SRW.D$..\$..T$..
0x24700010 ed d9 c9 d9 f1 5f 5a 5b c3 00 00 00 00 00 00 00 ....._Z[........
0x24700020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x24700030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x24700000 53 PUSH EBX
0x24700001 52 PUSH EDX
0x24700002 57 PUSH EDI
0x24700003 dd442410 FLD QWORD [ESP+0x10]
0x24700007 8b5c2410 MOV EBX, [ESP+0x10]
0x2470000b 8b542414 MOV EDX, [ESP+0x14]
0x2470000f d9ed FLDLN2
0x24700011 d9c9 FXCH
0x24700013 d9f1 FYL2X
0x24700015 5f POP EDI
0x24700016 5a POP EDX
0x24700017 5b POP EBX
0x24700018 c3 RET
0x24700019 0000 ADD [EAX], AL
0x2470001b 0000 ADD [EAX], AL
0x2470001d 0000 ADD [EAX], AL
0x2470001f 0000 ADD [EAX], AL
0x24700021 0000 ADD [EAX], AL
0x24700023 0000 ADD [EAX], AL
0x24700025 0000 ADD [EAX], AL
0x24700027 0000 ADD [EAX], AL
0x24700029 0000 ADD [EAX], AL
0x2470002b 0000 ADD [EAX], AL
0x2470002d 0000 ADD [EAX], AL
0x2470002f 0000 ADD [EAX], AL
0x24700031 0000 ADD [EAX], AL
0x24700033 0000 ADD [EAX], AL
0x24700035 0000 ADD [EAX], AL
0x24700037 0000 ADD [EAX], AL
0x24700039 0000 ADD [EAX], AL
0x2470003b 0000 ADD [EAX], AL
0x2470003d 0000 ADD [EAX], AL
0x2470003f 00 DB 0x0
Process: chrome.exe Pid: 1480 Address: 0x3c000000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x3c000000 f2 0f 10 44 24 04 f2 0f 51 c0 f2 0f 11 44 24 04 ...D$...Q....D$.
0x3c000010 dd 44 24 04 c3 00 00 00 00 00 00 00 00 00 00 00 .D$.............
0x3c000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x3c000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x3c000000 f20f10442404 MOVSD XMM0, [ESP+0x4]
0x3c000006 f20f51c0 SQRTSD XMM0, XMM0
0x3c00000a f20f11442404 MOVSD [ESP+0x4], XMM0
0x3c000010 dd442404 FLD QWORD [ESP+0x4]
0x3c000014 c3 RET
0x3c000015 0000 ADD [EAX], AL
0x3c000017 0000 ADD [EAX], AL
0x3c000019 0000 ADD [EAX], AL
0x3c00001b 0000 ADD [EAX], AL
0x3c00001d 0000 ADD [EAX], AL
0x3c00001f 0000 ADD [EAX], AL
0x3c000021 0000 ADD [EAX], AL
0x3c000023 0000 ADD [EAX], AL
0x3c000025 0000 ADD [EAX], AL
0x3c000027 0000 ADD [EAX], AL
0x3c000029 0000 ADD [EAX], AL
0x3c00002b 0000 ADD [EAX], AL
0x3c00002d 0000 ADD [EAX], AL
0x3c00002f 0000 ADD [EAX], AL
0x3c000031 0000 ADD [EAX], AL
0x3c000033 0000 ADD [EAX], AL
0x3c000035 0000 ADD [EAX], AL
0x3c000037 0000 ADD [EAX], AL
0x3c000039 0000 ADD [EAX], AL
0x3c00003b 0000 ADD [EAX], AL
0x3c00003d 0000 ADD [EAX], AL
0x3c00003f 00 DB 0x0
Process: chrome.exe Pid: 1308 Address: 0xed00000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x0ed00000 53 52 57 dd 44 24 10 8b 5c 24 10 8b 54 24 14 89 SRW.D$..\$..T$..
0x0ed00010 d7 81 e7 00 00 f0 7f 81 ff 00 00 e0 43 72 3c 81 ............Cr<.
0x0ed00020 ff 00 00 f0 7f 75 11 dd d8 68 00 00 f8 7f 6a 00 .....u...h....j.
0x0ed00030 dd 04 24 83 c4 08 eb 27 89 c7 d9 eb dc c0 d9 c1 ..$....'........
0xed00000 53 PUSH EBX
0xed00001 52 PUSH EDX
0xed00002 57 PUSH EDI
0xed00003 dd442410 FLD QWORD [ESP+0x10]
0xed00007 8b5c2410 MOV EBX, [ESP+0x10]
0xed0000b 8b542414 MOV EDX, [ESP+0x14]
0xed0000f 89d7 MOV EDI, EDX
0xed00011 81e70000f07f AND EDI, 0x7ff00000
0xed00017 81ff0000e043 CMP EDI, 0x43e00000
0xed0001d 723c JB 0xed0005b
0xed0001f 81ff0000f07f CMP EDI, 0x7ff00000
0xed00025 7511 JNZ 0xed00038
0xed00027 ddd8 FSTP ST0
0xed00029 680000f87f PUSH DWORD 0x7ff80000
0xed0002e 6a00 PUSH 0x0
0xed00030 dd0424 FLD QWORD [ESP]
0xed00033 83c408 ADD ESP, 0x8
0xed00036 eb27 JMP 0xed0005f
0xed00038 89c7 MOV EDI, EAX
0xed0003a d9eb FLDPI
0xed0003c dcc0 FADD ST0, ST0
0xed0003e d9c1 FLD ST1
Process: chrome.exe Pid: 1308 Address: 0x36800000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x36800000 53 52 57 dd 44 24 10 8b 5c 24 10 8b 54 24 14 89 SRW.D$..\$..T$..
0x36800010 d7 81 e7 00 00 f0 7f 81 ff 00 00 e0 43 72 3c 81 ............Cr<.
0x36800020 ff 00 00 f0 7f 75 11 dd d8 68 00 00 f8 7f 6a 00 .....u...h....j.
0x36800030 dd 04 24 83 c4 08 eb 25 89 c7 d9 eb dc c0 d9 c1 ..$....%........
0x36800000 53 PUSH EBX
0x36800001 52 PUSH EDX
0x36800002 57 PUSH EDI
0x36800003 dd442410 FLD QWORD [ESP+0x10]
0x36800007 8b5c2410 MOV EBX, [ESP+0x10]
0x3680000b 8b542414 MOV EDX, [ESP+0x14]
0x3680000f 89d7 MOV EDI, EDX
0x36800011 81e70000f07f AND EDI, 0x7ff00000
0x36800017 81ff0000e043 CMP EDI, 0x43e00000
0x3680001d 723c JB 0x3680005b
0x3680001f 81ff0000f07f CMP EDI, 0x7ff00000
0x36800025 7511 JNZ 0x36800038
0x36800027 ddd8 FSTP ST0
0x36800029 680000f87f PUSH DWORD 0x7ff80000
0x3680002e 6a00 PUSH 0x0
0x36800030 dd0424 FLD QWORD [ESP]
0x36800033 83c408 ADD ESP, 0x8
0x36800036 eb25 JMP 0x3680005d
0x36800038 89c7 MOV EDI, EAX
0x3680003a d9eb FLDPI
0x3680003c dcc0 FADD ST0, ST0
0x3680003e d9c1 FLD ST1
Process: chrome.exe Pid: 1308 Address: 0x2fa00000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x2fa00000 53 52 57 dd 44 24 10 8b 5c 24 10 8b 54 24 14 89 SRW.D$..\$..T$..
0x2fa00010 d7 81 e7 00 00 f0 7f 81 ff 00 00 e0 43 72 3c 81 ............Cr<.
0x2fa00020 ff 00 00 f0 7f 75 11 dd d8 68 00 00 f8 7f 6a 00 .....u...h....j.
0x2fa00030 dd 04 24 83 c4 08 eb 25 89 c7 d9 eb dc c0 d9 c1 ..$....%........
0x2fa00000 53 PUSH EBX
0x2fa00001 52 PUSH EDX
0x2fa00002 57 PUSH EDI
0x2fa00003 dd442410 FLD QWORD [ESP+0x10]
0x2fa00007 8b5c2410 MOV EBX, [ESP+0x10]
0x2fa0000b 8b542414 MOV EDX, [ESP+0x14]
0x2fa0000f 89d7 MOV EDI, EDX
0x2fa00011 81e70000f07f AND EDI, 0x7ff00000
0x2fa00017 81ff0000e043 CMP EDI, 0x43e00000
0x2fa0001d 723c JB 0x2fa0005b
0x2fa0001f 81ff0000f07f CMP EDI, 0x7ff00000
0x2fa00025 7511 JNZ 0x2fa00038
0x2fa00027 ddd8 FSTP ST0
0x2fa00029 680000f87f PUSH DWORD 0x7ff80000
0x2fa0002e 6a00 PUSH 0x0
0x2fa00030 dd0424 FLD QWORD [ESP]
0x2fa00033 83c408 ADD ESP, 0x8
0x2fa00036 eb25 JMP 0x2fa0005d
0x2fa00038 89c7 MOV EDI, EAX
0x2fa0003a d9eb FLDPI
0x2fa0003c dcc0 FADD ST0, ST0
0x2fa0003e d9c1 FLD ST1
Process: chrome.exe Pid: 1308 Address: 0x1f800000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x1f800000 53 52 57 dd 44 24 10 8b 5c 24 10 8b 54 24 14 d9 SRW.D$..\$..T$..
0x1f800010 ed d9 c9 d9 f1 5f 5a 5b c3 00 00 00 00 00 00 00 ....._Z[........
0x1f800020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x1f800030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x1f800000 53 PUSH EBX
0x1f800001 52 PUSH EDX
0x1f800002 57 PUSH EDI
0x1f800003 dd442410 FLD QWORD [ESP+0x10]
0x1f800007 8b5c2410 MOV EBX, [ESP+0x10]
0x1f80000b 8b542414 MOV EDX, [ESP+0x14]
0x1f80000f d9ed FLDLN2
0x1f800011 d9c9 FXCH
0x1f800013 d9f1 FYL2X
0x1f800015 5f POP EDI
0x1f800016 5a POP EDX
0x1f800017 5b POP EBX
0x1f800018 c3 RET
0x1f800019 0000 ADD [EAX], AL
0x1f80001b 0000 ADD [EAX], AL
0x1f80001d 0000 ADD [EAX], AL
0x1f80001f 0000 ADD [EAX], AL
0x1f800021 0000 ADD [EAX], AL
0x1f800023 0000 ADD [EAX], AL
0x1f800025 0000 ADD [EAX], AL
0x1f800027 0000 ADD [EAX], AL
0x1f800029 0000 ADD [EAX], AL
0x1f80002b 0000 ADD [EAX], AL
0x1f80002d 0000 ADD [EAX], AL
0x1f80002f 0000 ADD [EAX], AL
0x1f800031 0000 ADD [EAX], AL
0x1f800033 0000 ADD [EAX], AL
0x1f800035 0000 ADD [EAX], AL
0x1f800037 0000 ADD [EAX], AL
0x1f800039 0000 ADD [EAX], AL
0x1f80003b 0000 ADD [EAX], AL
0x1f80003d 0000 ADD [EAX], AL
0x1f80003f 00 DB 0x0
Process: chrome.exe Pid: 1308 Address: 0x1de00000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x1de00000 f2 0f 10 44 24 04 f2 0f 51 c0 f2 0f 11 44 24 04 ...D$...Q....D$.
0x1de00010 dd 44 24 04 c3 00 00 00 00 00 00 00 00 00 00 00 .D$.............
0x1de00020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x1de00030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x1de00000 f20f10442404 MOVSD XMM0, [ESP+0x4]
0x1de00006 f20f51c0 SQRTSD XMM0, XMM0
0x1de0000a f20f11442404 MOVSD [ESP+0x4], XMM0
0x1de00010 dd442404 FLD QWORD [ESP+0x4]
0x1de00014 c3 RET
0x1de00015 0000 ADD [EAX], AL
0x1de00017 0000 ADD [EAX], AL
0x1de00019 0000 ADD [EAX], AL
0x1de0001b 0000 ADD [EAX], AL
0x1de0001d 0000 ADD [EAX], AL
0x1de0001f 0000 ADD [EAX], AL
0x1de00021 0000 ADD [EAX], AL
0x1de00023 0000 ADD [EAX], AL
0x1de00025 0000 ADD [EAX], AL
0x1de00027 0000 ADD [EAX], AL
0x1de00029 0000 ADD [EAX], AL
0x1de0002b 0000 ADD [EAX], AL
0x1de0002d 0000 ADD [EAX], AL
0x1de0002f 0000 ADD [EAX], AL
0x1de00031 0000 ADD [EAX], AL
0x1de00033 0000 ADD [EAX], AL
0x1de00035 0000 ADD [EAX], AL
0x1de00037 0000 ADD [EAX], AL
0x1de00039 0000 ADD [EAX], AL
0x1de0003b 0000 ADD [EAX], AL
0x1de0003d 0000 ADD [EAX], AL
0x1de0003f 00 DB 0x0
Process: chrome.exe Pid: 1308 Address: 0x2ce00000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x2ce00000 57 56 8b 7c 24 0c 8b 74 24 10 8b 4c 24 14 f3 0f WV.|$..t$..L$...
0x2ce00010 6f 06 f3 0f 7f 07 89 fa 83 e2 0f f7 da 83 c2 10 o...............
0x2ce00020 03 fa 03 f2 2b ca f7 c6 0f 00 00 00 0f 85 5e 00 ....+.........^.
0x2ce00030 00 00 89 ca c1 e9 05 0f 18 4e 20 66 0f 6f 06 66 .........N.f.o.f
0x2ce00000 57 PUSH EDI
0x2ce00001 56 PUSH ESI
0x2ce00002 8b7c240c MOV EDI, [ESP+0xc]
0x2ce00006 8b742410 MOV ESI, [ESP+0x10]
0x2ce0000a 8b4c2414 MOV ECX, [ESP+0x14]
0x2ce0000e f30f6f06 MOVDQU XMM0, [ESI]
0x2ce00012 f30f7f07 MOVDQU [EDI], XMM0
0x2ce00016 89fa MOV EDX, EDI
0x2ce00018 83e20f AND EDX, 0xf
0x2ce0001b f7da NEG EDX
0x2ce0001d 83c210 ADD EDX, 0x10
0x2ce00020 03fa ADD EDI, EDX
0x2ce00022 03f2 ADD ESI, EDX
0x2ce00024 2bca SUB ECX, EDX
0x2ce00026 f7c60f000000 TEST ESI, 0xf
0x2ce0002c 0f855e000000 JNZ 0x2ce00090
0x2ce00032 89ca MOV EDX, ECX
0x2ce00034 c1e905 SHR ECX, 0x5
0x2ce00037 0f184e20 PREFETCHT0 [ESI+0x20]
0x2ce0003b 660f6f06 MOVDQA XMM0, [ESI]
0x2ce0003f 66 DB 0x66
Process: chrome.exe Pid: 1788 Address: 0x1f300000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x1f300000 53 52 57 dd 44 24 10 8b 5c 24 10 8b 54 24 14 89 SRW.D$..\$..T$..
0x1f300010 d7 81 e7 00 00 f0 7f 81 ff 00 00 e0 43 72 3c 81 ............Cr<.
0x1f300020 ff 00 00 f0 7f 75 11 dd d8 68 00 00 f8 7f 6a 00 .....u...h....j.
0x1f300030 dd 04 24 83 c4 08 eb 27 89 c7 d9 eb dc c0 d9 c1 ..$....'........
0x1f300000 53 PUSH EBX
0x1f300001 52 PUSH EDX
0x1f300002 57 PUSH EDI
0x1f300003 dd442410 FLD QWORD [ESP+0x10]
0x1f300007 8b5c2410 MOV EBX, [ESP+0x10]
0x1f30000b 8b542414 MOV EDX, [ESP+0x14]
0x1f30000f 89d7 MOV EDI, EDX
0x1f300011 81e70000f07f AND EDI, 0x7ff00000
0x1f300017 81ff0000e043 CMP EDI, 0x43e00000
0x1f30001d 723c JB 0x1f30005b
0x1f30001f 81ff0000f07f CMP EDI, 0x7ff00000
0x1f300025 7511 JNZ 0x1f300038
0x1f300027 ddd8 FSTP ST0
0x1f300029 680000f87f PUSH DWORD 0x7ff80000
0x1f30002e 6a00 PUSH 0x0
0x1f300030 dd0424 FLD QWORD [ESP]
0x1f300033 83c408 ADD ESP, 0x8
0x1f300036 eb27 JMP 0x1f30005f
0x1f300038 89c7 MOV EDI, EAX
0x1f30003a d9eb FLDPI
0x1f30003c dcc0 FADD ST0, ST0
0x1f30003e d9c1 FLD ST1
Process: chrome.exe Pid: 1788 Address: 0x14c00000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x14c00000 53 52 57 dd 44 24 10 8b 5c 24 10 8b 54 24 14 89 SRW.D$..\$..T$..
0x14c00010 d7 81 e7 00 00 f0 7f 81 ff 00 00 e0 43 72 3c 81 ............Cr<.
0x14c00020 ff 00 00 f0 7f 75 11 dd d8 68 00 00 f8 7f 6a 00 .....u...h....j.
0x14c00030 dd 04 24 83 c4 08 eb 25 89 c7 d9 eb dc c0 d9 c1 ..$....%........
0x14c00000 53 PUSH EBX
0x14c00001 52 PUSH EDX
0x14c00002 57 PUSH EDI
0x14c00003 dd442410 FLD QWORD [ESP+0x10]
0x14c00007 8b5c2410 MOV EBX, [ESP+0x10]
0x14c0000b 8b542414 MOV EDX, [ESP+0x14]
0x14c0000f 89d7 MOV EDI, EDX
0x14c00011 81e70000f07f AND EDI, 0x7ff00000
0x14c00017 81ff0000e043 CMP EDI, 0x43e00000
0x14c0001d 723c JB 0x14c0005b
0x14c0001f 81ff0000f07f CMP EDI, 0x7ff00000
0x14c00025 7511 JNZ 0x14c00038
0x14c00027 ddd8 FSTP ST0
0x14c00029 680000f87f PUSH DWORD 0x7ff80000
0x14c0002e 6a00 PUSH 0x0
0x14c00030 dd0424 FLD QWORD [ESP]
0x14c00033 83c408 ADD ESP, 0x8
0x14c00036 eb25 JMP 0x14c0005d
0x14c00038 89c7 MOV EDI, EAX
0x14c0003a d9eb FLDPI
0x14c0003c dcc0 FADD ST0, ST0
0x14c0003e d9c1 FLD ST1
Process: chrome.exe Pid: 1788 Address: 0x3c000000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x3c000000 53 52 57 dd 44 24 10 8b 5c 24 10 8b 54 24 14 89 SRW.D$..\$..T$..
0x3c000010 d7 81 e7 00 00 f0 7f 81 ff 00 00 e0 43 72 3c 81 ............Cr<.
0x3c000020 ff 00 00 f0 7f 75 11 dd d8 68 00 00 f8 7f 6a 00 .....u...h....j.
0x3c000030 dd 04 24 83 c4 08 eb 25 89 c7 d9 eb dc c0 d9 c1 ..$....%........
0x3c000000 53 PUSH EBX
0x3c000001 52 PUSH EDX
0x3c000002 57 PUSH EDI
0x3c000003 dd442410 FLD QWORD [ESP+0x10]
0x3c000007 8b5c2410 MOV EBX, [ESP+0x10]
0x3c00000b 8b542414 MOV EDX, [ESP+0x14]
0x3c00000f 89d7 MOV EDI, EDX
0x3c000011 81e70000f07f AND EDI, 0x7ff00000
0x3c000017 81ff0000e043 CMP EDI, 0x43e00000
0x3c00001d 723c JB 0x3c00005b
0x3c00001f 81ff0000f07f CMP EDI, 0x7ff00000
0x3c000025 7511 JNZ 0x3c000038
0x3c000027 ddd8 FSTP ST0
0x3c000029 680000f87f PUSH DWORD 0x7ff80000
0x3c00002e 6a00 PUSH 0x0
0x3c000030 dd0424 FLD QWORD [ESP]
0x3c000033 83c408 ADD ESP, 0x8
0x3c000036 eb25 JMP 0x3c00005d
0x3c000038 89c7 MOV EDI, EAX
0x3c00003a d9eb FLDPI
0x3c00003c dcc0 FADD ST0, ST0
0x3c00003e d9c1 FLD ST1
Process: chrome.exe Pid: 1788 Address: 0x2c600000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x2c600000 57 56 8b 7c 24 0c 8b 74 24 10 8b 4c 24 14 f3 0f WV.|$..t$..L$...
0x2c600010 6f 06 f3 0f 7f 07 89 fa 83 e2 0f f7 da 83 c2 10 o...............
0x2c600020 03 fa 03 f2 2b ca f7 c6 0f 00 00 00 0f 85 5e 00 ....+.........^.
0x2c600030 00 00 89 ca c1 e9 05 0f 18 4e 20 66 0f 6f 06 66 .........N.f.o.f
0x2c600000 57 PUSH EDI
0x2c600001 56 PUSH ESI
0x2c600002 8b7c240c MOV EDI, [ESP+0xc]
0x2c600006 8b742410 MOV ESI, [ESP+0x10]
0x2c60000a 8b4c2414 MOV ECX, [ESP+0x14]
0x2c60000e f30f6f06 MOVDQU XMM0, [ESI]
0x2c600012 f30f7f07 MOVDQU [EDI], XMM0
0x2c600016 89fa MOV EDX, EDI
0x2c600018 83e20f AND EDX, 0xf
0x2c60001b f7da NEG EDX
0x2c60001d 83c210 ADD EDX, 0x10
0x2c600020 03fa ADD EDI, EDX
0x2c600022 03f2 ADD ESI, EDX
0x2c600024 2bca SUB ECX, EDX
0x2c600026 f7c60f000000 TEST ESI, 0xf
0x2c60002c 0f855e000000 JNZ 0x2c600090
0x2c600032 89ca MOV EDX, ECX
0x2c600034 c1e905 SHR ECX, 0x5
0x2c600037 0f184e20 PREFETCHT0 [ESI+0x20]
0x2c60003b 660f6f06 MOVDQA XMM0, [ESI]
0x2c60003f 66 DB 0x66
Process: chrome.exe Pid: 1788 Address: 0x24800000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x24800000 53 52 57 dd 44 24 10 8b 5c 24 10 8b 54 24 14 d9 SRW.D$..\$..T$..
0x24800010 ed d9 c9 d9 f1 5f 5a 5b c3 00 00 00 00 00 00 00 ....._Z[........
0x24800020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x24800030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x24800000 53 PUSH EBX
0x24800001 52 PUSH EDX
0x24800002 57 PUSH EDI
0x24800003 dd442410 FLD QWORD [ESP+0x10]
0x24800007 8b5c2410 MOV EBX, [ESP+0x10]
0x2480000b 8b542414 MOV EDX, [ESP+0x14]
0x2480000f d9ed FLDLN2
0x24800011 d9c9 FXCH
0x24800013 d9f1 FYL2X
0x24800015 5f POP EDI
0x24800016 5a POP EDX
0x24800017 5b POP EBX
0x24800018 c3 RET
0x24800019 0000 ADD [EAX], AL
0x2480001b 0000 ADD [EAX], AL
0x2480001d 0000 ADD [EAX], AL
0x2480001f 0000 ADD [EAX], AL
0x24800021 0000 ADD [EAX], AL
0x24800023 0000 ADD [EAX], AL
0x24800025 0000 ADD [EAX], AL
0x24800027 0000 ADD [EAX], AL
0x24800029 0000 ADD [EAX], AL
0x2480002b 0000 ADD [EAX], AL
0x2480002d 0000 ADD [EAX], AL
0x2480002f 0000 ADD [EAX], AL
0x24800031 0000 ADD [EAX], AL
0x24800033 0000 ADD [EAX], AL
0x24800035 0000 ADD [EAX], AL
0x24800037 0000 ADD [EAX], AL
0x24800039 0000 ADD [EAX], AL
0x2480003b 0000 ADD [EAX], AL
0x2480003d 0000 ADD [EAX], AL
0x2480003f 00 DB 0x0
Process: chrome.exe Pid: 1788 Address: 0x1f600000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x1f600000 f2 0f 10 44 24 04 f2 0f 51 c0 f2 0f 11 44 24 04 ...D$...Q....D$.
0x1f600010 dd 44 24 04 c3 00 00 00 00 00 00 00 00 00 00 00 .D$.............
0x1f600020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x1f600030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x1f600000 f20f10442404 MOVSD XMM0, [ESP+0x4]
0x1f600006 f20f51c0 SQRTSD XMM0, XMM0
0x1f60000a f20f11442404 MOVSD [ESP+0x4], XMM0
0x1f600010 dd442404 FLD QWORD [ESP+0x4]
0x1f600014 c3 RET
0x1f600015 0000 ADD [EAX], AL
0x1f600017 0000 ADD [EAX], AL
0x1f600019 0000 ADD [EAX], AL
0x1f60001b 0000 ADD [EAX], AL
0x1f60001d 0000 ADD [EAX], AL
0x1f60001f 0000 ADD [EAX], AL
0x1f600021 0000 ADD [EAX], AL
0x1f600023 0000 ADD [EAX], AL
0x1f600025 0000 ADD [EAX], AL
0x1f600027 0000 ADD [EAX], AL
0x1f600029 0000 ADD [EAX], AL
0x1f60002b 0000 ADD [EAX], AL
0x1f60002d 0000 ADD [EAX], AL
0x1f60002f 0000 ADD [EAX], AL
0x1f600031 0000 ADD [EAX], AL
0x1f600033 0000 ADD [EAX], AL
0x1f600035 0000 ADD [EAX], AL
0x1f600037 0000 ADD [EAX], AL
0x1f600039 0000 ADD [EAX], AL
0x1f60003b 0000 ADD [EAX], AL
0x1f60003d 0000 ADD [EAX], AL
0x1f60003f 00 DB 0x0
Process: chrome.exe Pid: 856 Address: 0x7b00000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x07b00000 53 52 57 dd 44 24 10 8b 5c 24 10 8b 54 24 14 89 SRW.D$..\$..T$..
0x07b00010 d7 81 e7 00 00 f0 7f 81 ff 00 00 e0 43 72 3c 81 ............Cr<.
0x07b00020 ff 00 00 f0 7f 75 11 dd d8 68 00 00 f8 7f 6a 00 .....u...h....j.
0x07b00030 dd 04 24 83 c4 08 eb 27 89 c7 d9 eb dc c0 d9 c1 ..$....'........
0x7b00000 53 PUSH EBX
0x7b00001 52 PUSH EDX
0x7b00002 57 PUSH EDI
0x7b00003 dd442410 FLD QWORD [ESP+0x10]
0x7b00007 8b5c2410 MOV EBX, [ESP+0x10]
0x7b0000b 8b542414 MOV EDX, [ESP+0x14]
0x7b0000f 89d7 MOV EDI, EDX
0x7b00011 81e70000f07f AND EDI, 0x7ff00000
0x7b00017 81ff0000e043 CMP EDI, 0x43e00000
0x7b0001d 723c JB 0x7b0005b
0x7b0001f 81ff0000f07f CMP EDI, 0x7ff00000
0x7b00025 7511 JNZ 0x7b00038
0x7b00027 ddd8 FSTP ST0
0x7b00029 680000f87f PUSH DWORD 0x7ff80000
0x7b0002e 6a00 PUSH 0x0
0x7b00030 dd0424 FLD QWORD [ESP]
0x7b00033 83c408 ADD ESP, 0x8
0x7b00036 eb27 JMP 0x7b0005f
0x7b00038 89c7 MOV EDI, EAX
0x7b0003a d9eb FLDPI
0x7b0003c dcc0 FADD ST0, ST0
0x7b0003e d9c1 FLD ST1
Process: chrome.exe Pid: 856 Address: 0x3d500000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x3d500000 53 52 57 dd 44 24 10 8b 5c 24 10 8b 54 24 14 89 SRW.D$..\$..T$..
0x3d500010 d7 81 e7 00 00 f0 7f 81 ff 00 00 e0 43 72 3c 81 ............Cr<.
0x3d500020 ff 00 00 f0 7f 75 11 dd d8 68 00 00 f8 7f 6a 00 .....u...h....j.
0x3d500030 dd 04 24 83 c4 08 eb 25 89 c7 d9 eb dc c0 d9 c1 ..$....%........
0x3d500000 53 PUSH EBX
0x3d500001 52 PUSH EDX
0x3d500002 57 PUSH EDI
0x3d500003 dd442410 FLD QWORD [ESP+0x10]
0x3d500007 8b5c2410 MOV EBX, [ESP+0x10]
0x3d50000b 8b542414 MOV EDX, [ESP+0x14]
0x3d50000f 89d7 MOV EDI, EDX
0x3d500011 81e70000f07f AND EDI, 0x7ff00000
0x3d500017 81ff0000e043 CMP EDI, 0x43e00000
0x3d50001d 723c JB 0x3d50005b
0x3d50001f 81ff0000f07f CMP EDI, 0x7ff00000
0x3d500025 7511 JNZ 0x3d500038
0x3d500027 ddd8 FSTP ST0
0x3d500029 680000f87f PUSH DWORD 0x7ff80000
0x3d50002e 6a00 PUSH 0x0
0x3d500030 dd0424 FLD QWORD [ESP]
0x3d500033 83c408 ADD ESP, 0x8
0x3d500036 eb25 JMP 0x3d50005d
0x3d500038 89c7 MOV EDI, EAX
0x3d50003a d9eb FLDPI
0x3d50003c dcc0 FADD ST0, ST0
0x3d50003e d9c1 FLD ST1
Process: chrome.exe Pid: 856 Address: 0x14f00000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x14f00000 53 52 57 dd 44 24 10 8b 5c 24 10 8b 54 24 14 d9 SRW.D$..\$..T$..
0x14f00010 ed d9 c9 d9 f1 5f 5a 5b c3 00 00 00 00 00 00 00 ....._Z[........
0x14f00020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x14f00030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x14f00000 53 PUSH EBX
0x14f00001 52 PUSH EDX
0x14f00002 57 PUSH EDI
0x14f00003 dd442410 FLD QWORD [ESP+0x10]
0x14f00007 8b5c2410 MOV EBX, [ESP+0x10]
0x14f0000b 8b542414 MOV EDX, [ESP+0x14]
0x14f0000f d9ed FLDLN2
0x14f00011 d9c9 FXCH
0x14f00013 d9f1 FYL2X
0x14f00015 5f POP EDI
0x14f00016 5a POP EDX
0x14f00017 5b POP EBX
0x14f00018 c3 RET
0x14f00019 0000 ADD [EAX], AL
0x14f0001b 0000 ADD [EAX], AL
0x14f0001d 0000 ADD [EAX], AL
0x14f0001f 0000 ADD [EAX], AL
0x14f00021 0000 ADD [EAX], AL
0x14f00023 0000 ADD [EAX], AL
0x14f00025 0000 ADD [EAX], AL
0x14f00027 0000 ADD [EAX], AL
0x14f00029 0000 ADD [EAX], AL
0x14f0002b 0000 ADD [EAX], AL
0x14f0002d 0000 ADD [EAX], AL
0x14f0002f 0000 ADD [EAX], AL
0x14f00031 0000 ADD [EAX], AL
0x14f00033 0000 ADD [EAX], AL
0x14f00035 0000 ADD [EAX], AL
0x14f00037 0000 ADD [EAX], AL
0x14f00039 0000 ADD [EAX], AL
0x14f0003b 0000 ADD [EAX], AL
0x14f0003d 0000 ADD [EAX], AL
0x14f0003f 00 DB 0x0
Process: chrome.exe Pid: 856 Address: 0x37600000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x37600000 f2 0f 10 44 24 04 f2 0f 51 c0 f2 0f 11 44 24 04 ...D$...Q....D$.
0x37600010 dd 44 24 04 c3 00 00 00 00 00 00 00 00 00 00 00 .D$.............
0x37600020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x37600030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x37600000 f20f10442404 MOVSD XMM0, [ESP+0x4]
0x37600006 f20f51c0 SQRTSD XMM0, XMM0
0x3760000a f20f11442404 MOVSD [ESP+0x4], XMM0
0x37600010 dd442404 FLD QWORD [ESP+0x4]
0x37600014 c3 RET
0x37600015 0000 ADD [EAX], AL
0x37600017 0000 ADD [EAX], AL
0x37600019 0000 ADD [EAX], AL
0x3760001b 0000 ADD [EAX], AL
0x3760001d 0000 ADD [EAX], AL
0x3760001f 0000 ADD [EAX], AL
0x37600021 0000 ADD [EAX], AL
0x37600023 0000 ADD [EAX], AL
0x37600025 0000 ADD [EAX], AL
0x37600027 0000 ADD [EAX], AL
0x37600029 0000 ADD [EAX], AL
0x3760002b 0000 ADD [EAX], AL
0x3760002d 0000 ADD [EAX], AL
0x3760002f 0000 ADD [EAX], AL
0x37600031 0000 ADD [EAX], AL
0x37600033 0000 ADD [EAX], AL
0x37600035 0000 ADD [EAX], AL
0x37600037 0000 ADD [EAX], AL
0x37600039 0000 ADD [EAX], AL
0x3760003b 0000 ADD [EAX], AL
0x3760003d 0000 ADD [EAX], AL
0x3760003f 00 DB 0x0
Process: chrome.exe Pid: 856 Address: 0x1ee00000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x1ee00000 57 56 8b 7c 24 0c 8b 74 24 10 8b 4c 24 14 f3 0f WV.|$..t$..L$...
0x1ee00010 6f 06 f3 0f 7f 07 89 fa 83 e2 0f f7 da 83 c2 10 o...............
0x1ee00020 03 fa 03 f2 2b ca f7 c6 0f 00 00 00 0f 85 5e 00 ....+.........^.
0x1ee00030 00 00 89 ca c1 e9 05 0f 18 4e 20 66 0f 6f 06 66 .........N.f.o.f
0x1ee00000 57 PUSH EDI
0x1ee00001 56 PUSH ESI
0x1ee00002 8b7c240c MOV EDI, [ESP+0xc]
0x1ee00006 8b742410 MOV ESI, [ESP+0x10]
0x1ee0000a 8b4c2414 MOV ECX, [ESP+0x14]
0x1ee0000e f30f6f06 MOVDQU XMM0, [ESI]
0x1ee00012 f30f7f07 MOVDQU [EDI], XMM0
0x1ee00016 89fa MOV EDX, EDI
0x1ee00018 83e20f AND EDX, 0xf
0x1ee0001b f7da NEG EDX
0x1ee0001d 83c210 ADD EDX, 0x10
0x1ee00020 03fa ADD EDI, EDX
0x1ee00022 03f2 ADD ESI, EDX
0x1ee00024 2bca SUB ECX, EDX
0x1ee00026 f7c60f000000 TEST ESI, 0xf
0x1ee0002c 0f855e000000 JNZ 0x1ee00090
0x1ee00032 89ca MOV EDX, ECX
0x1ee00034 c1e905 SHR ECX, 0x5
0x1ee00037 0f184e20 PREFETCHT0 [ESI+0x20]
0x1ee0003b 660f6f06 MOVDQA XMM0, [ESI]
0x1ee0003f 66 DB 0x66
Process: chrome.exe Pid: 856 Address: 0x3fb00000
Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
0x3fb00000 53 52 57 dd 44 24 10 8b 5c 24 10 8b 54 24 14 89 SRW.D$..\$..T$..
0x3fb00010 d7 81 e7 00 00 f0 7f 81 ff 00 00 e0 43 72 3c 81 ............Cr<.
0x3fb00020 ff 00 00 f0 7f 75 11 dd d8 68 00 00 f8 7f 6a 00 .....u...h....j.
0x3fb00030 dd 04 24 83 c4 08 eb 25 89 c7 d9 eb dc c0 d9 c1 ..$....%........
0x3fb00000 53 PUSH EBX
0x3fb00001 52 PUSH EDX
0x3fb00002 57 PUSH EDI
0x3fb00003 dd442410 FLD QWORD [ESP+0x10]
0x3fb00007 8b5c2410 MOV EBX, [ESP+0x10]
0x3fb0000b 8b542414 MOV EDX, [ESP+0x14]
0x3fb0000f 89d7 MOV EDI, EDX
0x3fb00011 81e70000f07f AND EDI, 0x7ff00000
0x3fb00017 81ff0000e043 CMP EDI, 0x43e00000
0x3fb0001d 723c JB 0x3fb0005b
0x3fb0001f 81ff0000f07f CMP EDI, 0x7ff00000
0x3fb00025 7511 JNZ 0x3fb00038
0x3fb00027 ddd8 FSTP ST0
0x3fb00029 680000f87f PUSH DWORD 0x7ff80000
0x3fb0002e 6a00 PUSH 0x0
0x3fb00030 dd0424 FLD QWORD [ESP]
0x3fb00033 83c408 ADD ESP, 0x8
0x3fb00036 eb25 JMP 0x3fb0005d
0x3fb00038 89c7 MOV EDI, EAX
0x3fb0003a d9eb FLDPI
0x3fb0003c dcc0 FADD ST0, ST0
0x3fb0003e d9c1 FLD ST1